This section explains IP Reputation service offered as part of Live Security Threat Intelligence. With globally distributed NSX Advanced Load Balancer Controller clusters and with an ever changing landscape of insecure IP addresses, it is extremely channeling to maintain a real-time, up-to-date, consistent security posture and be protected from bad IPs. IP Reputation service solves this by providing a real-time feed of updated IP scores to globally distributed NSX Advanced Load Balancer deployments.

Feature Highlights

  • Protection from bad IPs such as Botnets, Phishing, Spam, and many more.

  • Real-time automatic IP Reputation updates.

  • Used as a source for bot detection and classification.

Data Collection and Retention Policy

Data Collection: No data is collected by and for this service. IP Reputation is pushed only to NSX Advanced Load Balancer Controllers where this service is opted-in (enabled).

Data Retention: Does not apply to this service.

Note:
  • This service does not store or exchange any customer data

  • This service has no access to customer infrastructure, inclusing NSX, vCenter, and others

  • This service does not read or write any configurations on the registered NSX Advanced Load Balancer Controllers.

How to enable this service

This is an 'opt-in' service and is disabled by default. You need to opt-in to enable this service.

To opt-in to this service and enable IP Reputation updates:

  1. Navigate to Administration > Settings > Cloud Services.

  2. Click EDIT.

  3. Under Live Security Threat Intelligence select IP Reputation

  4. Click SAVE.

Note:

You can opt-out of this service at any time and the IP Reputation updates will stop.

Service Details

VMware utilizes WebRoot as its IP Reputation database source. IP reputation data is cached every five minutes on NSX Advanced Load Balancer Cloud Services portal. Registered NSX Advanced Load Balancer Controllers where this service is enabled, pull IP Reputation data from NSX Advanced Load Balancer Cloud Services portal. NSX Advanced Load Balancer Controllers then immediately update connected NSX Advanced Load Balancer Service Engines as part of its configuration update process.

Note:

Frequency of IP Reputation updates: WebRoot publishes a new IP Reputation database every day. In addition to that, there are minor periodic updates (incremental) to the database published every few minutes.

The database consists of the following two types of files:

  • The full database file (base file) — It contains both individual IP addresses and subnets. The size of this file is usually in MB.

  • The incremental file — This database has a slightly different format and lesser entries than the full database file. It is available in the form of multiple files throughout the day (in 24 hours). It may contain additions to the base file and/ or updates and removals of the existing entries. The incremental database files contain the individual IP addresses (/32 IP addresses).

Note:

NSX Advanced Load Balancer Controllers support other IP Reputation database service providers in addition to WebRoot.

For more details on IP Reputation, refer to IP Reputation guide.

IP Reputation Sync Interval

The IP Reputation sync interval is the frequency at which the NSX Advanced Load BalancerControllers poll for IP Reputation database updates. The sync interval can be modified using NSX Advanced Load Balancer Controller CLI as follows.

[admin:controller]: > configure albservicesconfig
[admin:controller]: albservicesconfig> ip_reputation_config
[admin:controller]: albservicesconfig:ip_reputation_config> ip_reputation_sync_interval 5
[admin:controller]: albservicesconfig:ip_reputation_config> save
[admin:controller]: albservicesconfig> save

The default value for the sync interval is 60 minutes. The value of sync interval can be between 2-60 minutes.

Events of Interest

The following events are generated on the NSX Advanced Load Balancer Controller when IP Reputation service is enabled:

  • IP_REPUTATION_DB_SYNC_SUCCESS: IP Reputation update succeeded

  • IP_REPUTATION_DB_SYNC_FAILURE: IP Reputation update failed

Impact of Unavailability

During the period that this service is down, new IP Reputation updates will not be pushed to enabled NSX Advanced Load Balancer Controllers. Load Balanced applications will continue to utilize cached IP Reputation available on NSX Advanced Load Balancer Controllers to protect against bad IPs.