A trusted internal IP address represents the IP address of a computer inside the corporate network that external clients can access from the outside. You can make certain internal IP addresses into trusted internal IP addresses.
When you specify trusted internal IP addresses, clients can get to that IP address from outside the corporate network whether or not:
The client software has been installed on the client computer
The client complies with a security policy
Trusted internal IP addresses are the internal IP addresses that you want users outside the company to be able to access.
Examples of the internal addresses that you may want to specify as trusted IP addresses are as follows:
An update server
A file server that contains antivirus signature files
A server that is used for remediation
A DNS server or a WINS server that is required to resolve domain or host names
When a client tries to access the internal network and does not get authenticated by the Gateway Enforcer appliance, the client can be placed in quarantine when:
The client is not running the client software on the client computer
The Host Integrity check failed
The client does not have an up-to-date policy
The client is still allowed to access certain IP addresses; these are the trusted internal IP addresses.
For example, the concept of trusted internal IP addresses may have an external client that needs to access the corporate network to get the client or other needed software. The Gateway Enforcer appliance allows the external client to get to a computer that is on the list of trusted internal IP addresses.