diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index 4de31e087..b0f9f0767 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -107,6 +107,7 @@ Generic Start * Security ** xref:security/secure-connections.adoc[Secure connections] ** xref:security/single-sign-on.adoc[Single sign-on] +** xref:security/ip-filter.adoc[IP filter] ** xref:security/encryption.adoc[Encryption] ** xref:security/tool-auth.adoc[Tool authentication with Aura user] diff --git a/modules/ROOT/pages/security/ip-filter.adoc b/modules/ROOT/pages/security/ip-filter.adoc new file mode 100644 index 000000000..25ce65ff4 --- /dev/null +++ b/modules/ROOT/pages/security/ip-filter.adoc @@ -0,0 +1,55 @@ +[[aura-reference-security]] += IP Filter + +label:AuraDB-Business-Critical[] +label:AuraDB-Virtual-Dedicated-Cloud[] + +IP Filters restrict access to your Aura instance over the public internet by allowing only trusted IP addresses. +This feature helps secure your environment without requiring private network configurations. + +* Aura Business Critical supports up to 20 allowed IP Ranges. +* Aura Virtual Dedicated Cloud supports up to 100 allowed IP Ranges. +* Higher capacity options are available on request. + +Contact support if you need to increase the default IP range limits. + +== Required roles + +Users with the xref:user-management.adoc[roles] `Organization Owner` or `Organization Admin` can create and edit IP Filters from the xref:visual-tour/index.adoc#org-settings[organization settings] page. + +== Add an IP Filter + +. In the Aura console, go to *Organization > Settings > Security & Networking > IP Filtering* +. *Select entities* - Choose where to apply the filter: +.. *Organization* – applies to all instances in the org +.. *Project* – applies to all instances in the project +.. *Instance* – applies to individual instances +. Select allowed IP addresses: +.. *All* – No filtering is applied, all IPs are allowed. +.. *Specific range of IP addresses* – Enter individual IP addresses or CIDR ranges. + +=== How filters are applied + +IP Filters allow or deny a connection to an instance. +An instance can have one IP Filter only. +If a filter is already applied, the instance’s checkbox will be greyed out. + +Applying filters at the organization or project level helps admins set filters for multiple instances and newly created instances. +When applied at the organization or project level, new entities created within that scope will automatically inherit the filter settings. + +== Edit an IP Filter + +To edit an existing filter configuration, use the *Inspect* button. + +== Use cases + +IP Filtering is a great fit when you want to: + +* Quickly secure public instances without cloud configuration. +* Limit access to trusted networks such as office locations or partner data centers. +* Enforce corporate or regulatory access boundaries with minimal setup. +* Apply access controls to dev or test environments where private endpoints are unnecessary. +* Block access from geographic regions outside an area of operation. +* Standardize access policies across an organization or project without having to manage each instance individually. + +If you want network access away from the public internet, you could use xref:security/secure-connections.adoc#_private_endpoints[Private Endpoints] \ No newline at end of file