Create Individual IP Address Rules

Important:

Two-factor authentication (2FA) is the preferred alternative to restricting access by IP address. For more information, see Two-Factor Authentication (2FA).

Consider using 2FA instead.

To give an employee access to NetSuite from specific machines only, edit the employee’s record and enter one IP address for each computer the employee can use.

Employee records created before the IP Address Rules feature was enabled inherit the rules you set on the Company Information page by default.

To create IP address rules for individual employees:

  1. Go to Lists > Employees > Employees..

  2. Click Edit next to the employee you want set IP address rules for.

  3. Open the Access tab.

  4. Check the Inherit IP Rules from Company box to give this employee access to the IP addresses defined on the Company Information page.

    Clear this box to give the employee access to your account only from addresses you entered in the IP Address Restriction field.

    If you check this box and enter addresses in the IP Address Restriction field, this employee will have access to both the addresses listed on the Company Information page, and the addresses listed on this record.

    If you clear the box and leave the field empty, the list on the Company Information page applies.

  5. To give this employee access to use specific machines, clear the Inherit IP Rules from Company box, and list the IP addresses in the IP Address Restriction field.

    Note:

    Enter valid IP addresses (in dotted decimal notation) from which you want this employee to access your account. Each of the numbers in the four segments (the numbers between the dots) must be between 0 and 255.

    Use the following formats:

    Important:

    You can enter up to 999 characters. Use shorter forms of notation to enter addresses (such as 123.45.67.80-99 or 123.45.67.80/24 in the following examples) if necessary.

    • A single IP address, such as 123.45.67.89

    • A range of IP addresses, entered with a dash and no spaces between, such as 123.45.67.80-123.45.67.99. You can use 123.45.67.80-99 to indicate the same range.

    • A list of IP address separated by spaces or commas such as 123.45.67.90, 123.45.67.97,...

    • An IP address with full netmask, such as 123.45.67.80/255.255.255.0

      Note:

      A netmask defines which bits of the IP address are valid, the example means "use the first three segments (255.255.255), but not the fourth segment (0)"

    • An IP address and bitmask, such as 123.45.67.80/24

      Note:

      The “24” indicates the number of bits from beginning to use in the validation – the same IP addresses are valid as in the previous example (255 means 8 bits).

    • An IP address and mask, such as 209.209.48.32/255.255.0.0 (allows 209.209.*.*)

      Warning:

      Think carefully when using this type of notation. The mask is a binary number. For example, the IP address and mask 12.34.56.78/12.34.56.78 does not indicate only one IP address is allowed. The IP address 140.34.56.78 matches the mask in this example. There are more IP addresses that match the mask than are immediately obvious.

    • The text "NONE" – denies access from all IP addresses.

    • The text "ALL" – allows all IP addresses.

    • If you leave the field blank, IP address restrictions are inherited from the company level.

  6. Click Save.

Related Topics

Enabling and Creating IP Address Rules
Enable the IP Address Rules Feature
Create Company IP Address Rules
Create Roles without IP Address Restrictions
Review or Search for Access Restrictions

General Notices