Applying policy based on the client's IP address (Cloud services)

Solution

Overview

With a Firewall/VPN connection into the Cloud need to define policy based on clients IP or subnet.

Cause
Resolution

Policy based on clients IP is only available through the use of the Firewall/VPN connection into the Cloud.

One way to define the policy in portal is to go under the Content Filtering --> Policy and then click on "Switch to Advanced Configuration" (if not already there)

When defining the policy under the "from where" section an IP address or subnet can be added and then selected.  This IP address will be the "real" IP address of the workstation or subnet.  When a VPN tunnel is created between the Firewall and the Cloud there is no NAT'ing of addresses inside the tunnel.  Once the Cloud decrypts IPsec payload it will remember the source IP address (clients "real" IP) and then take care of the NAT'ing.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4381
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat