kbazp (kbazp) asked a question.
Proxy IPs vs Gateway IPs in Network Zones
Does Okta treat Proxy IPs any different from Gateway IPs in Network Zones?
- TheoC.70694 (Customer)Hi Al,From what I’ve seen, Okta only cares about the public-facing IP address that’s detected when traffic from your internal network arrives at Okta. As an example, suppose you have multiple IP subnets all sharing the same proxy which has a single public-facing interface, then Okta would treat all machines on the different subnets as being on-network. In the same way, if your network clients do not use a proxy but are behind a router performing NAT, Okta would treat any traffic originating from behind that router (i.e. showing a source address of the router’s public IP) as being on-network.ThanksTheoExpand Post
- kbazp (kbazp)Hi Theo,If I have define Proxy IP's in an application signin poly, then Okta policy does not allow access to the application.Hoewver, if Gateway IP's are used, then Okta signon application policy does allow access to the application.So I don't see the need to define Network zone based on Proxy IP, if it's used with application Sign-on policy.May be there is some other use for a Network Zone with Proxy IP defined.Unfortunatly Proxy IP's are not well documented on okta.comThanks,AlexExpand Post
- kbazp (kbazp)Does Okta have any updates on this?Expand Post
This question is closed.
