Synametrics Technologies

We are testing the User IP restrict feature. Our goal is to limit our internal users to our Intranet only, while allowing external customers access from any public IP. Our config file has this entry for the user1, however I am able to logon from several public IP addresses.

<user allowedIP="intranet" encrypted="true" level="1" name="user1" password="K3Zfug4o4THibmxEWooNNeSqG2IAgfcmur_f2rvG9Q57PiJwrtNmOcWfO4A2uFlNIGaWbu"></user>

Am I missing a configuration setting?

Jesse,

There are two possible reasons for this problem:

1. You have to restart SynaMan after modifying the file
2. Currently, the "Intranet" option only works if the LAN IP address starts with 192.168.* or 10.*. Does your LAN ip address follow this convention?

I did both a synaman service stop and start. I also did a complete server reboot.

Our Internal networks uses both 192.168.x.x, 10.x.x.x and 172.16.x.x. However, since I am coming in from a public IP, shouldn't Synaman block my user ID from logging in? Also of note, we enabled the 2FA feature, is it possible that this is impacting the IP restriction?

Jesse,

Check the Audit logs and confirm your firewall is not replacing IP addresses on the Internet with its LAN IP address. If that's not the case, please contact us via email and we will further investigate this issue.