IP Resources

Overview

IP Resources define IP address and port combinations that can be accessed via WireGuard/ZTNA. An IP resource is any subnet or IP + port(s) combination. For example:

• 10.0.1.0/24 & ports 22,80,443,5600-5609
• 10.0.2.124/32 & ports 80,443

IP Resources are used with the WireGuard module to provide direct IP access with multi-factor authentication, role-based access control, and on-demand access capabilities.

Create IP Resource

To view and manage IP resources:

Click Wireguard

Click IP Resources

Click Add

Next, enter the details

Field	Description
Resource Name	grant reference label
IP Address	Example: 10.0.100.0/24 will cover 10.0.100.*
Ports	Example: 22,43,80,5000-6000

Click ADD

Grant Access

Manual Grant

• Click Wireguard
• Click IP Resources
• Find the desired resource definition in the grid and click
• Click Manager Assigned Users or Manager Assigned Roles
• For time grants toggled advanced options
• Click on the grantee to add or remove the grant

Setup On-Demand

• Click Wireguard
• Click IP Resources
• Find the desired resource definition in the grid and click
• Click Manage Request Grants
• Click Add Grant
• Enter the grant information
• Click Save

IP Resource Configuration

Allowing IP Scans

To run network scan commands a user must have access to the IP SCAN permission.
Click for recommened roles for ZTNA module

Enabling ping

To allow ping set the IP resource port to 0 or *

2FA Triggering Rules

There are 2 controls on the 2FA of IP resource access:

On Grant of IP Resource

When a resource is granted toggle Multi-factor in the advanced options. Default is On.

Use this option for resources like DNS servers or other devices that you don't want to 2FA. If you do 2FA your DNS server access, then a user will get multi-factored when they activate the WireGuard network.

IP Resource Port Setting

IP Resource Port	2FA flow
*	2FA will trigger for every unique IP:Port combination
Specific ports eg. 22,443,1000-3000	2FA will trigger once for the IP