How is the Overlay IP addressing defined?
Users, endpoints and Host Agents are each allocated a unique protected IP address from the overlay subnet by the Orchestrator when they are created. The overlay IP address is used to connect to a node in the BlastShield™ encrypted overlay. The default network for the subnet is 172.16.0.0/16 and if you want to use a different network prefix, you can change this on the Orchestrator.
The Orchestrator will always have the first IP address in the overlay subnet, so in the case of the default configuration, this will be 172.16.0.1. Endpoints and Host Agents will be allocated the next available address after the Orchestrator address as they are created. Users will be allocated an IP address in the 172.16.128.1 subnet for the default settings.
You can set your own IP address instread of the system suggested address, but the address must be in the protected overlay and it must not duplicate an existing IP address.
See the following article for details on changing the default network prefix: Changing the network prefix on the Orchestrator.