https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558123#M1125329 <P>The current SI feed appears to indeed have zero bogon addresses listed. I confirmed it on two separate FMCs.</P> <P>You can verify the raw files under&nbsp;/var/sf/iprep_download in your FMC. That folder contains files for the various IP reputation feeds from TALOS. They all are named by UUIDs but you can check the mapping to human-readable name by looking at&nbsp;rep_dd.yaml. There you will see the various categories listed with their associated attributes. For example:</P> <LI-CODE lang="markup"> bogon: ID: 10 UUID: 5f8148f1-e5e4-427a-aa3b-ee1c2745c350 expiration: never long: IP Addresses that are known to not be allocated but are sending traffic short: Bogon Address</LI-CODE> <P>If we look at that file, we see just the header (with no addresses listed):</P> <LI-CODE lang="markup">/var/sf/iprep_download$ cat 5f8148f1-e5e4-427a-aa3b-ee1c2745c350 #Cisco intelligence feed: Bogon </LI-CODE> <P>...matching the zero address shown in the FMC GUI.</P> Thu, 11 Jun 2026 17:23:37 GMT Marvin Rhoads 2026-06-11T17:23:37Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5557973#M1125319 <P>Does anyone know if it's normal for the Cisco Talos Feed to have 0 objects in the BOGON list?&nbsp; I found when mousing over the "Bogon" in the block list it shows 0 objects.&nbsp; In FMC, this is under Access Policy &gt; Security Intelligence &gt; Block List.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="a.png" style="width: 380px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/283180i6D9FDEE3994FFC63/image-size/large?v=v2&amp;px=999" role="button" title="a.png" alt="a.png" /></span></P><P>Security Intelligence feeds are downloading fine.&nbsp; I do have IPS licensing.</P> Wed, 10 Jun 2026 21:18:00 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5557973#M1125319 davidb84 2026-06-10T21:18:00Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5557997#M1125323 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1728161">@davidb84</a>&nbsp;hi, bogon is IP ranges which are not assigned to use in public ip space. not sure why talos showing 0 objects in it. but blocking this will help to avoid some attacker using illegitimate IP addresses to attack.&nbsp;</P> Thu, 11 Jun 2026 03:20:41 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5557997#M1125323 Kasun Bandara 2026-06-11T03:20:41Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558068#M1125326 <P>Would anyone have the ability to check their BOGON object and verify if it shows 0 objects as pictured above?&nbsp;&nbsp;</P> Thu, 11 Jun 2026 12:10:08 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558068#M1125326 davidb84 2026-06-11T12:10:08Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558093#M1125328 <P>My cdFMC is also reporting 0 objects</P> Thu, 11 Jun 2026 14:00:03 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558093#M1125328 AigarsK 2026-06-11T14:00:03Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558123#M1125329 <P>The current SI feed appears to indeed have zero bogon addresses listed. I confirmed it on two separate FMCs.</P> <P>You can verify the raw files under&nbsp;/var/sf/iprep_download in your FMC. That folder contains files for the various IP reputation feeds from TALOS. They all are named by UUIDs but you can check the mapping to human-readable name by looking at&nbsp;rep_dd.yaml. There you will see the various categories listed with their associated attributes. For example:</P> <LI-CODE lang="markup"> bogon: ID: 10 UUID: 5f8148f1-e5e4-427a-aa3b-ee1c2745c350 expiration: never long: IP Addresses that are known to not be allocated but are sending traffic short: Bogon Address</LI-CODE> <P>If we look at that file, we see just the header (with no addresses listed):</P> <LI-CODE lang="markup">/var/sf/iprep_download$ cat 5f8148f1-e5e4-427a-aa3b-ee1c2745c350 #Cisco intelligence feed: Bogon </LI-CODE> <P>...matching the zero address shown in the FMC GUI.</P> Thu, 11 Jun 2026 17:23:37 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558123#M1125329 Marvin Rhoads 2026-06-11T17:23:37Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558124#M1125330 <P>So what's the correct way to block BOGONs if this feed is empty? Manually maintain a list?</P> Thu, 11 Jun 2026 17:36:48 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558124#M1125330 davidb84 2026-06-11T17:36:48Z https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558126#M1125331 <P>I haven't read Cisco's rationale for having no addresses in the bogon category.</P> <P>Normally I would expect the upstream ISP to block bogons in their router(s) eBGP configuration and thus you would never see them at your edge firewall. I suppose if you wanted, you could use a custom IP list and use that to block them as well.</P> Thu, 11 Jun 2026 17:42:18 GMT https://community.cisco.com/t5/network-security/security-intelligence-block-list-bogon/m-p/5558126#M1125331 Marvin Rhoads 2026-06-11T17:42:18Z