Dynamic groups templates

[hungtt 1]

Hi all,

I created Dynamic group template to define pc NOT IN COMPANY but it seems not working as I desire.

Example : my network at company is : 192.168.79.0/24, when pc use other network 172.16.2.0/24 will be move to Dynamic group "PC NOT IN COMPANY"

But my client at company with ip 192.168.79.129 --> moved dynamic group PC NOT IN COMPANY.

Please help me check this.Thanks,

 

 

[Marcos 4,932]

If you change the operation to NAND and the condition to "in", does it work?

[hungtt 1]

HI Marcos,

I tried changed but it still not working.

I created other templates with : "Network IP addresses . IP subnetwork in 172.168.2.0" to move pcs in net 172.16.2.0 in Dynamic groups but it not working as I desire.I don't know why.

 

[MartinK 376]

Dynamic group condition is evaluated over list of all network addrees available on client. In your case, based on screesnhot, there are two values that are compared with dynamic group condition, namely 172.16.2.0 and fe80::/64. You can see that second one will be matching your condition regardless of IPv4 network that this computer is currently connected.

It is possible to improve this behaviour by adding second condition defining Network IP addresses . Address type  == IPv4, but it won't work properly in case computer that is not in company network has multiple IPv4 networks. I would recommend to redesign dynamic group template to:

Unfortunatelly I had no time to test it, but I would give it a try. You can also tweak conditions in case IPv6 is used also. Technically this template is negation os "computer is in company network".

 

[hungtt 1]

Thanks Marcos and Martink,