IP Pools are used to assign an internal IP address to Clients (including those in the Connector or Portal). This IP address is used by the virtual tunnel interface for Client-to-Gateway communications.
In the case of the Connector, it might be sensible to assign a different IP pool which will be used to assign tun IP addresses to the Clients used inside your Connectors. This is unlikely to be a large number (remember many local resources ~ 16k) can be defined in a resource group (using one Client). So if you have 2 Connectors with 4 resource groups configured in each then you will need eight IP addresses in the pool. Also, consider the case of the Portal, which might benefit from a different IP pool depending on your use case.
The Appgate SDP system is designed to operate in the IPv4 and IPv6 worlds so there are default IP pools provided for both:
Check the default settings for both IP pools and make the pool size bigger if you have many users.
If you are not using IPv6 for your Client to Gateway tunnels it is recommended to REMOVE THE DEFAULT IPV6 POOL.
Once IP Pools are configured, there are two places where you can then allocate how they will be used:
Identity Provider: Primary usage - assigning the tunnel IP addresses for any user authenticating through that IdP
Site: Optional usage - mapping the primary IP address to an alternative IP address for a given Site
Before you start
Information you will need:
One or more ranges of free IP addresses to be used for users connecting through Appgate SDP
An understanding of any Sites where there might be an IP address conflict if the user presents the same IP address as appears on some other Site
Background reading:
For full details about IP Pools, refer to IPv4 and IPv6 pools
For information on allocating IP Pools to Identity Providers, refer to Configure Identity Providers
For more information about how tunneled traffic is handled in Appgate SDP refer to Routing Client traffic
Use the IP Pools form to:
Configure IP Pool ranges for the IP addresses that will be assigned to each Client
Add more IP pool ranges to an existing IP Pool
Add range exclusions to an existing IP pool