Previous Topic: How to Configure Global PoliciesNext Topic: Add and Remove Global Policy Time Restrictions

Policy Server GuidesPolicy Server Configuration GuideGlobal Policies, Rules, and ResponsesAllowable IP Addresses for Global Policies

Allowable IP Addresses for Global Policies

You can configure global policies to fire when users who access the protected resources from any of the following items:

For example, specifying a range of IP addresses allows only those users who log in in from those IP addresses access to the protected resources.

Specify a Single IP Address for a Global Policy

Specifying a single IP address fires the global policy only for users who access resources from the specified IP address.

Follow these steps:

  1. Open the policy.
  2. Click Add in the IP Address group box.
  3. Select the Single Host option button.

    Settings specific to a single host appear.

  4. Enter the IP Address, and click OK.

    The IP address appears in the IP Address group box.

    Note: If you do not know the IP address, click DNS Lookup and enter a fully qualified host name to look up the IP address.

  5. Click Submit.

    The policy is saved.

Add a Host Name for a Global Policy

You specify a host name to ensure the global policy only fires for users who access the protected resources from the specified host.

Follow these steps:

  1. Open the policy.
  2. Click Add in the IP Address group box.
  3. Select the Host Name option button.

    Settings specific to a host name appear.

  4. Enter the host name, and Click OK.

    The host name appears in the IP Address group box.

  5. Click Submit.

    The policy is saved.

Add a Subnet Mask for a Global Policy

You specify a subnet mask to ensure the global policy only fires for users who access the protected resources from the specified subnet mask.

Follow these steps:

  1. Open the policy.
  2. Click Add in the IP Address group box.

    Settings for IP Addresses appear.

  3. Select the Subnet Mask option button.

    Settings specific to the subnet mask appear.

  4. Enter an IP address in the IP Address field.

    Note: If you do not know the IP address, click DNS Lookup and enter a fully qualified host name to look up the IP address.

  5. Enter a subnet mask in the Subnet Mask field.
  6. Click OK.

    The subnet mask appears in the IP Address group box.

  7. Click Submit.

    The policy is saved.

Add a Range of IP Addresses for a Global Policy

Specifying a range of IP addresses fires the policy only for users who access the protected resources from the IP addresses in the range.

Follow these steps:

  1. Open the policy
  2. Click Add in the IP Address group box.

    Settings IP Addresses appear.

  3. Select the Range option button.

    Settings specific to a range of IP addresses appear.

  4. Enter a starting IP Address in the From field.

    Note: If you do not know the IP address, click DNS Lookup and enter a fully qualified host name to look up the IP address.

  5. Enter an ending IP address in the To field.
  6. Click OK.

    The range of IP addresses appears in the IP Address group box.

  7. Click Submit.

    The policy is saved.