security ip-intelligence policy
security ip-intelligence policy(1) BIG-IP TMSH Manual security ip-intelligence policy(1)
NAME
policy - Configures an ip-intelligence policy. It's comprised of three logical groups of settings: list of feed lists,
enforcement and logging settings per blacklist category, and default enforcement and logging settings for blacklist
categories.
MODULE
security ip-intelligence
SYNTAX
Configure the policy component within the security ip-intelligence module using the syntax in the following sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [name]
description [string]
blacklist-categories [add | default | delete | replace-all-with] {
[name] {
action [accept | drop | use-policy-setting]
app-service none
description none
log-blacklist-hit-only [no | yes | use-policy-setting]
log-blacklist-whitelist-hit [no | yes | use-policy-setting]
match-direction-override [match-destination | match-source | match-source-and-destination]
}
}
feed-lists [add | default | delete | replace-all-with] { [name] }
default-action [accept | drop]
default-log-blacklist-hit-only [ no | yes ]
default-log-blacklist-whitelist-hit [ no | yes ]
edit policy
options:
all-properties
non-default-properties
DISPLAY
list policy [ [ [name] | [glob] | [regex] ] ... ]
show running-config policy
show running-config policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
recursive
DESCRIPTION
You can use the policy component to configure a shareable and reusable enforcement and logging settings on Dynamic
White/Black lists of IPs coming from downloaded feeds. The policy can then be enforced on a number of configuration objects
of the following types: ltm virtual, security ip-intelligence global-policy, net route-domain.
EXAMPLES
create policy pol1 {
blacklist-categories add {
Spyware {
action use-policy-setting
app-service none
description none
log-blacklist-hit-only use-policy-setting
log-blacklist-whitelist-hit yes
}
}
feed-lists add { alist1 alist2 }
default-action drop
default-log-blacklist-hit-only yes
default-log-blacklist-whitelist-hit no
description none
feed-lists none
partition Common }
Creates a policy pol1 with feeds from alist1 and alist2 feed lists, specific enforcement and logging settings for Spyware
blacklist category and policy default settings for other categories.
modify policy pol1 { feed-lists delete { alist2 } }
Removes the feed-list alist2 from the policy pol1.
list policy
Displays the current list of ip-intelligence policies contents.
OPTIONS
app-service
Specifies the application service to which the object belongs. The default value is none. Note: If the strict-updates
option is enabled on the Application Service that owns the object, you cannot modify or delete the object. Only the
Application Service can modify or delete the object.
description
User defined description.
partition
Displays the administrative partition within which the component resides.
blacklist-categories
Adds, deletes, or replaces blacklist categories.
action
Specifies what enforcement action will be applied if the packet is categorized with this blacklist category. If
the packet is categorized with more than one blacklists the most restrictive action will be applied.
log-blacklist-hit-only
Specifies if a log message will be generated if the packet is categorized with this blacklist and the packet's IP
listed in no whitelists.
match-direction-override
Overrides the current IP match direction setting for a category. If this value has not been overridden, it will
be set to the value of the parent category's bl-match-direction at the time that the category was added to the
policy.
log-blacklist-whitelist-hit
Specifies if a log message will be generated if the packet is categorized with this blacklist and the packet's IP
is listed in a whitelist.
feed-lists
Adds, deletes, or replaces a feed list. Specifies a list of feed lists (see security ip-intelligence feed-list)
against which the packet will be compared.
default-action
Specifies a default enforcement action which will be performed on the matched packet unless an implicit action
specified for one of the blacklist categories the packet's IP is categorized with. If the packet's IP is listed in a
white list the action is always accept.
default-log-blacklist-hit-only
Specifies a default blacklist hit only logging action which will be performed on the matched packet unless an implicit
action specified for one of the blacklist categories the packet's IP is categorized with.
default-log-blacklist-whitelist-hit
Specifies a default blacklist and whitelist hit logging action which will be performed on the matched packet unless an
implicit action specified for one of the blacklist categories the packet's IP is categorized with.
SEE ALSO
create, edit, list, modify, security ip-intelligence feed-list, security log profile, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 security ip-intelligence policy(1)