I'd be very interested how others deal with blocking lists of known bad guys, transparent proxies etc. I know there are IP lists that can be obtained from various places, one that I recently saw has over 500k entries..
That's obviously not suitable for an edge ACL or null routing.
How do others deal with blocking very large lists of IPs, or do you just not do this?
I'd be particularly interested in solutions involving F5 BigIPs, FWSM or ASA.
I used IPS devices inline to block all addresses from China. IPS units are already examining every packet. I didn't want the routers to do it because they were already running full BGP routing tables. That would have been too much overhead for the PIX515e's in place at this particular location.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...