Network zones FAQs
The network zones FAQs is a resource that provides useful information and common questions about network zones.
A single Gateway IP address is counted as one item, but can contain multiple IPs.
One CIDR notation IP range is considered as one item.
You can define locations for dynamic zones using either country codes or a country and region code. If a country is included without a region, the entire country is considered part of the zone. If you want to include all of the countries in Europe or in Asia/Pacific, select all of those countries individually.
Continents aren't used as region definitions. The Europe (EU) and Asia/Pacific (AP) codes are only used if you haven't selected a specific country code. If you choose Europe or Asia/Pacific and don't specify individual countries, only requests from countries that don't have a designated country code are returned as a match by the geolocation provider. Used alone, Europe and Asia/Pacific are treated as generic codes for undesignated regions rather than inclusive of the countries they contain.
Okta blocks the end user's IP if the:
- End-user IP is included inside the XFF header sent to Okta.
- Customer proxy isn't configured as a trusted proxy. See About Okta ThreatInsight.