Edit or delete a network zone

On the Networks page, you can edit, deactivate, or delete a network zone, or block client IP addresses from accessing it.

Edit a network zone

If you've already defined Public Gateway IP Addresses, the information is migrated to a network zone named LegacyIpZone. You can't delete this zone, but you can edit it.

For existing rules, LegacyIpZone retains the previous settings. This network zone is active and is used in new assignments.

  1. In the Admin Console, go to SecurityNetworks.

  2. Select a network zone and click Edit.
  3. Configure any of the fields.
  4. Click Save.

When you edit a network zone, wait approximately 60 seconds for the change to propagate across all servers and take effect.

Block client IPs from accessing a network zone

A blocked network zone prevents client IPs from accessing any URL for the org and requests are automatically blocked before any type of policy evaluation. You can restrict access from IP zones that contain a list of IP addresses or from dynamic zones that contain a list of locations, ASNs, or IP types.

  1. In the Admin Console, go to SecurityNetworks.

  2. In the list of existing network zones, click the pencil icon beside the network zone you wish to modify.
  3. To block the network zone, select Block access from IPs matching conditions listed in this zone.
  4. Click Save.

If you've enabled the IP exempt zone feature and added IP addresses to it, traffic from those IPs may still be allowed even if you blocklist an IP. See IP exempt zone.

Delete a network zone

Deleting a network zone removes it from all policy rules. You can't delete a network zone if it's the only zone used by a policy rule. Change the rule so that it uses a different network zone, and then proceed with the deletion.

If the network zone that you want to delete is active and is used by other rules, including rules in Classic Engine for customers who upgraded to Identity Engine, make the network zone inactive before you attempt to delete it.

  1. In the Admin Console, go to SecurityNetworks.

  2. In the list of existing zones, click the x next to the zone that you want to delete.
  3. In the Delete Zone dialog, click OK.

Deactivate a network zone

When a network zone is deactivated, global session policy and app sign-in policy rules that use the deactivated network zone are affected.

  1. In the Admin Console, go to SecurityNetworks.

  2. In the list of network zone, click Active beside the network zone you want to deactivate and select Inactive.

Related topics

IP zones

Dynamic zones

Enhanced dynamic zones