Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

IP Intelligence

Hello,

We've deployed IP Intelligence in our organization and some questions arise:

Due to the nature of the dynamic IPs, the update of the database should also include the removal of those IPs no longer considered as bad reputation, right? The update details shows the "number of IP Addresses received in the last update" but it does not mention nothing about IPs removed.

Does IP Intelligence take place before any other protection? I mean, if a suspicious IP arrives, it is blocked by the IPI and not analysed by the DoS or web scrapping policies, correct?

Thanks.

0
Rate this Question
Comments on this Question
Comment made 25-Aug-2016 by RobertS 166

Good question, I'm curious about it as well. I'm pretty sure it will drop any traffic from suspicious addresses right away.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Comments on this Answer
Comment made 26-Aug-2016 by Antonio Macia R 65

Hello Stanislas,

Very interesting diagram, thanks. Based on it, only L2/3/4 DoS inspection takes place before IP Intelligence, and after ASM processing, that´s it L7 DoS.

Let´s see if someone can provide info about the removal of valid IP addresses. I want to make sure we are not blocking IPs that had bad reputation but no longer have.

Regards,

0
Comment made 27-Aug-2016 by boneyard 5579

contact your local F5 sales team, they are most likely able to provide a definite answer. do report back here please.

0