IP address whitelisting

If there are certain places, for example some branch offices, from where you want to grant access to Remote Desktop or Supported Web Applications secured by 2FA without the need to provide OTP, you can whitelist their IP addresses. To do so, open the ESA Web Console and navigate to Settings > IP Whitelisting.

ip_whitelisting

Select the check box next to Enable global IP whitelisting, define the appropriate IP addresses (IPv6 version too, if applicable), select the services to whitelist and then click Save.

To define different whitelisting for specific ESA components along the global one, select the check box next to Enable per feature IP whitelisting, select the services to whitelist, define the appropriate IP addresses (IPv6 version too if applicable), and then click Save.

Do not confuse Remote Web Access with Remote Desktop Web Access.


note

RADIUS

ESA RADIUS server reads the user's IP address from the first non-empty RADIUS attribute, namely:

66 Tunnel-Client-Endpoint

31 Calling-Station-Id

The intent is to get the IP address read by the closest component; it is the VPN server in most cases.