Network zones FAQs
The network zones FAQs is a resource that provides useful information and common questions about network zones.

A single Gateway IP address is counted as one item, but can contain multiple IPs.

One CIDR notation IP range is considered as one item.

You can define locations for dynamic zones using either country codes or using a country and a region code. If a country is included without a region, the entire country is considered part of the zone. If you want to include all of the countries in Europe or in Asia/Pacific, you should choose all of those countries individually.
Continents are not intended to be used as region definitions. The Europe (EU) and Asia/Pacific (AP) codes are only used if you have not selected a specific country code. If you choose Europe or Asia/Pacific and do not specify individual countries, only requests from countries that do not have a designated country code are returned as a match by the geolocation provider. Used alone, Europe and Asia/Pacific are treated as generic codes for undesignated regions rather than inclusive of the countries they contain.

Okta will block the end-user's IP if the:
- End-user IP is included inside the XFF header sent to Okta.
- Customer proxy isn't configured as a trusted proxy. See About Okta ThreatInsight.