Network zones FAQs
The network zones FAQs is a resource that provides useful information and common questions about network zones.
How are IP addresses counted as part of the network zone's IP limit?
A single Gateway IP address is counted as one item, but can contain multiple IPs.
How is the IP range counted in a CIDR notation?
One CIDR notation IP range is considered as one item.
How can I add countries in Europe or Asia/Pacific to a dynamic zone?
You can define locations for dynamic zones using either country codes or using a country and a region code. If a country is included without a region, the entire country is considered part of the zone. If you want to include all of the countries in Europe or in Asia/Pacific, you should choose all of those countries individually.
Continents are not intended to be used as region definitions. The Europe (EU) and Asia/Pacific (AP) codes are only used if you have not selected a specific country code. If you choose Europe or Asia/Pacific and do not specify individual countries, only requests from countries that do not have a designated country code are returned as a match by the geolocation provider. Used alone, Europe and Asia/Pacific are treated as generic codes for undesignated regions rather than inclusive of the countries they contain.
If I am using Okta ThreatInsight or network zones and have configured a proxy for my network traffic, will I get and block the actual end user’s IP instead of the IP of the login page?
Okta will block the end-user's IP if the:
- End-user IP is included inside the XFF header sent to Okta.
- Customer proxy is not configured as a trusted proxy. See About Okta ThreatInsight.