Public IP Address¶
The Public IP Address trust requirement allows you to apply conditions to the public, internet-facing IP address of an enrolled Enclave system.
This requirement can be useful for:
- Requiring that certain connections can only happen if a device is in your office.
- Preventing connectivity from outside the country, to help meet regulatory requirements.
Under IP Ranges, you can specify multiple IP Range rules, using:
- A single IP Address
- A range of IP Addresses
- A subnet in CIDR Notation
Each range entry can be set to "Allow", meaning the connected system must be in the specified range to meet the requirement, or "Deny", meaning the connected system must not be in the specified range to meet the requirement.
Multiple "Allow" items mean that matching any of the ranges indicate the system is allowed, and multiple "Deny" items mean that matching any of the ranges indicate the system is denied.
You can have overlapping Allow and Deny rules, in which case the most specific range wins. That is, if you specify:
- Allow -
- Deny -
- Allow -
Then a connection from
22.214.171.124 would meet the requirement, and
126.96.36.199 would not meet the requirement.
You can also specify required or blocked geographic locations for connected systems.
Indicating that you wish to allow all connections from
United Kingdom implicitly denies connections from any other countries. Conversely, indicating that you want to deny all connections from
Norway would allow connections from any other country, except
We use the ipdata.co service to determine the location of a given IP address; if that service is unavailable, your systems will be unable to meet this requirement until the service becomes available again.
Contact us if you believe that we are detecting the incorrect location for a connected system.