命名位置/ IP范围/配置 [英] Named Locations / IP Ranges / Configuration
问题描述
大家好,我想设置Azure网络应用程序代理,以便将互联网上的内部网站公开给一组特定的IP地址。有大约5个C类网络和大约3个主机,我希望这些网站被限制,其他一切都应该被拒绝访问。
Hi all, I want to set up the Azure web application proxy to expose an internal website to the internet to a specific set of IP addresses. There's about 5 Class C networks and about 3 hosts that I want the websites restricted to, all else should be denied access.
对于这种类型的azure app proxy设置,我应该设置"命名位置",然后使用条件访问来限制只能访问这些位置吗?进入这个,我想我可以设置一个命名位置并添加所有C类网络
和主机。它看起来像命名位置只支持1个IP地址或一个网络。我是否必须为每个C类和每个我想限制网站的主机创建一个命名位置?
For this type of azure app proxy set up, should I set up 'Named Locations' and then use Conditional Access to restrict access only to these locations? Going into this, I figured that I could set up one Named Location and add all of the Class C networks and hosts. It looks like a Named Location only supports 1 ip address or one network. Do I have to create a Named Location for each Class C and each host that I want to restrict the website to?
是否有更好的方法让Azure Web应用程序代理执行我的操作想做什么?
Is there a better way to have the Azure web app proxy do what I want to do?
任何反馈都非常感谢。谢谢大家。
Any feedback much appreciated. Thanks all.
推荐答案
Hello zBushman
Hello zBushman
条件访问具有命名位置的策略是您的方案中的方法。命名位置支持CIDR范围,不允许您直接输入有类网络范围。
Conditional Access policy with named locations is the way to go in your scenario. Named locations support CIDR ranges and does not allow you enter classful network ranges directly.
但每个命名位置支持1200个IP范围,因此您可以添加所有地址 在一个命名位置并在CA策略中配置它。您可以详细了解这个 这里。
However each named location supports 1200 IP ranges, so you can add all your addresses in one named location and configure it in your CA policy. You can read more about this here.
希望这有帮助。
这篇关于命名位置/ IP范围/配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
