On 17.11.23 11:18, Nick Lockheart wrote:
If ranges are assigned to organizations, and you knew that you only wanted phone access, couldn't you enter the IP ranges assigned to T-Mobile, AT&T, etc as a firewall rule to allow, else deny?
More precisely, you'd need only the IP pools used by their GGSNs/PGWs, but that info is *still* not exactly public and you'd *still* be unlikely to get any support, whether the situation is a change in the pools, an actual malfunction, or a user who - for whatever reason - uses a setup off your clean concepts.
https://en.wikipedia.org/wiki/GPRS_core_network#Gateway_GPRS_support_node_(G...) https://en.wikipedia.org/wiki/System_Architecture_Evolution#PGW_(Packet_Data...)
(... I still remember the times when mobile network operators here used one set of gateways for the then-prevalent traffic to TCP port 80, and another for the rest of Internet traffic. Guess what happened when we naively assumed that our users would appear under the *same* IP with both ...)
Buuuut ... assuming that you're talking about *company* cell phones, or, more precisely, company-IT-administrated smartphones, why not just have a VPN client installed on them? ;-)
Kind regards,
Jochen Bern Systemingenieur
Binect GmbH