VPN Configuration for User Access to NetSuite

Oracle NetSuite does not support traffic that is routed through a split-tunnel Virtual Private Network (VPN) to control user access to NetSuite.

In a full-tunnel VPN configuration:

In a split-tunnel VPN configuration:

To ensure users’ access to their NetSuite account, a company using a split-tunnel VPN would need to hard-code an IP address for a specific NetSuite data center in the company’s VPN configuration. Such a configuration would no longer work after the NetSuite account is moved to a different data center.

A role that has access restricted by IP address rules would no longer work after the move. In this case, the hard-coded IP address in the VPN would no longer be valid, therefore the traffic would be routed through the internet. The user would be represented by the IP address of an ISP, instead of by the IP address of the company’s VPN server. (See Enabling and Creating IP Address Rules for more information about the Restrict this role by IP Address feature.)

References to NetSuite that use IP addresses are too fragile to be reliable in a cloud environment. NetSuite IP addresses can change without notice. In addition, a split-tunnel VPN configuration cannot take advantage of the Content Delivery Networks (CDNs) in the Oracle NetSuite global infrastructure.


If you choose to use a full-tunnel VPN, be aware that this configuration does not ensure the same performance as when no VPN is present.

Related Topics

Understanding NetSuite URLs
NetSuite IP Addresses
Understanding NetSuite URLs
URLs for Account-Specific Domains
Dynamic Discovery of URLs
Supported TLS Protocol and Cipher Suites
Secure HTTPS Outbound Communication and SSL Certificates
Traffic Health

General Notices