About Network Zones
Network Zones define security perimeters around which admins can restrict or limit access based on the following parameters:
- A single IP address
- One or more IP address ranges
- CIDR notations (Classless Inter-Domain Routing)
- A list of geolocations
- IP Type
- ASN (Autonomous System Numbers)
Network Zones consist of About IP Zones and About Dynamic Zones
Network Zones may be incorporated into:
- Policies
- Application sign-on rules
- VPN Notifications
- Integrated Windows Authentication (IWA)

Note
Policies and rules are updated automatically when a Network Zone definition is modified.
Both IP Zones and Dynamic Zones have the following limitations:
- Up to 100 zones configured per org
- Up to 150 Gateway IPs and 150 Proxy IPs (except for IP block list zones)
- IP block list zones may contain up to 1000 gateways per zone and up to a total of 25,000 per org

Note
Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated as part of this initiative. In this topic, blacklist is now referred to as block list.
Related topics
Create and configure a Network Zone