Policies
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Policies

      Allow or Deny IP Addresses in Policies

      Background

      Safous ZTA platform enhances policy enforcement by allowing Administrators to configure source IP ranges and categorize them as “denied” or “allowed” conditions for access to resources. This enables enterprises to set different policies for on and offsite connectivity.

      Prerequisites

      1. This feature is only applicable for IPv4 only.

      2. This feature does not work for Native RDP, Native SSH, Networks, Links, and SaaS types of applications.

      3. To enable IP source lists, the policy itself must be enabled and the IP source selected/connected to the policy.

      Creating IP Source

      To create policies that allow or deny IP source addresses, first configure the IP lists and then apply them to policies as described below.

      Step 1: In the Admin console, navigate to Settings > ZTNA > Policies > IP source page, as shown in the screenshot below. Click on the new IP Source button in the top-right corner as shown below:

      Step 2: When clicking on New IP source button, the screen below appears. Select a name for IP list, one that is easy to locate and understand (e.g., ‘Disallowed IPs’). Enter the IP address in the box provided. Separate each IP address by pressing “enter,” or adding a space, or a “.” (e.g., 1.1.1.1/32, 3.3.3.3/31, 172.31.0.0/16), as shown in the screenshot below.

      If you enter an invalid IP address, the box will have a red border and an error notification will appear instructing the Admin to enter a correct IP address.

      Step 3: When you have completed entering the list of IP addresses, click the orange Save button to save the list. 

      Connecting IP Source Lists to Policies

      In order for the IP source lists to work, Administrators must enable the feature in the policy and select the IP source list created above. To do so, follow these steps:

      Step 1: In the Admin Portal, navigate to the Policy page (Settings > ZTNA > Policies) and select the policy to which the IP source must be applied, either creating a new policy or editing an existing one.

      Step 2: In the Policy screen, in the Access Policies section, navigate to the source IP address field, as shown in the screenshot below. It is here that you enable the IP source feature, connecting the IP source that allows or denies that list.

      User Experience

      When users attempt to access applications that violate the IP source policy, they will receive an “Access Denied” screen with an instruction to contact their Administrator.