Set a specific IP Address allowed for a user to login using IP rules

• According to the helpGuide, to give an individual employee access to use specific machines, Inherit IP Rules should be cleared and IP address will be specified for the employee using the format of a dotted IP address.
• The company level setting for allowed IP address only accepts the public IP of a company and not an IP address of an individual PC
• The user is expecting that an individual's IP may be entered under the IP address field from the Access tab of an employee record.

1. To set company level IP address, go to IP lookup websites such as http://ip-lookup.net/ to check company's public IP. The said public IP should be set under Setup > Company > Company Information: Allowed IP Addresses
2. An individual employee may have an IP set for his login to be allowed and this may be entered under the employee record > Access: IP Address Restriction. IP address should belong to the public IP set under company information.
3. Note that the IP address set under the employee record should also be any of the public IP set under company level and not the private IP address found when a user types "ipconfig" from command prompt.
4. Even if the private IP is a subnet of the public IP, the public IP should still be the one set under the employee record or else, the user will encounter the error when logging in:
   Notice  
   Invalid login. IP Address does not match any of the IP Address rules specified for this entity.
5. Most companies would not have individual computers outside the corporate firewall/gateway so their internal IPs will not match the external IP.
6. If a company wants to restrict users based on individual PCs they will need to find out an internal solution that lives behind their firewall and combine that with the NetSuite IP rules feature. For example they can setup an internal proxy and possibly configure that proxy with SSO and IP rules. So the hierarchy will be User/PC > Proxy > SSO/IP rules > NetSuite. The users will not be able to go directly to NetSuite because NetSuite will only accept connections from the IP address of the Proxy.