Create network ranges to define the IP addresses from which users can log in. You add the network ranges you create to specific identity provider instances and to access policy rules.
One network range called ALL RANGES is created as the default. This network range includes every IP address available on the Internet, 0.0.0.0 to 255.255.255.255. If your deployment has a single identity provider instance, you can change the IP address range and add other ranges to exclude or include specific IP addresses to the default network range. You can create other network ranges with specific IP addresses that you can apply for a specific purpose.
The default network range, ALL RANGES, and its description, "a network for all ranges," are editable. You can edit the name and description, including changing the text to a different language, using the Edit feature on the Network Ranges page.
- Define network ranges for your Workspace ONE Access deployment based on your network topology. The network ranges can be set based on internal and external access.
- For Workspace ONE Access Cloud services, verify the tenant public address used for the internal network range. For the cloud services, the internal network identifier is not 10.x.x.x.
- When Horizon is enabled in the service, you specify the Horizon URL on a per Network Range basis. To add a network range when the Horizon module is enabled, take note of the Horizon Client access URL and port number for the network range. See the Setting Up Resources in VMware Workspace ONE Access guide, Providing Access to View Desktop Pools and Application section.
- In the Workspace ONE Access console Policies tab, select Network Ranges.
- Edit an existing network range or add a network range.
Option Description Edit an existing range Click the network range name to edit. Add a range Click Add Network Range to add a range.
- Edit the Add Network Range page.
Form Item Description Name
Enter a name for the network range.
Enter a description for the network range.
Edit or add IP ranges until all desired and no undesired IP addresses are included.
What to do next
- Associate each network range with an identity provider instance.
- Associate network ranges with an access policy rule as appropriate.