IP address range checking order

Article:HOWTO81818  |  Created: 2012-10-25  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81818
Article Type
How To

Subject


IP address range checking order

If both Client IP address range and trusted internal IP addresses are in use, the Gateway Enforcer appliance checks client addresses in the following order when a packet is received from a client:

  • If the Client IP address range is enabled, the Gateway Enforcer appliance checks the Client IP address range table for an address matching the source IP of the client.

  • If the Client IP address range does not include an IP address for that client, the Gateway Enforcer appliance allows the client without authentication.

  • If the Client IP address range does include an IP address for that client, the Gateway Enforcer appliance next checks the trusted external IP address range for a matching address.

  • If an address matching the client is found in the trusted external IP address range, the Gateway Enforcer appliance allows the client.

  • If no matching address is found in the trusted external IP address range, the Gateway Enforcer appliance then checks the destination address against the trusted internal IP address range list and the list of instances of the Symantec Endpoint Protection Manager.

    If a matching address is still not located, the Gateway Enforcer appliance begins the authentication session and sends the challenge packet.

See Specifying trusted external IP addresses.

See Adding client IP address ranges to the list of addresses that require authentication.


Legacy ID



v9514488_v81664632


Article URL http://www.symantec.com/docs/HOWTO81818


Terms of use for this information are found in Legal Notices