When creating a location, enter the IP address or addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or company headquarters. Make sure that the CIDR block you provide includes the external IP address of your AD or the local DNS server that is used to communicate with ​SIA​.

You need to be an ​SIA​ administrator to complete this task.

📘

While you can assign a policy to a location configuration, you can also assign a location or multiple locations to a policy when you create or modify a policy.

To create a location:

1. In the Threat Protection menu of Enterprise Center, select Locations.

2. Click the plus sign (+) icon to add a new location.

3. In the Location name field, enter a name for the location.

4. In the Description field, enter a description for the location.

5. If the policy you need is already created, select a policy from the Policy menu. Otherwise, assign a location to a policy when configuring the policy or edit this location later.

6. To enter a domain, IP address, or a CIDR block, click the Identifiers link icon.

   1. To configure a location with dynamic DNS, in the Dynamic DNS Host field, enter the domain or domains that are registered with the dynamic DNS provider.

   2. To configure static IP addresses or CIDR blocks, in the IP Address / CIDR field, enter an IP address or CIDR block in this format:

      IPAddress/n

      where:

      • IPAddress is the IPv4 or IPv6 address.
      • n is the bit prefix. The maximum CIDR block for IPv4 is /16 and for IPv6 it is /48.

      You can provide multiple IP addresses or CIDR blocks. If you enter more than one address, each address appears as a separate item in the field.

   3. Click Save.

7. To mask the internal IP address of a sub-location, make sure the Internal IP Mask toggle is enabled. When enabled, you can configure sub-locations with a subnet that’s up to /28 for IPv4 or /56 for IPv6. Disable this option to configure addresses with a subnet that’s up to /32 for IPv4 or /128 for IPv6.

8. Click Save. To deploy the location with the save operation, click Save and Deploy.

Next steps

• If you want to create a new policy for this location, see Create a policy.

• If this location is assigned with the policy you need and you haven't deployed it, deploy the location configuration to the ​SIA​ network. For instructions see Deploy configuration changes.

• To associate a sub-location to a location, see Add a sub-location.

Add a sub-location

You can associate a sub-location to a location. A sub-location represents a segment in your network that's routed to the Internet with the same IP address as a parent location.

You need to be an ​SIA​ administrator to complete this task.

Before you begin

• Create a location.

• Take note of the considerations for creating a sub-location. For more information, see Sub-locations.

• If your organization uses an HTTP Forwarder, make sure the policy that is associated with the sub-location and the parent location is enabled with the proxy.

To add a sub-location:

1. In the Threat Protection menu of Enterprise Center, select Locations.

2. Find the location that you want to assign with a sub-location. To search for a location, see Search for a location.

3. Click the plus sign icon to add a sub-location.

4. In the provided field, enter a name for the sub-location.

5. In the Description field, enter a description for the sub-location.

6. From the menu, select the policy that you want to associate with the sub-location.

7. Click the chain icon and in the provided field, enter the internal IP addresses or CIDR blocks for the sub-location, and click Save.

8. Click Save to save the sub-location. To deploy the sub-location with the save operation, click Save and Deploy.

Next steps

If you haven't deployed the sub-location, make sure you deploy it to the ​SIA​ network. For instructions, see Deploy configuration changes.