Internal IP Reputation
Monitoring > Security > Internal IP Reputation
If Internal IP Reputation is enabled, this tab provides historical data about the reputation scores for IP addresses that have attempted TCP connections with an appliance. Internal IP Reputation is computed by ECOS. It is used in dynamic IP reputation management for the SYN Cookie and SYN Smart Cookie features for TCP connections.
-
To view Internal IP Reputation data for an appliance, select the appliance in the appliance tree.
-
The Internal IP Reputation chart shows the number of Trusted, Untrusted, or Unknown IP addresses that are present in the segment or zone where the Firewall Protection Profile is enabled. You can filter the data using 1hr, 4hr, 8hr, 1d, 2d, or 3d.
-
To find the Internal IP Reputation status for an IP address, under Search Internal IP Reputation Status, select the segment to search within, enter the IP address, and click Search.
-
To export the data from this tab to a CSV file, click Export.
The Recent 50 IP Addresses table provides the following information about the 50 most recent IP addresses in the segment or zone where the Firewall Protection Profile is applied with Enforce Strict 3-way TCP enabled. You can filter the data by selecting All, Trusted, or Untrusted.
| Column | Description |
|---|---|
| IP Address | Numerical label for the IP address. |
| Segment | Firewall segment in which the IP address attempted a TCP connection with the appliance. |
| Zone | Firewall zone in which the IP address attempted a TCP connection with the appliance. |
| Status | Internal IP Reputation score for the address (Trusted or Untrusted). |