The geolocation feature permits to restrict remote logons based on country.
When this option is 'Enabled’ you can use this option to configure countries from which logons are allowed or denied for users.
- Allow connections when Geolocation cannot be determined : Allows feature to be bypassed if failure to retrieve geolocation data for connections with a public address.
- Allow connections from Proxy Servers : If the source address is a Proxy server we can allow or refuse the connection.
The geolocation data is stored into an internal database file and functions as follows:
- The location of the client is retrieved from the database using the client ip.
- Verifying from the restriction list in order to allow/disallow the logon.
NOTE: Any IP address that is considered private and falls in these ranges cannot be geolocalized.
- 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
- 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
- 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
In case of accessed via RD Gateway, to retrieve the real IP address you need to install the NPS agent on the NPS server authenticating the RD Gateway.