IP Address Checking (Netmap Check)
IP address checking validates the IP address of the trading partner and makes sure that the IP address is an allowed address. You perform IP address checking with Sterling Secure Proxy or through Sterling External Authentication Server, with the following options:
- Inbound
Node List for the FTP, HTTP, and SFTP protocols—Use Sterling Secure Proxy to validate
the IP address from which a remote trading partner connects. When
a trading partner connects to Sterling Secure Proxy, Sterling Secure Proxy looks up the IP address in
the inbound node list of the netmap. If the IP address is not found,
the session ends.
You can specify wildcard characters in the inbound node list, to provide the flexibility to be as granular in your check as you require. For example, you can specify an entry of * in the inbound node list. This value allows connections from all IP addresses. If you specify an IP address for each trading partner in the inbound node list, only connections from the client IP addresses identified are allowed. The more specific the IP address is in the inbound node list, the stricter the IP address check is.
- Netmap Check for Sterling Connect:Direct®—For Sterling Connect:Direct connections, the netmap contains one node list that is used for both inbound and outbound nodes. Sterling Connect:Direct does not use the IP address to find the netmap entry to use. It uses the node name provided by the initiating node (PNODE). However, a parameter in the Sterling Connect:Direct adapter allows you to check the IP address of the initiating node.
- External Authentication (recommended)—Validate the IP address using Sterling External Authentication Server to perform certificate or user validation. If Sterling Secure Proxy is configured to use Sterling External Authentication Server for user or certificate authentication, it sends the IP address to Sterling External Authentication Server, Sterling External Authentication Server validates the IP address and determines if the IP address is valid for a user or for a certificate subject name, common name, or other specified values in the certificate.