About network zones
Network zones define security perimeters around which admins can restrict or limit access based on the following parameters:
- A single IP address
- One or more IP address ranges
- Classless inter-domain routing (CIDR) notations
- A list of geolocations
- IP type
- Autonomous system numbers (ASN)
Network zones consist of IP Zones and Dynamic Zones, which may be added to or used for these items:
- Okta sign-on policies
- App sign-on policies
- VPN Notifications
- Integrated Windows Authentication (IWA)
Policies and rules are automatically updated when you modify a network zone definition.
When you edit a network zone,wait approximately 60 seconds for the change to propagate across all servers and take effect.
IP zones and dynamic zones have the following limitations:
- You can configure up to 100 zones in an org.
- You can configure up to 150 gateway IPs and 150 Proxy IPs (except for IP zones that are blocked).
- IP blocked zones may contain up to 1000 gateways in each zone and up to a total of 25,000 in an org.
- You can configure up to 5000 gateway IPs for the default system IP Zone.
- You can configure up to 5000 proxy IPs for the default system IP Zone.
See Zones API developer documentation for more information.