1. Help Center
  2. Getting Started

Elisity Connect On-Prem Detection

On-Prem Detection is a feature that enables Elisity Connect to identify when a user is on premises, effectively disabling routing through Elisity Access Service to allow users access to local resources and local routing.

When a user comes on-site with Elisity Connect enabled, routing through Elisity Access Service is automatically disabled; meaning users don’t have to logout of Elisity Connect every time they come on-site. Multiple sites are supported with On-Prem Detection. 

In Cloud Control Center, go to Administration > Settings > Elisity Connect > Corporate NAT IP Addresses. Here you can enter the addresses that outbound Internet traffic from your corporate premises are translated to. These will be compared to the address that Internet bound Elisity Connect traffic is sourced from to determine if the client is on a trusted internal network.

                                                                (Click to enlarge)

You can add multiple IP addresses simultaneously, comma separated. After clicking Add IP(S), all the IP addresses you entered will form a manageable list. You can then select and remove IP Addresses from the list. Every 10 entries form a new page. 

screenshot 3
                                                                (Click to enlarge)

After configuring your corporate NAT IP Addresses, there are a few ways to verify that On-Prem detection is working. On the Elisity Connect Client, when the user is on-site the data overlay field in the status tab will be empty (grayed-out) and the overlay routes tab will be empty. You will also see an “On-Prem” flag on the right side of Elisity Connect.  

screenshot 4
                                                                (Click to enlarge)

screenshot 5
                                                                (Click to enlarge)

In Cloud Control Center, search for the user signed in to Elisity Connect. In asset details for the user, under Enterprise Network you should see “On-Premise.” You should also see the private LAN IP address of the device.

screenshot 6                                                                (Click to enlarge)

Any location-based policy will then treat the user as “on premises” based on this identification. Any policy based on remote users will not apply to the user while they are on the campus network. Similarly, policies built on users being on prem will apply to the user, even if logged in to Elisity Connect.  

To utilize this feature, you can build location-based policies using “On-Premise” as match criteria.  

                                                                (Click to enlarge)

Here is an example of a policy group, used as a source or destination for policy, that utilizes location type. Any policy that uses this policy group will only apply to users that are on premises.  

                                                                (Click to enlarge)