How can we help?
-
zWAN
-
-
-
-
- Firewall & Layer 7 Application Filtering
- VPN Site-to-Site Tunnel Setup & Connectivity (z40 to Cloud vGR)
- Intrusion Prevention System (IPS) / Intrusion Detection System (IDS) Testing
- DNS Filtering
- DDoS Protection & Logging
- MAC Address Filtering & Geo-fencing
- Application Control & Protocol Blocking
- Authentication & Access Control (zID)
-
- WAN Link Failover & Load Balancing (ACI Mode)
- Dynamic Path Selection & Application-Aware Routing
- SaaS & Internet Breakout Validation
- QoS for Microsoft Teams (Datacenter vGR + Branch z40)
- Tunnel Failover (z40 ↔ vGR) — WAN00 (wired) primary, WAN03 (4G) & WAN04 (5G) backups
- IP Routing & Static Route Steering (z40 Branch)
- VLAN & Layer-2 Bridging
-
-
-
-
-
-
- Articles coming soon
-
-
-
- Articles coming soon
-
- Articles coming soon
-
-
-
-
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
-
-
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
-
-
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
-
- Articles coming soon
-
- IPsec Tunnel not Establishing
- SSL-VPN Tunnel not Establishing
- Mobile Network Issues
- Management Tunnel does not Establish
- DNS not Resolving from Local Network Appliance
- DNS Resolution Issues in Tunnel Configuration
- DHCP Server not Leasing IP to LAN PC
- Debugging EC Events - Unknown Status Issue
- Trusted-MAC Geofencing Issues
- DNS Issues from DC LAN PC
- Troubleshooting LAN Connectivity to Internet via WAN, Remote Branch LAN, or Local Branch LAN
- NetBalancer gateways displaying Faulty/Inactive
- Packet Drop Issues
-
-
zTC
-
-
-
-
-
- Citrix HDX + USB Headset (Call-Center Baseline)
- VMware Horizon + Smart Card / CAC Login
- Microsoft AVD/RDP + Teams Optimized Video
- Multi-Monitor & 4K Performance
- USB Device Management - Block Storage
- Printing to Local USB & Network Printers
- Barcode Scanner (HID) with Line-of-Business App
- Kiosk / Assigned-Access Auto-Launch
- Wi-Fi Roaming & Link Change Mid-Session
- Power Management and Session State
- OS/Firmware Update & Rollback
-
-
StorTrends
-
zAccess
-
zGuardian
You are here:
Print
Subnet Groups
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
Quick Overview
Subnet Groups in zAccess define collections of IP address ranges, including both IPv4 and IPv6, that are assigned to specific gateway devices for traffic routing. These subnet groups determine how endpoint traffic is segmented and routed across the network, enabling policy enforcement at the network layer.
How to Use This Feature in the UI
- Navigate to Network Configuration > Subnet Groups in the zAccess UI.
- Click ADD SUBNET GROUP.
- Provide a Group Name (e.g., “VPN Clients” or “Corporate LAN”).
- Enter the following details:
- IP Address – Specify a base IP (e.g.,
192.168.100.0
). - Prefix/Netmask – Define the subnet size (e.g.,
/24
). - Gateway IP – Assign the IP of the local zAccess gateway responsible for this subnet.
- IP Address – Specify a base IP (e.g.,
- Click Save to finalize the subnet group.
Concepts & Use Cases
- Logical Network Segmentation: Use subnet groups to assign different IP blocks to different user roles, departments, or physical locations.
- Gateway-Based Routing: Direct traffic from a defined subnet through specific gateways for enforcement and monitoring.
- Policy-Based Access Zones: Link subnet groups to policies through rulesets, ensuring the correct access level is enforced based on network location.
- IPv6 Enablement: Future-proof your environment by including IPv6 subnets for compatible endpoints.
Troubleshooting & FAQs
- Why isn’t a device receiving the expected policy?
Verify that the device’s IP address falls within the correct subnet group and that the group is properly referenced in your ruleset logic. - Can a subnet group be assigned to more than one gateway?
Yes. This is often done for load balancing or high availability. However, be cautious with routing logic. - How are subnets prioritized if multiple match?
Rulesets determine final policy application. Subnet overlap should be avoided or tightly controlled through gateway assignment and group structure. - Can I use dynamic IPs with subnet groups?
Yes. As long as the DHCP server issues addresses within the subnet’s defined range, devices will be correctly associated.
Was this article helpful?
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
5
Table of Contents