Skip to main content

New-Scale Security Operations PlatformNew-Scale Security Operations Platform Administration Guide

Manage Access by IP Addresses

The IP-Based Access page provides a way to configure UI and public API access to New-Scale functionality based on an allowed list of IP addresses. Each row in the list shows the UI and public API access granted to a single IP address or to a range of IP addresses. You can add IPs or IP ranges to the list and configure their access. You can also edit or delete IPs or IP ranges currently in the allowed list.

The page has a convenient on/off toggle at the top so you can avoid interrupting any ongoing processes while you configure an allowed list of access. With the toggle in the off position, you can configure all of the desired access and restrictions without implementing them. When you're ready, you can switch the toggle to the on position to implement the configured access for all of the listed IP addresses.

You can add up to a combined maximum of 250 IP addresses and ranges to the allowed list on the IP-Based Access page.

ip-management-tab.png

Keep in mind the following when managing access and restrictions in the allowed list:

  • When the IP-based allowed list on the page is not enabled, the Enable IP-Based Access toggle in the top right is in the off position. If you click the toggle to the on position, you enable the allowed list and all of the access and restrictions it includes.

    If you toggle the Enable IP-Based Access option to the on position while your IP address is not included in the list, or does not allow both UI and public API access, your IP is automatically added to the list or updated to ensure both UI and API access.

  • You cannot change or delete your own IP address from the allowed list.

  • If a change in access is made while an IP address is in use, the change will not take affect until the user logs in again.

  • When public API access is restricted, the private APIs necessary for UI functionality are not disabled.

  • This feature supports the IPV4 protocol but not IPV6. If your system has IPV6 enabled, it must be turned off for IP management to function as expected.

  • This feature is not applicable to modifying access for Multi-Org logins or for Multi-Org to Child-Org navigation. However, if Multi-Org users want to generate tokens to use the public APIs, they must have the appropriate public API access included in the IP-Based Access allowed list.

Accessing the IP-Based Access Settings

Only the Administrator or Security Engineer roles have configure or read access to the IP-Based Access page. To access the page:

  1. Log into the New-Scale Security Operations Platform with your registered credentials.

  2. In the left navigation panel, click the Settings icon (icon-settings.png) at the bottom.

  3. Scroll to the bottom of the Settings menu to find Access Control and select the IP-Based Access option. The IP-Based Access page opens.

    ip-management-settings.png

Add an IP or IP Range to the Allowed List

To add a new IP or IP range:

  1. On the IP-Based Access page, click Add IP/CIDR Range. A dialog box opens.

    add-ip.png

  2. Provide information in the following fields:

    • IP/CIDR Range – Enter an individual IP address or an IP range using CIDR notation.

    • IP Type – Select an option depending on whether you entered an Individual IP or a CIDR Range.

  3. Click the appropriate check box to select the access that you want to allow for the IP or IP range you are configuring. Options include UI Access and Public API Access.

  4. Click Add. The new IP or IP range is added to the allowed list with the access you configured.

Edit Access for an IP or IP Range in the Allowed List

To edit access for an IP or IP range:

  1. On the IP-Based Access page, locate the IP or IP range whose access you want to change.

  2. On the far right side of the row, click the options menu (icon-options.png) and select Edit. The Edit IP/CIDR Range dialog box opens.

    edit-ip.png

  3. Update the information in following fields as needed:

    • IP/CIDR Range – Enter an individual IP address or an IP range using CIDR notation.

    • IP Type – Select an option depending on whether you entered an Individual IP or a CIDR Range.

  4. Click the appropriate check boxes to update the access that you want to allow for the IP or IP range you are editing. Options include UI Access and Public API Access.

  5. Click Update. The updated access is displayed in the allowed list.

    Note

    Changed access for an IP currently in use may not take affect until the next time the user logs in.

Delete an IP or IP Range from the Allowed List

To delete an IP or IP range:

  1. On the IP-Based Access page, locate the IP or IP range that you want to remove from the allowed list.

  2. On the far right side of the row, click the options menu (icon-options.png) and select Delete. The Delete IP/CIDR Range dialog box opens.

  3. If you are certain you want to delete the IP or IP range, click Delete.