Define allowed ServiceNow internal IP addresses [Updated in Security Center 1.3 and 1.5]

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 6분

    • Use the glide.ip.authenticate.strict property to specify IP ranges that can make inbound connections on an instance.

    Use the glide.ip.authenticate.strict property to reduce the scope of the IP allow list of an instance and restrict the IP addresses that ServiceNow personnel can use to make inbound/outbound connections to an instance. The exact IP ranges removed from the IP allow list by this property may be adjusted over time as the ServiceNow internal network changes. When set to true, glide.ip.authenticate.strict always guarantees an IP allow list that is equal to or more restrictive than the default.

    When glide.ip.authenticate.strict is set to true:
    A strict list of ServiceNow IP ranges replaces the default IP allow lists for inbound and outbound requests. This IP allow list, which starts with a more restrictive predefined set of allowed IP ranges, is replaced by the property glide.ip.authenticate.allow.secured.self_hosted_list if the instance is self-hosted.
    When glide.ip.authenticate.strict is set to false:
    The default IP allow list is used which contains a wider set of ServiceNow IP ranges. The default IP allow list is replaced by the contents of glide.ip.authenticate.allow.self_hosted_list if the instance is self-hosted.
    주:
    Regardless of the value of glide.ip.authenticate.strict or if the instance is self-hosted, the allow list includes IP addresses in the glide.custom.ip.authenticate.allow and glide.custom.ip.outbound.authenticate.allow system properties, if defined.

    All IP list properties share the same format, which is a comma separated range of IP addresses in IPv4 or IPv6 format. IP ranges are specified using a hyphen (10.0.10.14-10.0.10.19), using CIDR notation (10.0.10.0/24), or consist of a single IP address (10.0.10.5). At runtime, you can make additions to the IP allow list by adding entries to the IP Address Access Controls [ip_access] table. This table can also be used to explicitly deny IP ranges access to an instance.

    경고:
    The value for this property is a no DB override. It can't be altered or overridden.

    More information

    Attribute Description
    Configuration name
    • glide.ip.authenticate.strict
    • glide.ip.authenticate.allow.secured
    Configuration type System Properties (/sys_properties_list.do)
    Data type
    • Boolean
    • String
    Recommended value
    • true
    • Contains only trusted values
    Default value
    • <empty>
    • <empty>
    Fallback value
    • <empty>
    • false
    Category Architecture, design, and threat modeling
    Security risk
    • Severity score: 4.3
    • CVSS score: Medium
    • Security Risk Details: Broader access increases the risk of unauthorized or unnecessary access to the instance by non-essential internal users, such as support or sales staff, and reduces control over privileged access. Enforcing strict IP authentication limits connectivity to essential infrastructure, strengthening security and reducing exposure to insider threats or misconfiguration.
    Functional impact This should have no functional impact. It may restrict non-essential ServiceNow personal from accessing an instance. However, these are individuals that do not generally require access to such instances. If access is required, you can grant it on a case by case basis using the IP Address Access Controls [ip_access] table.
    Dependencies and prerequisites None
    주:
    A deny all rule is needed to be added into IP access control to restrict access from any IP's not added into IP access control. All required allowed IP's are then needed to be added into IP access control.

    To learn more about adding or creating a system property, see Add a system property.