IP Allowlist

The IP Allowlist page lets you specify IP addresses and ranges that are allowed to access the Sysdig UI and API.

On IP Allowlist page, you can:

  • Enable/disable the IP Allowlist feature globally
  • Add new IP addresses or IP ranges
  • View the list of already configured IP addresses and IP ranges
  • Modify or delete existing IP address or IP range
  • Enable/disable the individual IP address or IP range

If misconfigured, this feature will cause you to lose access to Sysdig! Review this page carefully before you configure the feature.

If, however, you do run into issues and find yourself unable to access Sysdig as a result of using this feature, Contact Sysdig Support.

Prerequisites

Permission to access IP Allowlist is only available to Admin users by default.

You can also add permission manually to a custom role. See Manage Custom Roles.

Access IP Allowlist

To access IP Allowlist:

  1. Sign in to Sysdig Secure or Sysdig Monitor with the required permissions. See Prerequisites

  2. Select Settings > IP Allowlist via the user menu.

    The IP Allowlist page opens.

Add an IP Address or IP Range

To add a new IP address or IP range:

  1. Access the IP Allowlist page.

  2. Select the option Add IP from the top right of the screen.

    The IP Configuration page appears.

  3. See Configure an IP.

Modify an IP Address or IP Range

To modify an existing IP Address or IP range:

  1. Access the IP Allowlist page.

  2. On the IP Allowlist page, hover over an IP address or IP range listing.

  3. On the rightmost side of the row with the IP address or IP range you want to modify, select the three-dot menu icon.

  4. Select Edit.

    The IP Configuration page appears.

  5. See Configure an IP.

Configure an IP

The screen for adding and modifying the IP address or IP range is the same, but is accessed differently depending on the action you want to perform:

Once you add an IP, or select Edit on an existing IP, the IP configuration page appears.

You can configure the following parameters:

  • Enabled: Use the toggle to select if the IP address or IP range be enabled. You can’t disable the IP address or IP range when creating a new one.
  • IP address or range: Enter an IP address or IP range in CIDR notation.
  • Notes: Add an optional note to help you identify the IP address or IP range.

Once you configured the IP address or IP range, select the Save option from the top right of the page to save the changes.

If there are any errors, the page will inform you and allow you to rectify them.

Enable and Disable IP Allowlist Globally

Once you have added the list of IP addresses or IP ranges from which you want to allow access to Sysdig, you can enable the feature.

Ensure that the IP range from which you are accessing the system is included. Once the feature is enabled, it will block access from any IP ranges that are not listed.

To assist you, the Your IP section on the IP Allowlist page includes the IP address currently being used to access Sysdig.

To enable the feature globally, select the option Enable IP Allowlist at the top of the IP Allowlist page.

To disable the feature globally, select the same button, which reads Disable IP Allowlist when enabled globally.