Skip to main content

BlastShield Documentation

Changing the network prefix on the Orchestrator

Tip

BlastShield assigns IP addresses to all the protected endpoints and authorized users in its secure network.By default, this network is 172.16.0.0/16 and if you want to use a different network prefix, you can change this on the Orchestrator as described in this article.  You can use network subnets from  /12 to /24. Any endpoints which are already connected, and are using DHCP, will be re-assigned new addresses by the Orchestrator.

Important

Prerequisites

  1. Your Orchestrator and Gateways must be using firmware release 0.9.8 or higher if you want to change the network prefix.

  2. If you are not using firmware release 0.9.8 or higher, then you must upgrade before changing the network settings.

  3. Verify all the endpoints and agents are online before you make the change.

Perform the following steps from BlastShield™ Orchestrator.

  1. Verify the current network settings.

    1. Click on Network in the menu bar on the left-hand side.

    2. The current network prefix is shown in the Protected Subnet box.  The default network prefix is 172.16.0.0/16.

      net-pref-step1.png

  2. Change the protected subnet.

    1. Enter your desired network prefix into the Protected Subnet box using CIDR notation. You can use from a /12 to a /24 network subnet.

      net-pref-step2.png

    2. Then click on Save Changes.

    3. If you are happy to proceed, then click on OK.

      net-pref-step2-2.png

  3. Verify the changes to the protected subnet.

    1. After you have clicked on OK, new IP addresses will be assigned to all connected endpoints and to the Orchestrator. Please check each updated IP on the Orchestrator after you change the network prefix and verify that it matches your expected IP addressing plan.

    2. You can check the new IP address assigned to your endpoint by clicking on the Endpoints in the menu bar on the left and your endpoints will be be displayed in the window on the right.  The IP address which has been assigned to the endpoint by its gateway is shown in the Protected IP Address column.

      net-pref-step3.png

Caution

As long as they have DHCP enabled on their host OS, the endpoints behind a gateway will receive an updated address in the new network from the Gateway and there is no need to restart them.  Agents get updated automatically from the Orchestrator. If the endpoint has a static IP address allocated manually, then you will need to update the new address shown in the Orchestrator for that endpoint, manually.  The DHCP clients on the endpoints should update in a few minutes.  If you want to force the change to happen faster then you can trigger the DHCP clients on your endpoints to update.