FastNetMon Advanced offers complete production ready integration with cloud DDoS scrubbing service provided by F5 XC and F5 Silverline (legacy).

How it works? When FastNetMon detects attack against IP address it determines /24 prefix for IP which is under attack and then announces it to Scrubbing Centre. When attack stops or ban time expires FastNetMon removes announce from Scrubbing Centre using their API.

First of all, please download integration logic file, verify sha1 checksum for it (fd050fc6ae2aa7c2e2c9d4e7ac3df16191bf54aa) and then put it to: /usr/local/bin/scrubbing_services_integration and set executable bit:

sudo chmod +x /usr/local/bin/scrubbing_services_integration

To use FastNetMon with F5 XC you will need to request certificate from F5 management portal and then put following configuration to file /etc/fastnetmon_scrubbing_services_integration.json:

    "provider_name": "f5_xc",
    "f5_tenant_url": "",
    "f5_p12_certificate_path": "/opt/f5xc/ddos.p12",
    "f5_p12_certificate_password": "servicePassword"

To use FastNetMon with F5 Silverline (legacy) you will need to use email and password:

    "provider_name": "f5",
    "f5_email": "",
    "f5_password": "cloud_security",

Finally, configure it on FastNetMon side to call it when FastNetMon blocks / unblocks IP:

sudo fcli set main notify_script_enabled enable
sudo fcli set main notify_script_format json
sudo fcli set main notify_script_path /usr/local/bin/scrubbing_services_integration
sudo fcli commit

After that we recommend manually blocking some IP address from test prefix and checking that it works as expected.

You can do it this way:

sudo fcli set blackhole

And then to unblock list all blocked hosts with their UUIDs:

sudo fcli show blackhole

And unblock it:

sudo fcli delete blackhole <uuid>

Integration logic has very detailed logging and you can find it here: /var/log/fastnetmon/fastnetmon_scrubbing_services_integration.log

24/7 Tech Support

Email Us