Applying policy based on the client's IP address (Cloud services)

Solutions ID:    KB4381
Version:    1.0
Status:    Published
Published date:    04/18/2011

Problem Description

With a Firewall/VPN connection into the Cloud need to define policy based on clients IP or subnet.


Policy based on clients IP is only available through the use of the Firewall/VPN connection into the Cloud.

One way to define the policy in portal is to go under the Content Filtering --> Policy and then click on "Switch to Advanced Configuration" (if not already there)

When defining the policy under the "from where" section an IP address or subnet can be added and then selected.  This IP address will be the "real" IP address of the workstation or subnet.  When a VPN tunnel is created between the Firewall and the Cloud there is no NAT'ing of addresses inside the tunnel.  Once the Cloud decrypts IPsec payload it will remember the source IP address (clients "real" IP) and then take care of the NAT'ing.

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question