IP address whitelisting

If there are certain users for whom you want to grant access to Remote Desktop or Supported Web Applications secured by 2FA without the need to enter an OTP, you can whitelist their IP addresses. To do so, open the ESA Web Console and navigate to Settings > IP Whitelisting.


Select the check box next to Enable global IP whitelisting, define the appropriate IP addresses (IPv6 version too, if applicable), select the services to whitelist and then click Save.

To define different whitelisting for specific ESA components along the global one, select the check box next to Enable per feature IP whitelisting, select the services to whitelist, define the appropriate IP addresses (IPv6 version too if applicable), and then click Save.


If your VPN is secured by 2FA utilizing and you want the users whose IP addresses you whitelisted to be able to access your VPN without an OTP, the following criteria must be met:

in the configuration of RADIUS client for VPN Type select VPN validates AD username and password and select the checkbox next to Active Directory passwords without OTPs

make sure the user the whitelisted IP address belongs to does not have any 2FA options enabled - see user management

If these criteria are met, the user can access the VPN without entering a password or using the word none as password


Do not confuse Remote Web Access with Remote Desktop Web Access.