IP address access control

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Apply an IP access control to outbound traffic, inbound traffic, or bidirectional traffic. The system only blocks an IP address if a matching Deny rule exists and no matching Allow rule exists. By default, there are no restrictions on access to your instance.

    Avant de commencer

    Remarque :
    Use the Adaptive Authentication (AA) pre-authentication context policy to enforce IP based authentications and restrictions for additional capabilities. For more information, see Adaptive authentication.

    Role required: admin

    Avertissement :
    IP Address Control is configured only for external IPs and it will not block internal IP addresses from ServiceNow.

    Procédure

    1. Navigate to All > System Security > IP Address Access Control to see a list of your IP access controls.
      You might have to activate the IP Range Based Authentication [com.snc.ipauthenticator] plugin.
    2. Complete the form.
      Remarque :
      To find your instance IP information, Log in to ServiceNow - NOW Support, and Search for the My IP Information service catalog item.
      Field Description
      Type

      Type of access control rule to include.

      • Allow: Any IP address in this range can interact with this instance.
      • Deny: Any IP address in this range cannot interact with this instance unless it is listed in an Allow rule. Also, when adding deny rules, you cannot deny your own public IP address or your instance does not update a deny rule.
      Remarque :
      To support maintenance, upgrades, and Customer Service and Support, some ServiceNow internal IPs cannot be blocked by Deny rules.
      Direction Direction of the IP access control rule.
      • Inbound: Choose Inbound to allow or deny inbound transactions. These are transactions initiated from outside of your instance.
      • Outbound: Choose Outbound to allow or deny outbound transactions. These are transactions initiated from within your instance.
      • Bidirectional: Choose Bidirectional for the configuration to apply for both Inbound and Outbound.
      Active When selected, the form is active.
      Description Description of the access control.
      Range Start Starting range of IP addresses to allow or deny.
      Remarque :
      These rules also affect transferring update sets. To ensure that IP address access control does not cause update sets to fail, add the target instance as an exception.
      Range End Ending range of IP addresses to allow or deny.
      Remarque :
      To limit access to specific VPN addresses only, enter a Deny range of 0.0.0.0 through 255.255.255.255 into the Deny field, and only enter the specific allowed VPN ranges.
    3. Click Submit.