Proxy IPs vs Gateway IPs in Network Zones Skip to main content
https://support.okta.com/help/answers?id=9062a000000xaepqa0&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Av ShchAv Shch 

Proxy IPs vs Gateway IPs in Network Zones

Does Okta treat Proxy IPs any different from Gateway IPs in Network Zones?
Theo ChimbgaTheo Chimbga
Hi Al,
From what I’ve seen, Okta only cares about the public-facing IP address that’s detected when traffic from your internal network arrives at Okta. As an example, suppose you have multiple IP subnets all sharing the same proxy which has a single public-facing interface, then Okta would treat all machines on the different subnets as being on-network. In the same way, if your network clients do not use a proxy but are behind a router performing NAT, Okta would treat any traffic originating from behind that router (i.e. showing a source address of the router’s public IP) as being on-network.
Thanks
Theo
 
Av ShchAv Shch
Hi Theo,
If I have define Proxy IP's in an application signin poly, then Okta policy does not allow access to the application.
Hoewver, if Gateway IP's are used, then Okta signon application policy does allow access to the application.
So I don't see the need to define Network zone based on Proxy IP, if it's used with application Sign-on policy.
May be there is some other use for a Network Zone with Proxy IP defined.
Unfortunatly Proxy IP's are not well documented on okta.com
Thanks,
Alex