Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

IP Intelligence

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus

‎07-Oct-2020 04:00

Hi,

how to export IP Intelligence database from F5 ?

is it possible to view all ip under each category? if yes then how ?

 

since the update is refreshed every five minutes , does this will affect the size of WAF or may cause any performance issue?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Dario_Garrido
MVP
MVP
In response to THE_BLUE

‎09-Oct-2020 01:27

Hello Blue.

 

"so is it possible to check all ip under each category from portal?"

No, it's not possible. IP Reputation service is provided by an external company (brightcloud) and their bussiness lays on not disclousing this info.

 

"so there is no option to check the ip from GUI , i have to do all action from CLI, right?"

No, there is not. But you can check from internet at

https://www.brightcloud.com/tools/url-ip-lookup.php

 

"in regards to DB status, it mention how many ips has been added , but no details related to how many ip has been removed."

It's much common to include IP in the blacklist than remove them.

 

Please, don't forget to mark my answer as the best to help me for the contribution.

 

Regards,

Dario.

Regards,
Dario.

View solution in original post

4 REPLIES 4

Go to solution
Dario_Garrido
MVP
MVP

‎07-Oct-2020 09:56 - last edited on ‎04-Jun-2023 21:15 by Fog

Hello Blue.

The IPI DB is stored at /var/IpRep/F5IpRep.dat. I've never tried this before, but you can try to copy this file into a different device.

The DB is a hash table, where you can check the category of each IP using the next command.

iprep_lookup <X.X.X.X>

But there is no an inverse search to get all the IPs from each category.

The DB updates are composed by addresses that are included and removed. For this reason, you don't have to worry about the space.

Regards,

Dario.

Regards,
Dario.
0 Kudos

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus
In response to Dario_Garrido

‎07-Oct-2020 22:30

Hi Dario,

i want to export the DB let say in cvs format for example to check all ips, but i think it is not possible.

so is it possible to check all ip under each category from portal?

so there is no option to check the ip from GUI , i have to do all action from CLI, right?

 

in regards to DB status, it mention how many ips has been added , but no details related to how many ip has been removed.

 

 

thanks

0 Kudos

Go to solution
Dario_Garrido
MVP
MVP
In response to THE_BLUE

‎09-Oct-2020 01:27

Hello Blue.

 

"so is it possible to check all ip under each category from portal?"

No, it's not possible. IP Reputation service is provided by an external company (brightcloud) and their bussiness lays on not disclousing this info.

 

"so there is no option to check the ip from GUI , i have to do all action from CLI, right?"

No, there is not. But you can check from internet at

https://www.brightcloud.com/tools/url-ip-lookup.php

 

"in regards to DB status, it mention how many ips has been added , but no details related to how many ip has been removed."

It's much common to include IP in the blacklist than remove them.

 

Please, don't forget to mark my answer as the best to help me for the contribution.

 

Regards,

Dario.

Regards,
Dario.

Go to solution
THE_BLUE
Cirrostratus
Cirrostratus
In response to THE_BLUE

‎11-Oct-2020 09:28

Dear Dario,

Thank you very much. Appreciate your support.

0 Kudos
Copyright © 2023 Khoros, LLC