About network zones

Network zones define security perimeters around which admins can restrict or limit access based on the following parameters:

  • A single IP address
  • One or more IP address ranges
  • Classless inter-domain routing (CIDR) notations
  • A list of geolocations
  • IP type
  • Autonomous system numbers (ASN)

Network zones consist of IP zones, Dynamic zones, and Enhanced dynamic zones. You can add to or use these zones for the following items:

  • Global Session Policies
  • Authentication policies
  • VPN notifications
  • Integrated Windows Authentication (IWA)

Policies and rules are automatically updated when you modify a network zone definition.

When you edit a network zone, wait approximately 60 seconds for the change to propagate across all servers and take effect.

Network zones have the following limits:

  • You can configure up to 100 zones in an org.
  • You can configure up to 150 gateway IPs and 150 proxy IPs (except for IP zones that are blocked).
  • IP blocked zones may contain up to 1000 gateways in each zone and up to a total of 25,000 in an org.
  • You can configure up to 5000 gateway IPs for the default system IP Zone.
  • You can configure up to 5000 proxy IPs for the default system IP Zone.

See Zones API developer documentation for more information.

Related topics

IP zones

Dynamic zones

Enhanced dynamic zones