2 Replies Latest reply on Jun 17, 2016 8:06 AM by fwmonitor

    How to create a map list with ipranges and get values based on "is in range" result?

    fwmonitor

      Hello all,

       

      I have about 5000 ip ranges of local networks and need to get name of the range using a Client.IP property:

      1.2.3.0/24 - Network1
      1.6.0.0/16 - Network2
      1.7.1.0.0/25 - Network3
      1.7.1.0.128/25 - Network4
      

       

      instead of defining 5000 "if" rules I'm trying to use a map list with key/value structure, which works well in case when a key matches, exactly or as a regex, the IP address:

      1     10.20.30.1     ABCXX     
      2     20.30.40.2     XYZ     
      

      Set User-Defined.Network = Map.GetStringValue (IP Ranges MAP, IP.ToString (Client.IP))

       

      Is it possible to get a range match in a map key and then return a value of the matched key? Here is a imaginable "pseudo" code:

        Set User-Defined.Network = Map.GetIPRangeMatch (IP Ranges MAP, IP.ToString (Client.IP))

       

      best regards

        • 1. Re: How to create a map list with ipranges and get values based on "is in range" result?

          Because of the internal representation of IP ranges, you cannot do it directly with CIDR notation, but you can do it in an indirect way using 2 lists and start-end notation.

          (I just happened to have done this using IP ranges to School Names)

           

          Create an IP Range list of all the ranges you want to capture.

           

          IPLookup: Client.IP Range

           

          1192.168.0.0-192.168.0.255
          2192.168.1.0-192.168.1.255
          3192.168.2.0-192.168.2.255
          4192.168.3.0-192.168.3.255
          5192.168.4.0-192.168.4.255
          6192.168.5.0-192.168.5.255
          7192.168.6.0-192.168.7.255
          8192.168.0.0-192.168.255.255
          910.0.0.0-10.0.0.255
          1010.0.0.0-10.0.255.255
          1110.0.0.0-10.15.255.255
          1210.0.0.0-10.255.255.255

           

           

          Create a second MapType list with the Same entries, but using whatever value you want returned:

           

          IPLookup: IPRange->School

           

          1192.168.0.0-192.168.0.255School.001
          2192.168.1.0-192.168.1.255School.001
          3192.168.2.0-192.168.2.255School.002
          4192.168.3.0-192.168.3.255School.002
          5192.168.4.0-192.168.4.255School.003
          6192.168.5.0-192.168.5.255School.003
          7192.168.6.0-192.168.7.255School.003
          8192.168.0.0-192.168.255.255School.004
          910.0.0.0-10.0.0.255School.005
          1010.0.0.0-10.0.255.255School.006
          1110.0.0.0-10.15.255.255School.006
          1210.0.0.0-10.255.255.255School.007
          130.0.0.0-255.255.255.255DefaultSchool

           

          Have a rule with Rule Criteria:

          Client.IP is in range list IPLookup: Client.IP Range

           

          Events:

          Set User-Defined.IPLookup.School = Map.GetStringValue (IPLookup: IPRange->School, List.LastMatches)

           

           

          How it works:
          When the criteria matches, "Client.IP is in range list IPLookup: Client.IP Range", the property List.LastMatches is populated by the value of the list entry (192.168.2.0-192.168.2.255). Even if the list is originally in CIDR, it will expand it to start-end.

           

          Then the event looks up the key to the MapType list and returns the value entry.

          Capture.png

           

           

           

          • 2. Re: How to create a map list with ipranges and get values based on "is in range" result?
            fwmonitor

            Thank you Erik,

             

            I like your creative use of "LastMatches" :-)

             

            It works very well!

             

            What is your (@all) experience with huge (thousands of entries) lists - does the GUI get slow too? How you solve/workaround it - by splitting in several lists, by aggregatting of entries or by using external lists?

             

            best regars