How do I specify a range of IP addresses in policy on ProxySG?
search cancel

How do I specify a range of IP addresses in policy on ProxySG?


Article ID: 166278


Updated On:


ProxySG Software - SGOS


The ability to specify IP address ranges in policy was added in SGOS 6.5.2. This feature allows you to enter a range as follows:

Example Use Case

You are an administrator of a retailer's distributed network. The network is very large and has numerous sub-networks, in which IP address ranges are non-contiguous and not easily defined by subnet/Classless Inter-Domain Routing (CIDR) notation. For example:
  • Demonstration devices in stores are assigned addresses within two ranges, - and -
  • Employee devices are assigned addresses within the range -
You want to be able to:
  • Deny access to YouTube on demonstration devices
  • Deny access if a virus is detected on employee devices
You want to apply policy based on the device user, but the large number of devices means it is not feasible to define a separate rule for each one. In addition, you would have to update policy whenever a device is added to or removed from the network. Using IP address ranges would be a more efficient way to write this policy. 


Use IP Address Ranges in Policy

To apply the policies described above, write the following content policy language (CPL): 

define subnet Demo
client.address=Demo url.regex="youtube" deny
client.address= virus_detected=yes deny
IP address ranges are supported in several CPL conditions; refer to the Content Policy Language Reference for more information. 
In the Visual Policy Manager (VPM), you can use IP address ranges in some Source and Destination objects. If you add or edit an object that supports address ranges, the dialog displays a hint below the entry field.

For more information, refer to the Visual Policy Manager and Advanced Policy Tasks Reference.

Additional Information 

You can specify IP address ranges in RDNS restrictions and in subnet definitions (as shown in the CPL above). For more information, refer to "restrict rdns" and "define subnet" in the Content Policy Language Reference.

For information on using IP address wildcards in policy, see How can I use wildcard characters when specifying IP addresses in policy?