Endpoint Concepts Guide

Illumio supports Network Location Awareness for endpoints. To enable your Endpoint VENs to detect interfaces connected to your corporate network, you must specify in the PCE (Servers > Workloads > Corporate Public IPs) the public IP addresses that your corporate network uses for endpoints. Once you've specified these IP addresses in the PCE, Endpoint VENs send network profile detection requests to the PCE. These requests (as seen by the PCE) appear to originate from your organization's public IP addresses.

When those IP addresses fall within the range of the corporate public IP addresses entered in the PCE, the PCE recognizes that endpoint interface as a corporate interface. If an endpoint interface’s IP address is outside the specified range, the PCE recognizes that interface as an external interface.

Endpoint VENs enforce the corporate firewall policies that are calculated by the PCE but only for the interfaces connected to the corporate network. The existing firewalls on endpoints, such as the Windows Firewall, manage non-corporate or “external” interfaces on endpoints.

In the workload details pages in the PCE (Servers > Workloads > Workloads), the word Public is prepended to the IP address (as seen by the PCE) of non-domain-joined Windows workloads and macOS endpoint interfaces reachable by the PCE. When you enter these Public IP addresses in the PCE (Settings > Corporate Public IP), the PCE classifies them as Corporate and programs their corresponding endpoint interfaces with the appropriate Illumio security policies.

For the procedure, see "Add a public IP address to the Corporate Public IPs list" in the Endpoint User Guide.