Overview: IP Intelligence¶
IP Intelligence incorporates external, intelligent services to enhance automated application delivery with better IP intelligence and stronger, context-based security. By identifying IP addresses and security categories associated with malicious activity, the IP Intelligence service can incorporate dynamic lists of threatening IP addresses into the BIG-IP Next, adding context to policy decisions. IP Intelligence service reduces risk and increases data center efficiency by eliminating the effort to process bad traffic.
With WAF, you can use IP Intelligence blocking in a security policy to block requests from IP addresses that have questionable reputations. IP Intelligence is enabled by default. IP addresses from which attacks or spam have originated are included in an IP intelligence database, along with the category describing the problem.
You can configure a security policy to alarm (log) and/or block requests from IP addresses of questionable reputation,
and to perform different actions depending on the categories of problems.
For example, you can block requests from IP addresses associated with Windows exploits and log requests from scanners.
See Reference: IP Intelligence Categories for more info.
IP Intelligence management on BIG-IP Next Central Manager¶
Important: IP Intelligence requires external, third party, services to identify IP addresses and security categories associated with malicious activity. You must ensure that your BIG-IP Next Central Manager or instances have Licensing activated.