Restrict Access With VMware Cloud Services Authentication Policies

A highly requested feature – IP address filtering – is now released for the Cloud Services Engagement Platform. You can configure this feature to allow or deny access to your org based on source IP address.

To enable an Authentication Policy, first log in to VMware Cloud Services, switch to the org you want to work with, click the down carat, and click on View Organization.

Click on the Authentication Policy tab

You have two options – an allow list or a block list. The block list allows access by default, and only blocks specific IPs. The allow list denies access by default, and only allows specific IPs. For this example, I choose Block IP and click Enable.

This is now the default screen when I click Authentication Policy. It is still configured to Block, but there are no entries.

If I want to change to an Allow policy, I can do so by clicking Change. I click on it to show what the UI looks like, but I leave it set on Block IP.

To add an IP to the block list, I click Add and add a single public IP.

My public IP is now blocked.

I try to access my org from the blocked IP and my access is blocked.

I can also add a subnet, I change the block list to the entire /24 that my source IP is in.

I remain blocked when I attempt to access the org.

You can add exceptions – an exception using a Block list will allow access. An exception when using an Allow list will deny access. I add my original IP address to the exception list for this Block policy, meaning the entire /24 remains blocked but the single /32 IP inside that subnet will be allowed through.

The configuration screen now shows the blocked /24 and the allowed exception.

I am able to access the org.

IP filtering is a welcome additional layer of defense to keep your SDDC secure.

Leave a Reply

Your email address will not be published. Required fields are marked *