IP Intelligence with IP Reputation third party database¶

IP Intelligence (IPI) policy can be configured in Global context and or applied at per virtual server context as well. IPI policy contains a list of categories and actions that can be customized, with the help of IPRep database.

The f5-downloader pod is responsible for retrieving the IP Reputation database from a public website. The IP Reputation database is a list of IP addresses categorized based on their behavior, such as malicious, suspicious, or safe. This is used for applying security policies. The f5-downloader pod must have public Internet access to connect to the external website and download the latest database files and updates.

Once the database files are downloaded, the f5-downloader pod automatically pushes these updates to the Traffic Management Microkernel (TMM) pods, which are responsible for enforcing policies on the network traffic.

Requirements¶

Ensure you have:

BIG-IP Controller installed.
A Linux-based workstation.

Configuration Parameters¶

Following are the parameters used for configuring this Use case:

Parameter	Description
type	`ipi`
pollinterval	String format as minutes, hours or days. For example, 5m or 1h or 1d. Minimum value allowed is 1m.
mode	Must be online

Use Case Configuration¶

Apply the F5BigCneDownloader CR. Following is a sample Downloader Policy CR configuration to enable IP Reputation download.
```
apiVersion: "k8s.f5net.com/v1"
kind: F5BigCneDownloader
metadata:
  name: "downloader1"
spec:
  components:
    - type : "ipi"
    pollInterval: 5m
    mode: "online"
```
For more information, see Configuration Parameters section and F5BigDownloaderPolicy page.

Apply the f5BigIpiFeedlist CR.

oc apply downloader.yaml -n <namespace>

Read the IPs, subnets and threats from IP Reputation Database using iprep_dump tool and use this information to create an IPI Policy.

For more information on iprep_dump tool, see Debug Sidecar page.
Create and apply F5BigIpiPolicy CR. Add the threat categories read from the IP Reputation Database with the action, log, and other details.
(Optional) Enable Logging. For more information on how to enable logging, see IP Intelligence Logging page.

Statistics¶

For IP Intelligence stats, see IP Intelligence Stats.

Feedback

To provide feedback and help improve this document, please email us at cnfdocs@f5.com.