F5 needs to establish a public API endpoint capable of returning JSON-formatted responses for the IP ranges, rather than the current provision of a text file containing the F5 ADN IP list. This allows customers to programmatically retrieve the IP addresses if F5 ever modifies their IP address ranges.
Other vendors offer similar API endpoints here's a reference to such API endpoints:
Cloudflare: https://api.cloudflare.com/client/v4/ips
Fastly: https://api.fastly.com/public-ip-list
CloudFront: https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips
GCP: https://cloud.google.com/cdn/docs/set-up-external-backend-internet-neg#allow-ip
Imperva: https://docs.imperva.com/bundle/z-kb-articles-km/page/c85245b7.html
Formated at least (CSV for example), whatever the format in order to configure in egress FW (Palo Alto for example) a feed list to populate the ip address group object
Attachments Open full size
Also the IP ranges needs to be COMPLETE & should really be driven by the platform.
I've seen traffic sourced from XC (for example traffic from the CDN; 159.60.191.1, 159.60.191.3, 159.60.191.5) that isn't documented in the existing list:
https://docs.cloud.f5.com/docs/reference/network-cloud-ref
https://docs.cloud.f5.com/docs/2c4fcdcc73cea36c71c4df821997399d/ips-domains.txt
These have 159.60.190.0/24 but nothing that overlaps with 159.60.191.0
Attachments Open full size