cancel
Showing results for 
Search instead for 
Did you mean: 
fwmonitor
Level 7

How to create a map list with ipranges and get values based on "is in range" result?

Jump to solution

Hello all,

I have about 5000 ip ranges of local networks and need to get name of the range using a Client.IP property:

1.2.3.0/24 - Network1
1.6.0.0/16 - Network2
1.7.1.0.0/25 - Network3
1.7.1.0.128/25 - Network4

instead of defining 5000 "if" rules I'm trying to use a map list with key/value structure, which works well in case when a key matches, exactly or as a regex, the IP address:

1     10.20.30.1     ABCXX     
2     20.30.40.2     XYZ     

Set User-Defined.Network = Map.GetStringValue (IP Ranges MAP, IP.ToString (Client.IP))

Is it possible to get a range match in a map key and then return a value of the matched key? Here is a imaginable "pseudo" code:

  Set User-Defined.Network = Map.GetIPRangeMatch (IP Ranges MAP, IP.ToString (Client.IP))

best regards

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: How to create a map list with ipranges and get values based on "is in range" result?

Jump to solution

Because of the internal representation of IP ranges, you cannot do it directly with CIDR notation, but you can do it in an indirect way using 2 lists and start-end notation.

(I just happened to have done this using IP ranges to School Names)

Create an IP Range list of all the ranges you want to capture.

IPLookup: Client.IP Range

1192.168.0.0-192.168.0.255
2192.168.1.0-192.168.1.255
3192.168.2.0-192.168.2.255
4192.168.3.0-192.168.3.255
5192.168.4.0-192.168.4.255
6192.168.5.0-192.168.5.255
7192.168.6.0-192.168.7.255
8192.168.0.0-192.168.255.255
910.0.0.0-10.0.0.255
1010.0.0.0-10.0.255.255
1110.0.0.0-10.15.255.255
1210.0.0.0-10.255.255.255

Create a second MapType list with the Same entries, but using whatever value you want returned:

IPLookup: IPRange->School

1192.168.0.0-192.168.0.255School.001
2192.168.1.0-192.168.1.255School.001
3192.168.2.0-192.168.2.255School.002
4192.168.3.0-192.168.3.255School.002
5192.168.4.0-192.168.4.255School.003
6192.168.5.0-192.168.5.255School.003
7192.168.6.0-192.168.7.255School.003
8192.168.0.0-192.168.255.255School.004
910.0.0.0-10.0.0.255School.005
1010.0.0.0-10.0.255.255School.006
1110.0.0.0-10.15.255.255School.006
1210.0.0.0-10.255.255.255School.007
130.0.0.0-255.255.255.255DefaultSchool

Have a rule with Rule Criteria:

Client.IP is in range list IPLookup: Client.IP Range

Events:

Set User-Defined.IPLookup.School = Map.GetStringValue (IPLookup: IPRange->School, List.LastMatches)

How it works:
When the criteria matches, "Client.IP is in range list IPLookup: Client.IP Range", the property List.LastMatches is populated by the value of the list entry (192.168.2.0-192.168.2.255). Even if the list is originally in CIDR, it will expand it to start-end.

Then the event looks up the key to the MapType list and returns the value entry.

Capture.png

0 Kudos
2 Replies
eelsasser
Level 15

Re: How to create a map list with ipranges and get values based on "is in range" result?

Jump to solution

Because of the internal representation of IP ranges, you cannot do it directly with CIDR notation, but you can do it in an indirect way using 2 lists and start-end notation.

(I just happened to have done this using IP ranges to School Names)

Create an IP Range list of all the ranges you want to capture.

IPLookup: Client.IP Range

1192.168.0.0-192.168.0.255
2192.168.1.0-192.168.1.255
3192.168.2.0-192.168.2.255
4192.168.3.0-192.168.3.255
5192.168.4.0-192.168.4.255
6192.168.5.0-192.168.5.255
7192.168.6.0-192.168.7.255
8192.168.0.0-192.168.255.255
910.0.0.0-10.0.0.255
1010.0.0.0-10.0.255.255
1110.0.0.0-10.15.255.255
1210.0.0.0-10.255.255.255

Create a second MapType list with the Same entries, but using whatever value you want returned:

IPLookup: IPRange->School

1192.168.0.0-192.168.0.255School.001
2192.168.1.0-192.168.1.255School.001
3192.168.2.0-192.168.2.255School.002
4192.168.3.0-192.168.3.255School.002
5192.168.4.0-192.168.4.255School.003
6192.168.5.0-192.168.5.255School.003
7192.168.6.0-192.168.7.255School.003
8192.168.0.0-192.168.255.255School.004
910.0.0.0-10.0.0.255School.005
1010.0.0.0-10.0.255.255School.006
1110.0.0.0-10.15.255.255School.006
1210.0.0.0-10.255.255.255School.007
130.0.0.0-255.255.255.255DefaultSchool

Have a rule with Rule Criteria:

Client.IP is in range list IPLookup: Client.IP Range

Events:

Set User-Defined.IPLookup.School = Map.GetStringValue (IPLookup: IPRange->School, List.LastMatches)

How it works:
When the criteria matches, "Client.IP is in range list IPLookup: Client.IP Range", the property List.LastMatches is populated by the value of the list entry (192.168.2.0-192.168.2.255). Even if the list is originally in CIDR, it will expand it to start-end.

Then the event looks up the key to the MapType list and returns the value entry.

Capture.png

0 Kudos
fwmonitor
Level 7

Re: How to create a map list with ipranges and get values based on "is in range" result?

Jump to solution

Thank you Erik,

I like your creative use of "LastMatches" :-)

It works very well!

What is your (@all) experience with huge (thousands of entries) lists - does the GUI get slow too? How you solve/workaround it - by splitting in several lists, by aggregatting of entries or by using external lists?

best regars

0 Kudos