Hi @Maik Skoddow 

Thank you and I'm sorry I didn't share more information. Our goal is to be compliant with the healthscan/instance security center. In order to make the restrict access to specific IP ranges compliant I need to set a range under system security-ip address access control.

In addition, we want our environment to be more secure with the allow and deny list. However I'm struggling to know and find what IP addresses to add to both the allow and deny list. I don't want to cause a problem by adding both allow and deny, that users can't access our system. Thanks for your help and feedback as this is not my specialty. 

Hi @Gemma Jacobs / @Gemma4 

with the help of your screenshot, I now understand what you are referring to.

Let me tell you that the compliance score is just for orientation and not a must. And it is also impossible to reach the 100% level as some requirements are really special and make no sense for some customers. Furthermore, you should know that the underlying KPIs only cover a certain portion of ALL critical aspects you have to take care of. So don't stick to match to that compliance score!

And coming back to the original question: Restricting IP address ranges only makes sense in certain scenarios. For example, imagine you are running a public service portal. In that case, users are coming from allover the world, and it is impossible to restrict IP ranges or let's say it makes no sense.

In another scenario, you might want to restrict access to company internal users. In that case, you have to ask the network team for the IP ranges of the proxy servers the users are coming from.

What I want to say: Your question cannot be answered in that Community. Instead, engage an expert onsite and find a solution tailored to your instance, your network situation and your business.

Thank you @Maik Skoddow 

Thank you for the feedback it is really helpful. 

Is there any risk to how I added the range I did by using the transactions users ip address range?