Configuring geofencing
Geofencing allows you to restrict access to IPs based on the user's current geographic location (geo), which is determined by their IPv4 address used to access the platform. This means that a particular user can access an IP while they are in an allowed geo, but the same user would be blocked when accessing the platform from a restricted geo. If a user accesses an IP from a geo that is restricted, they will not see the IP listed through PiCLI or IPLM Web and if they open a workspace, they will load a partial workspace.
To enable geofencing, you first create geos. Then, allow and restrict geos for each IP.
Create and edit geos
Creating and modifying geo definitions can only be done by administrators.
-
Open Administration > Geofencing, and select the Create geo icon
.
-
Enter or edit the following information for the geo:
-
Name: Full name of the geo. The name is shown on the Details page and also when you hover over the labels that use the short name.
-
Short name: The short name is restricted to 5 characters and is shown as a label whenever the screen does not have enough space for the full geo name.
-
Color: By default the color is random or you can select a color.
-
Description: Add a useful description.
-
Add IPs for subnets: Enter the IPv4 addresses for the subnets for the geo. Subnet definitions use CIDR syntax. Select whether to allow or restrict the included geos in the next steps.
-
-
Select Save.
Allow and restrict geos for IPs
Attaching and detaching geos to IPs can be done by either a user with owner permission on the IP or an administrator.
-
Select Catalogs > IP Catalog, and then select an IP in the catalog.
The IP page opens.
-
Select Edit IP, and then select the Geofencing tab.
The Geofencing tab opens and shows drop-down menus with the configured geos as well as any previously selected geos.
-
Select the Allowed geos and Restricted geos, and the select Save.
A confirmation dialog opens. Select Save IP to save the geofencing changes.
Geos truth table
This table shows whether the geo is blocked in each possible scenario.
Allowed geos | Restricted geos | Is the geo blocked? |
---|---|---|
Empty | Empty | No |
Empty | IPv4 Address not in range of any of the specified geos | No |
Empty | IPv4 address is in range of a specified geo | Yes |
IPv4 Address not in range of any of the specified geos | Don't care | Yes |
IPv4 address is in range of a specified geo | IPv4 Address not in range of any of the specified geos | No |
IPv4 address is in range of a specified geo | IPv4 address is in range of a specified geo | Yes |