How can we disable IP Reputation lookups and logging in a NetWall firewall?
To stop a firewall from logging and performing IP Reputation lookups, the following steps are needed:
- Make sure that none of the IP Reputation features are enabled (for example, DoS Protection, Scanner Protection, Botnet Protection).
- Turn off the "Log IP Reputation" feature. The option be found in the WebUI under: System -> Advanced Settings -> State Settings -> Log IP Reputation
- Run the following command in the CLI: updatecenter -removedb=ipreputation
- Restart the firewall.
When all the above steps are complete, IP Reputation should be completely disabled. To confirm that it has been turned off, check in the WebUI under: Status -> IP Reputation Log
IP reputation seems to generate a large amount of logs, what is the main reason for this?
IP reputation generates a log entry whenever a connection is created, even if the source/destination IP address is already known. Cloud lookup is only performed when the IP address in question is not known or it needs to be refreshed. So even if the firewall is generating a large amount of logs, the majority of those logs would be the firewall performing IP reputation queries towards the locally cached database.
Is it possible to turn off the IP reputation logs and still get a log when something “bad” happens and an IP address gets blacklisted?
Yes, if we turn off the “Log IP reputation” setting mentioned in question 1 above but still have, for example, Botnet Protection enabled, the firewall would generate a log in the blacklisting subsystem if/when an IP address gets blacklisted by one of the IP reputation subsystems and at the same time we avoid the firewall generating an IP reputation log for every connection created.
23 Aug, 2022 core ipreputation
17 Nov, 2022 core license updates idp antivirus wcf ipreputation applicationcontrol
14 Dec, 2022 incontrol ida log
23 Aug, 2022 vmware log ha rarp arp core
27 Oct, 2022 oneconnect log
22 Jan, 2021 core ipreputation
8 Sep, 2020 core ipreputation blacklist threatprevention
15 Nov, 2022 tcp log core
27 Mar, 2023 core log webui memlog
7 Dec, 2022 pcapdump log cli core logsnoop
23 May, 2022 core log logreceiver
19 Apr, 2023 core hyperv serial console log
7 Nov, 2022 core arp log routing
17 Feb, 2021 incontrol log
15 Dec, 2021 core idp ipreputation log4j
5 Feb, 2021 incontrol log