000030030 - Can you create a rule that matches noncontiguous ranges of IP addresses?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030030
Applies ToRSA Product Set: Adaptive Authentication (Hosted)
RSA Product/Service Type: Adaptive Authentication (Hosted)
RSA Version/Condition: 11
Platform: Other
Platform (Other): na
O/S Version: Other
Product Name: null
Product Description: null
Issue You might be looking to do more with the Policy Manager lists than single IP addresses.
Example questions --
 How to create a rule that matches noncontiguous ranges of IP addresses?
 Trying to create a rule that will trigger when the user’s IP address is coming from a network that uses a non-contiguous range of IP addresses.
For example, a rule that will match any IP address not in the following netmasks: (note that this is not a class A/B/C or D address)
When looking at RSA AAH and reading the documentation,  The “list” editor accepts any character in an IP address, and the documentation doesn’t describe how the IP address is parsed.
Need to understand how this list will be parsed so that I know whether I can do globbing, regex, netmasks, just a series of up to 200 individual IP addresses, or something else.
ResolutionCurrently, as expressed in the BackOffice Users Guide, there is only one way to express IP addresses --
Single IP Addresses. (up to 500 entries) for > 500 entries,  ask Customer Support Engineer to open up a  CTO ticket  to create a list.
This is simple parsing of numbers, against an authoritative source service used for IP Addresses/Hostnames
However there is a current(as of April 2015) Feature Request submitted to Program Management to be able to do more with the IP Address list.  This is under evaluation by R&D.