What is IP address classification feature with Aruba OS 6.5 ?
- IP classification service helps in identifying the malicious IP addresses and the origin.
- This feature once enabled will cause all L3 traffic to be classified. All the sessions shall be classified with reputation (either malicious or clean) and geolocation (as originating from a specific location, which can be either country or more specific city) information.
- When a new session is received, the source and destination IP addresses are fetched and table lookup is done for both the IP addresses to get the reputation/location information of these IP addresses.
- Aruba Networks is partnering with Brightcloud to get the IP reputation and geolocation database. These databases are updated frequently through periodic sync from the servers through SSL (aruba.brightcloud.com)
- The IP reputation database contains all the current known IP addresses associated with various malicious activities.
- The geolocation IP database will be used to determine the geographical location of the IP address from where the traffic is received or to which the traffic is sent.
Enabling IP classification enables both ip reputation and geolocation service . It’s a controller specific configuration
(config) #firewall ip-classification
Advanced Services > Stateful Firewall > Global Settings > Enable IP classification
Note: This requires Web-CC subscription license