Restricting View Permissions by Workstation IP / Security Zones

TechEnlive · May 19, 2026, 3:33pm

Hi everyone, I need some help with an Ignition Perspective architecture question.

We have users with multiple roles logging into different physical workstations. We want to restrict view permissions based on the workstation's IP address so they only see localized controls.

We tried using Gateway Security Zones mapped to our IP ranges, but the sessions aren't picking up the zones correctly (the SecurityZones session property remains empty). If anyone has configured this successfully or knows the exact expression workaround to enforce strict Role + Zone security, please let me know!

pturmel · May 19, 2026, 3:38pm

Are your clients reaching your gateway through a NAT? If so, the gateway can only see the IP of the NAT router, not the real client IP, for security zone determinations.

TechEnlive · May 19, 2026, 4:32pm

Hi,
No, we are using a direct connection. Both client and gateway are connected to the same switch.

pturmel · May 19, 2026, 4:39pm

Consider putting one or more labels on a shared docked view to display all of the security-relevant session properties. For you to inspect in actual client sessions (designer substitutes auth--not the same).