Hey everyone! I've got a situation where I need to connect to a public website using a static public IP address. In the office, it's pretty simple, but for those of us who work remotely, things get a bit tricky. We're currently using Microsoft Global Secure Access (GSA), but I've noticed we can't seem to set a fixed IP with Microsoft Entra Internet Access. So, I'm wondering what options are out there for this? Is there a reliable proxy service we could try? I'm also considering a full VPN solution, but I worry that it might not play well with GSA. Any ideas would be appreciated! PS: I meant a static "public" IP address!
6 Answers
It seems like the service you're trying to access requires a specific public IP, which they whitelisting for security. A good way around this is to use a VPN, set up a firewall policy for that service, and implement a NAT rule to allow traffic through while showing the expected public IP address.
I've heard some people go this route because they lack 2FA on their end. Other clients seem fine without 2FA or whitelisting, but we’re looking into options for routing traffic for those working from home.
If they're requiring a whitelisted IP due to security preferences, I totally get it. Just make sure whatever solution you choose also maintains a good level of security.
What you're experiencing is likely due to security requirements. I have virtual machines ready for users to log into, which helps meet those external security needs by ensuring they use a specific static IP and MAC address. This way, the connections remain secure, and I can keep the VLAN segmented for extra protection.
Can you clarify what you mean by connecting "from" a static IP? Like, is this about internal network stuff or public IP? Just trying to make sure I understand.
I think services like NordLayer or Perimeter 81 might be what you need. Just be sure to check if they work smoothly with Microsoft Global Secure Access (GSA). It's 2025, still no 2FA, and the only way to secure things is by IP. Pretty wild, right?
Totally! It’s frustrating that 2FA isn’t standard yet. We're kinda stuck—either we drop the project or find a workaround that’s manageable for our remote team of 50, especially during off hours.
Hey! Just to clarify, I mean using a static "public" IP address for the connection. It's a weird requirement, but sadly, they don’t have 2FA.