UniFi Identity Enterprise - Add and Manage Network Zones

Add an IP Zone

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Security > Identity Firewall > Network Zones.
  3. Click Show More > + Network Zone.
  4. Specify the following. 
    • Zone Name: The name must be less than 50 characters.
    • Type: Select "IP".
    • Gateway IPs: Enter your gateway IP addresses. Separate multiple IP address entries with commas (,). You can add a maximum number of 100 IPs.
    • Proxy IPs: Enter the proxy IP addresses. You can add a maximum number of 100 IPs.
  5. Click Add. The static IP network zone is configured.

Add a Dynamic Zone

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Security > Identity Firewall > Network Zones.
  3. Click Show More > + Network Zone.
  4. Specify the following:
    • Zone Name: The name must be less than 50 characters.
    • Type: Select "Dynamic Zone".
    • Country/Region: Click + Location to add more countries. You can add a maximum number of 10 countries/regions.
    • State/Province: This field will change based on the selected country and is an optional field.
  5. Click Add. The dynamic network zone is created.

Add a Network Zone to a Sign-On Policy

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Security > Identity Firewall > Policy.

  3. In the Sign-On tab, do either of the following:

    • Click + Sign-On Policy, specify the policy, and click Save.
    • Select an existing policy, and click Create. See Sign-On Policy for details.
  4. Specify the rule:

    1. Rule name: Enter a rule name.
    2. Enable this rule: Enable or disable the rule.
    3. Exclude users (Optional): Select the users that are excluded from the sign-on rule.
    4. In the If the user's IP is field, select "Inside Zone" or "Outside Zone".
      • Inside Zone: Any devices inside the selected zones will be included in this sign-on policy rule.
      • Outside Zone: Any devices not inside the selected zones will be included in this sign-on policy rule.
    5. Click Add Zone, select "Network Zones", and click Ok.
    6. Specify other conditions and actions as needed. See Sign-On Policy and Rule for details.
  5. Click Add Rule. The Network Zone is added to the UniFi Identity Enterprise sign-on policy.

Add a Network Zone to a Password Policy

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).

  2. Go to Security > Identity Firewall > Policy > Password.
  3. Do either of the following:
    • Click + Password Policy, specify the policy, and click Save.
    • Select an existing policy, scroll down to Rules, and click Create. See Configure Password Policy for details.
  4. Specify the rule
    1. Rule name: Enter a rule name.
    2. Enable this rule: Enable or disable the rule.
    3. Exclude users (Optional): Select the users that are excluded from the sign-on rule.
    4. In the If the user's IP is field, select "Inside Zone" or "Outside Zone".
      • Inside Zone: Any devices inside the selected zones will be included in this sign-on policy rule.
      • Outside Zone: Any devices not inside the selected zones will be included in this sign-on policy rule.
    5. Click Add Zone, select "Network Zones", and click Ok.
  5. Click Add Rule. The network zone is added to the password policy.

Manage Network Zones

  • If a network zone is enabled, the indicator before the rule will be green. If a network zone is disabled, the indicator before the rule will be gray.
  • The following network zones are generated by default and cannot be edited, disabled, or removed.
    • Blocked IP Zone
    • Legacy IP Zone
    • UniFi Console Zone

To manage network zones:

  1. Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
  2. Go to Security > Identity Firewall > Network Zone and click Show More.
  3. Perform the following actions based on your tasks:
Tasks Action
Edit a network zone 1. Click an existing network zone.
2. Edit the network zone as needed.
3. Click Update.
Enable, disable, or delete a network zone 1. Click Manage.
2. Select a policy.
3. Click Enable, Disable, or Remove as needed.
Was this article helpful?
1 out of 1 found this helpful