Showing results for 
Search instead for 
Did you mean: 

CIDR Overlap for NPA

New Contributor II



Reading through  private-access-best-practices article on, it mentions not to overlap CIDR ranges for NPA. I wonder how we can satisfy this recommendation for the following, very common scenario.


Lets say we got three outlook web servers. all serve on port 443, so private app [Outlook] is created with the individual three IPs with TCP port 443 and assigned to all/general users in the organization. All good here.


Now for the Admins of the Org, they would need to RDP to these outlook webservers for support/admin purposes. I would think, we need a second private app with same three IPs with TCP port 3389 and assign to IT Admins. Two separate apps for zero trust model.



So the second private creates a overlap, any pointers on how to configure this scenario adhering to best practices?