Identifying Offsite computers

Bray
New Contributor

Is there an easy way to create either a smart group or computer search that identifies computers outside of a network IP Range? Adding "IP address not like 10...*" doesn't seem to block out 10.1.1.1 for example. Maybe I'm not identifying the IP range correctly, but if anyone can offer me any better ways to do this that would be much appreciated!

Thanks in advance

Laura

1 ACCEPTED SOLUTION

jhbush
Valued Contributor II

@Bray

You can define network segments for public IP addresses and then assign a building to them. I use one named Public. You also need to check the override building option as well.

Public Addresses
1.0.0.0 - 9.255.255.255
11.x.x.x - 126.255.255.255
129.0.0.0 - 169.253.255.255
169.255.0.0 - 172.15.255.255
172.32.0.0 - 191.0.1.255
192.0.3.0 - 192.88.98.255
192.88.100.0 - 192.167.255.255
192.169.0.0 - 198.17.255.255
198.20.0.0 - 223.255.255.255

View solution in original post

4 REPLIES 4

jhbush
Valued Contributor II

@Bray

You can define network segments for public IP addresses and then assign a building to them. I use one named Public. You also need to check the override building option as well.

Public Addresses
1.0.0.0 - 9.255.255.255
11.x.x.x - 126.255.255.255
129.0.0.0 - 169.253.255.255
169.255.0.0 - 172.15.255.255
172.32.0.0 - 191.0.1.255
192.0.3.0 - 192.88.98.255
192.88.100.0 - 192.167.255.255
192.169.0.0 - 198.17.255.255
198.20.0.0 - 223.255.255.255

Bray
New Contributor

Ah, of course.

Thanks!!

GabeShack
Valued Contributor III

The other way to do this is to specifically define and list all of your ip address ranges in your network segments then put a general one (1.0.0.1-255.255.255.254) and this will cover all other addresses. Anything that is defined will overrule the general one, but it covers all the bases. I then define the general one as Off-Campus. Keeps you from missing anything.

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

Kevin
Contributor II

Gabe,
I ran into an issue where doing this caused an issue. The ones defined DID NOT override the general one. I had to exclude our internal addresses (172.16.1.1 - 172.16.200.254), so I did this:

1.0.0.0 - 172.16.1.0 External 1
172.16.200.0 - 255.255.255.254 External 2

I defined the actual segments used and assigned them to buildings, etc…

Some policies require actually being on our network (6GB Adobe installs, etc…). This solves that issue easily.