Policy Network Segment Limitations

dfarnworth
New Contributor III

Does anyone know for certain whether network segment limitations on policies match against the IP Address or Reported IP Address fields when evaluated?

4 REPLIES 4

bentoms
Release Candidate Programs Tester

@danf_b I think it's Reported IP Address. As this will only differ from the IP Address when a client is reporting in off WAN.

chriscollins
Valued Contributor

@bentoms wouldn't it be the opposite since the IP address would tell you when they are coming from the WAN and thus should get an external DP, etc?

If it was the reported IP which reports the clients local LAN IP address you'd never know that it was coming from outside the network.

golbiga
Contributor III
Contributor III

The JSS evaluates both. If you look at the logs when a machine is checking in, you will notice that its checking both IP Address and Reported IP Address to see if either fall under any of the network segments.

Allen

bentoms
Release Candidate Programs Tester

@chriscollins well of the reported differed from the IP address then the client is off-WAN.

That's what I meant.