Client internal IP address pools

The client internal IP address pool is configured with IP address ranges that are allocated for each logged-in client. The client IP address is internal for Secure Private Access which is available only to the customer resource location. The IP address pool is essential for assigning a unique IP address to a user and the associated device. The devices from the customer resource location can tunnel traffic to a specific logged-in user’s device using the client’s internal IP address, called the server-to-client connection. The client internal IP address can also support the source IP stickiness for existing client-to-server tunnel traffic. The source IP stickiness enhances security and control over network traffic.

Use cases of client internal IP address pools

• Enable server-to-client connections: A server must initiate a connection with the client device for tasks such as push configurations, remote assistance, software installation while safeguarding user privacy and security. The client internal IP address pools help resolve this challenge by designating a range of IP addresses for client identification and management. These client internal IP address pools are allocated based on user context and location. For example, specific IP address ranges can be designated for user groups such as the HR team.

  To enable server-to-client communication, you must create a server-to-client app and then provide the client machine port and protocol details in addition to the back-end IP address range that is used to connect to the client. For details, see Server-to-client app configuration.

• Enable client internal IP address stickiness: Some applications require a continuous session with the same client and the server to maintain consistent connections. For details, see Client IP address stickiness.

For enabling client IP address persistence, see Enable client IP address stickiness for TCP/UDP applications.

IP address pool limitations

Following are some of the limitations of the IP address pool:

• If the IP addresses in the pool are exhausted, IP addresses are not assigned to the users and hence server-to-client connections and client internal IP stickiness features cannot be used.
• A maximum of 3 different IP addresses can be assigned to a user. That is a user can log in from up to 3 different devices (for example, a laptop, smartphone, and a tablet) and each device can receive a different IP address. If the same user logs in from another device (fourth device), no IP address is assigned to that device and hence the server-to-client initiated connections and the client internal IP stickiness feature cannot be used by the user.
• If the user logs in and logs out from the same device, the user is assigned the same Internal IP address for the next login. The user’s assigned Internal IP address is sticky with the same user for daily login and logout. If a user has not logged in for 15 consecutive days, the user’s sticky Internal IP address is released and assigned to a different user.

Create an intranet IP address pool

1. Navigate to Settings > IP Pools and then click Create IP Pool.

   

2. IP Pool name: Enter a name for the IP pool.
3. IP Range or CIDR: Enter the range of IP addresses reserved for clients. One of these IP addresses is assigned to the client machines.
4. Connector Appliance Netmask: (Optional). In case the Connector Appliance network subnet is different from the Internal IP address subnet, the Connector appliance netmask must be entered.
5. Resource Location: Select the resource location where the back-end server is located. Ensure that at least one Connector Appliance is up.
6. Allocation type: Select User and select the condition, domain, and the user or user groups to which this pool is applicable.
7. Click Create.

The IP address pool that you created is listed in the IP Pools page.

Once the client login is successful, an intranet IP address is assigned to the user from the client internal IP address pool.

Deletion of the IP address pool

Graceful deletion of the IP address pool is supported to prevent sudden user disconnections and communication disruptions. A grace period is provided during which all active sessions can continue to use the IP addresses assigned from the IP address pool. Admins can wait for the grace period to pass during which the users are expected to log out from the devices and free the IP addresses. Once the IP addresses are freed, admins can safely delete the IP pool without causing disruptions.

Perform the following steps to delete an IP address pool:

1. Navigate to Settings > IP Pools.

   The list of IP address pools along with their details are displayed in a tabular format.

2. Click the ellipsis (…) next to the address pool that you want to delete, then click Delete.

View the IP address utilization data

You can monitor the IP address utilization data from the IP Pool Utilization page. This page provides an overview of the status of the IP addresses.

• A list of users and the IP addresses allocated to these users.
• The percentage of available IP addresses that are already allocated and the total number of IP addresses available for allocation.

Admins can use this data to monitor IP address consumption and ensure that enough IP addresses are available for the users.

Perform the following steps to view the IP address utilization details:

1. Navigate to Settings > IP Pools.

   The list of IP address pools along with their details are displayed in a tabular format.

2. Click the ellipsis (…) next to the address pool and then click View IP Utilization.