SOLVED

IP Addresses

%3CLINGO-SUB%20id%3D%22lingo-sub-263538%22%20slang%3D%22en-US%22%3EIP%20Addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-263538%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20am%20currently%20evaluating%20CAS%20and%20I'm%20a%20little%20confused%20with%20regards%20to%20setting%20IP%20address%20ranges.%20I%20have%20read%20the%20CAS%20documentation%20on%20IP%20address%20ranges%20which%20makes%20sense%2C%20but%20when%20I%20create%20custom%20corporate%20ranges%20do%20I%20specify%20the%20internal%20ranges%2C%20e.g%2010.0.0.0%2F16%20or%20do%20I%20specify%20the%20IP%20addresses%20that%20users%20access%20the%20Internet%20from%20(egress%20Internet%20IP%20address%20on%20the%20proxy).%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20reason%20that%20I%20ask%20is%20that%20if%20I%20look%20at%20Discover%20%2F%20IP%20addresses%20I%20can%20see%20the%20internal%20IP%20addresses%20of%2010.0.0.0%2F16%2C%20but%20if%20I%20look%20in%20the%20activity%20log%20I%20only%20ever%20see%20the%20external%20IP%20addresses%20eg%2040.114.136.114.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%26nbsp%3Bcan%20see%26nbsp%3Bthat%20I%20can%26nbsp%3Bdefined%20these%20IP%20address%20ranges%20in%20policies%2C%20such%20as%20Access%20Policies%2C%20but%20again%20these%20see%20to%20be%20using%20the%20external%20IP%20address%20not%20the%20internal%20non-internet%20routeable%20ones.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20someone%20clarify%20this%20for%20me%2C%20as%20I%20think%20that%20only%20the%20external%20IPs%20used%20for%20Internet%20egress%20should%20be%20specified%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EStuart%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-263538%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-264552%22%20slang%3D%22en-US%22%3ERe%3A%20IP%20Addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-264552%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20must%20configure%20all%20IP's%20that%20you%20have%20in%20your%20organization.%20From%20Internal%2C%20VPN%20and%20external.%20%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20reasons%20for%20all%20address%20is%20when%20you're%20creating%20policies%2C%20making%20an%20investigation%20and%20need%20to%20view%20visibility.%20Also%2C%20the%20difference%20shown%20between%20all%20those%20IP's%20must%20be%20in%20the%20portal.%3C%2FP%3E%3CP%3EFor%20example%2C%20the%26nbsp%3BAffiliation%20(under%20account%20filters)%20that%20is%20either%20Internal%20or%20External%20to%20make%20sure%20from%20your%20users%20is%20coming.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEli.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-264109%22%20slang%3D%22en-US%22%3ERe%3A%20IP%20Addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-264109%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20register%20both.%26nbsp%3B%20As%20you%20see%20discovery%20data%20comes%20from%20your%20proxy%2FFW%20which%20can%20see%20your%20internal%20IPs.%26nbsp%3B%20Most%20API%20connected%20apps%20see%20only%20your%20external%20IP.%26nbsp%3B%20registering%20both%20will%20allow%20cloud%20app%20security%20to%20understand%20what%20IPs%20your%20users%20might%20come%20from%20normally.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi,

I am currently evaluating CAS and I'm a little confused with regards to setting IP address ranges. I have read the CAS documentation on IP address ranges which makes sense, but when I create custom corporate ranges do I specify the internal ranges, e.g 10.0.0.0/16 or do I specify the IP addresses that users access the Internet from (egress Internet IP address on the proxy). 

The reason that I ask is that if I look at Discover / IP addresses I can see the internal IP addresses of 10.0.0.0/16, but if I look in the activity log I only ever see the external IP addresses eg 40.114.136.114. 

 

I can see that I can defined these IP address ranges in policies, such as Access Policies, but again these see to be using the external IP address not the internal non-internet routeable ones. 

 

Can someone clarify this for me, as I think that only the external IPs used for Internet egress should be specified?

 

Kind regards,

Stuart

2 Replies
Highlighted

Please register both.  As you see discovery data comes from your proxy/FW which can see your internal IPs.  Most API connected apps see only your external IP.  registering both will allow cloud app security to understand what IPs your users might come from normally.

Highlighted
Best Response confirmed by stuart townsend (Occasional Contributor)
Solution

Hi,

 

You must configure all IP's that you have in your organization. From Internal, VPN and external.  

The reasons for all address is when you're creating policies, making an investigation and need to view visibility. Also, the difference shown between all those IP's must be in the portal.

For example, the Affiliation (under account filters) that is either Internal or External to make sure from your users is coming.

 

Eli.