How to disable IP Reputation in cOS Core

Last modified on 21 Mar, 2023. Revision 15
This article is a Q&A regarding how to disable IP reputation on a NetWall firewall and how to limit the amount of logs it generates if not all functions/features are turned off.
Up to date for
cOS Core 14.00.09
Supported since
cOS Core 12.00.xx
Status OK
Peter Nilsson

Question 1

How can we disable IP Reputation lookups and logging in a NetWall firewall?


To stop a firewall from logging and performing IP Reputation lookups, the following steps are needed:

  1. Make sure that none of the IP Reputation features are enabled (for example, DoS Protection, Scanner Protection, Botnet Protection).
  2. Turn off the "Log IP Reputation" feature. The option be found in the WebUI under: System -> Advanced Settings -> State Settings -> Log IP Reputation
  3. Run the following command in the CLI: updatecenter -removedb=ipreputation
  4. Restart the firewall.

When all the above steps are complete, IP Reputation should be completely disabled. To confirm that it has been turned off, check in the WebUI under: Status -> IP Reputation Log

Question 2

IP reputation seems to generate a large amount of logs, what is the main reason for this?


IP reputation generates a log entry whenever a connection is created, even if the source/destination IP address is already known. Cloud lookup is only performed when the IP address in question is not known or it needs to be refreshed. So even if the firewall is generating a large amount of logs, the majority of those logs would be the firewall performing IP reputation queries towards the locally cached database.

Question 3

Is it possible to turn off the IP reputation logs and still get a log when something “bad” happens and an IP address gets blacklisted?


Yes, if we turn off the “Log IP reputation” setting mentioned in question 1 above but still have, for example, Botnet Protection enabled, the firewall would generate a log in the blacklisting subsystem if/when an IP address gets blacklisted by one of the IP reputation subsystems and at the same time we avoid the firewall generating an IP reputation log for every connection created.

Related articles

CSPN (Clavister Service Provisioning Network) details for license & database updates
17 Nov, 2022 core license updates idp antivirus wcf ipreputation applicationcontrol
A trusted webpage blocked by IP reputation
7 Sep, 2023 core ipreputation
The TCP Window Scale Log Event
15 Nov, 2022 tcp log core
Automatically stop active PCAPdump or Logsnoop in the CLI
7 Dec, 2022 pcapdump log cli core logsnoop
Why some log category ID's are missing
23 May, 2022 core log logreceiver
The meaning of the Default_Access_Rule log entry
7 Nov, 2022 core arp log routing
Protecting against the Apache Log4j exploit
15 Dec, 2021 core idp ipreputation log4j