Exercise 2.4: Restricting the IP address range

In this exercise, you will learn how to set a range of IP addresses that are allowed to access your SmartCloud for Social Business organization.

Overview

You can enhance the security for your organization in SmartCloud for Social Business by restricting authentication to a range of IP addresses that you specify in your organization's security settings.

Objectives

After completing this exercise, you should be able to:
Parent topic: Lesson 2: Configuring the organization account
Previous topic: Exercise 2.3: Configuring password settings
Next topic: Exercise 2.5: Viewing a history of downloaded files

Procedure

Step
Action
1
Log in and navigate to the Administration panel. For detailed steps, see the procedure document: Accessing the Administration Panel.
2
From the navigation pane, click Security.
Click Security.
3
In the IP Address Ranges section of the page, click Add Range.
In the IP Address Ranges section, click Add Range.
4
There are two options for restricting connections by IP address:
  • Option 1: To restrict connections to a single IP address, enter a single IP address in the Start IP field.
  • Option 2: To restrict connections to a range of IP addresses, enter the IP addresses for that range in the Start IP and End IP fields.
Click OK to save your changes.
Enter a value in the Start IP field, and optionally in the End IP field.
Note: You must have a range that includes the IP address for the machine that you are currently working from, to avoid locking yourself out of the service.
5
The ranges that you configured will display in the IP Address Ranges section. If you later need to edit or remove a range, use the Edit and/or Remove links to modify the settings.
Use the edit and remove links to modify the IP Address Ranges.
6
Optional: To validate that the IP range is configured correctly, test logging in to the service from a Web browser on a machine that is not within the range of allowed IP addresses. You should receive a message after entering your password that your current location is not allowed.
Your location is not allowed.

Troubleshooting

Problem Resolution
I'm trying to add an IP range, but when attempting to save, I receive the error: "Your current IP address is not included in the range."
Error in adding IP Range: #.#.1.1 to #.#.255.255. Your current IP address #.#.232.228 is not included in the range.
 You must have a range that includes the IP address for the machine that you are currently working from, to avoid locking yourself out of SmartCloud for Social Business.

First add a range that includes your current IP address, and then add any additional ranges as needed.
Users are able to access SmartCloud for Social Business using a POP or IMAP client on a machine that is not part of the IP Range that I configured. IP address restrictions cannot be applied to the following protocols: SMTP, POP, IMAP.

This is a known limitation in SmartCloud for Social Business, as documented in the known issues: IP Address restrictions not supported for some mail protocols.
One of my users receives an error when logging in: Your location is Not Allowed.
Your location is not allowed.
 The IP address for the machine from which the user is logging in is not part of the range of allowed IP Addresses for your organization. If you want the user to be able to access SmartCloud for Social Business from that machine, add its IP address to the range of allowed IP Addresses on the Security tab of the administration panel.
I'm trying to add an IP range that includes my machine's current IP address, but I keep getting an error when I attempt to save that indicates that my current IP address is not included. Furthermore, the IP address referenced in the error message is not my machine's current IP address as displayed when running IPCONFIG. If your organization's Internet connections are routed through a proxy, SmartCloud for Social Business will see your machine's IP address as the address of the proxy connection.

One way to test to see what your IP address is when you are routing through a proxy server is to go to the third party website: http://whatismyip.akamai.com, or a similar website, to verify your IP address.

You will need to set a range that includes the IP address of the proxy connection.

Resources