How to allowed certain ip ranges and block all others?

ssalamone81
Tera Contributor

Hello,

 

My company has a requirement to allow certain ip ranges and block all else. I added the ip ranges that are allowed in IP Address Access Control easily. The issue is how do I ensure all other ranges are blocked? It would be an exhaustive exercise to input all other ip ranges that I wish to block and I cannot imagine I am the first person to have this issue. 

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

 

Just a heads up - this may be more of an item for the 'NOW Platform' Product Hub, rather than the SecOps specific area (for Security Operations Applications).

 

To get you going though - what you describe, is the actual intent of employing IP Address Access Control, on the NOW Platform.

After your Allow Rules, you could in theory employ a Deny at the end for all IP Ranges (not within the Allowed List - e.g. 0.0.0.0 to 255.255.255.255) - with great attention to detail ensuring you don't lock out your own IP ranges 🙂  

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0749055

 

You may also want to check out Adaptive Authentication and a Default Allow Policy.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1124090

 

Posting on the 'NOW Platform' Product Hub would be best if you have more questions on this, for more accurate responses.

View solution in original post

2 REPLIES 2

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,

 

Just a heads up - this may be more of an item for the 'NOW Platform' Product Hub, rather than the SecOps specific area (for Security Operations Applications).

 

To get you going though - what you describe, is the actual intent of employing IP Address Access Control, on the NOW Platform.

After your Allow Rules, you could in theory employ a Deny at the end for all IP Ranges (not within the Allowed List - e.g. 0.0.0.0 to 255.255.255.255) - with great attention to detail ensuring you don't lock out your own IP ranges 🙂  

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0749055

 

You may also want to check out Adaptive Authentication and a Default Allow Policy.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1124090

 

Posting on the 'NOW Platform' Product Hub would be best if you have more questions on this, for more accurate responses.

Hello,

Thanks for the feedback. SN Support also said to add all ranges to denied list. I tried it and it worked.