Locations

A location is a public IP address or a named collection of public IP addresses that belong to a region or geographic area in your network, such as a CIDR block for an office branch or your company headquarters. A location allows you to implement Zero Trust architecture by segmenting your network into multiple microperimeters. Locations are secured with ETP policy. For more information on policies, see Policies.
Note: Support for a dynamic DNS location configuration is currently in limited availability. Organizations with access to this feature can configure a dynamic DNS domain name for a location. For more information, see Locations and dynamic DNS.

Enterprise Threat Protector (ETP) includes a default location for unidentified IP addresses. This location applies to roaming users or users who are usually remote and make DNS requests from unexpected IP addresses. The Unidentified IPs location is not configured with any IP address or CIDRs. You also cannot edit this location.

From the Locations page, you can add, edit, and delete locations. You can also select whether to allow or block traffic from the Unidentified IPs location.

When creating a location, remember:

  • You must provide the public IP address of your Active Directory or other local DNS server that is used to communicate with ETP.
  • You cannot assign a location IP address to other ETP locations in your network.
  • You cannot configure a location with an IP address that is claimed or used by another organization. If you believe your organization owns an IP address that you cannot configure as a location, contact Akamai Support.
  • When configuring IP addresses or CIDR blocks for a location, the bit prefix for a IPv4 address must be between 24 and 32. For an IPv6 address, this bit prefix must be between 120 and 128.
  • A location configuration requires a policy assignment. If you do not assign a policy to the location, the location is automatically assigned to the default policy. You can assign the same policy to multiple locations or you can create different policies for locations in your network.

When you create, modify, or delete a location, you must deploy these updates to the ETP network. Changes to location settings, as well as other configuration settings such as policies or custom lists, are captured in the Pending Changes window for you to review. After you click the deploy button, the deploy operation typically completes in 20-30 seconds.

If you enable authentication in your enterprise, you can provide the internal IP addresses of headless computers or devices that you want exempt from authentication. A location configuration allows you to enter these IP addresses. For more information, see User authentication and group policies.