Geolocation
The geolocation feature permits to restrict remote logons based on country.
![Geolocation](geolocation-restrictions.png)
When this option is 'Enabled’ you can use this option to configure countries from which logons are allowed or denied for users.
- Allow connections when Geolocation cannot be determined : Allows feature to be bypassed if failure to retrieve geolocation data for connections with a public address.
- Allow connections from Proxy Servers : If the source address is a Proxy server we can allow or refuse the connection.
The geolocation data is stored into an internal database file and functions as follows:
- The location of the client is retrieved from the database using the client ip.
- Verifying from the restriction list in order to allow/disallow the logon.
NOTE: Any IP address that is considered private and falls in these ranges cannot be geolocalized.
- 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
- 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
- 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
In case of accessed via RD Gateway, to retrieve the real IP address you need to install the NPS agent on the NPS server authenticating the RD Gateway.