IP address whitelisting
If there are certain places, for example some branch offices, from where you want to grant access to Remote Desktop or Supported Web Applications secured by 2FA without the need to provide OTP, you can whitelist their IP addresses. To do so, open the ESA Web Console and navigate to Settings > IP Whitelisting.
Select the check box next to Enable global IP whitelisting, define the appropriate IP addresses (IPv6 version too, if applicable), select the services to whitelist and then click Save.
To define different whitelisting for specific ESA components along the global one, select the check box next to Enable per feature IP whitelisting, select the services to whitelist, define the appropriate IP addresses (IPv6 version too if applicable), and then click Save.
Do not confuse Remote Web Access with Remote Desktop Web Access.
|
RADIUS ESA RADIUS server reads the user's IP address from the first non-empty RADIUS attribute, namely: •66 Tunnel-Client-Endpoint •31 Calling-Station-Id The intent is to get the IP address read by the closest component; it is the VPN server in most cases. |
