Mapping System Subnets to Connectors

By default, systems use any available connector without evaluating the network topology. If the communication with a current connector is interrupted, systems automatically select another available connector to continue operation. As a user in the System Administrator role, however, you can assign the specific connectors that should serve a specific logical group of systems by mapping a subnet pattern to a selected set of connectors. Systems matching the subnet pattern will use the specific connectors you select for them.

By mapping system subnets to specific connectors, you can also control overall load balancing and failover. You can override the global rules for system subnet mapping for individual systems. System-specific settings take precedence over global connector subnet mapping. In addition, more restrictive subnet mapping takes precedence over less restrictive mapping.

:PAS does not use subnet mapping to restrict which connector can be used as a jumpbox. Subnet mapping only tells PAS which preferred connector(s) to use when you are trying to access a remote system or perform account password management operations on a system.

If you don't map system subnets, understand that the client prioritizes connectors in the following order:

  1. Connectors in the same subnet and same site as the client computer
  2. Connectors in the same site as the client computer
  3. Connectors that are in a different site from where the client computer is
  4. Any remaining connectors

See Configuring template mappings for information about how to configure system resource mappings for your connector.

To Map System Subnets to Connectors

  1. In the Admin Portal, click Settings >Resources to display the settings available for Privileged Access Service.

  2. Click System Subnet Mapping.

  3. Click Add.

  4. Type the subnet for a group of systems using Classless InterDomain Routing (CIDR) notation, for example, 192.168.1.0/24.

    Keep in mind that a more restrictive subnet pattern takes precedence over a less restrictive pattern if the rules you define result in overlapping system subnet matches.

  5. Click Choose and select the specific connectors you want to use for systems in the specified subnet.

    Alternatively, you can select Any available if you want to allow any connector available on your network for systems in the specified subnet.

  6. Click Done to save the subnet to connector mapping.