Submit a request

Nerdio Help Center

Installing 3rd Party Firewall

IMPORTANT: Nerdio by default implements environments with Azure Network Security groups for securing the public and private IP space in an Azure environment.  In some instances a partner may have needs outside the scope of NSGs.  Nerdio and its orchestration in Azure does allow flexibility for partners looking to implement a 3rd party virtual firewall appliance in an independent resource group.  The following is important IP space information a partner will need in order to successfully install a 3rd party virtual firewall.  Nerdio does not support the operation, configuration and troubleshooting of 3rd party firewalls outside of the private IP space and virtual network.

Nerdio Tip
  • Partners have the most success working with the firewall manufacturer when it comes to implementation strategy and deployment of the virtual appliance.

 


Configuration Details


DNS

The following network is required for lookups to be transacted via SafeDNS to leverage the web content filters and allow/deny lists.  

DNS - Any protocol / port 53 - 195.46.39.0/24

 

LAN

The following internal network definition will be required to complete the routing table setup to configure transit to egress via the 3rd party firewall.

Azure Virtual Network IP Space - 10.125.0.0/17

 

VM IP Blocks

Segments used in the Vnet to differentiate VM roles in the environment

Core host block (i.e. DC01, FS01) - 10.125.1.0/24

Host pool server(s) block - 10.125.0.0/24

DMZ host block - 10.125.254.0/24

 

Nerdio Admin Portal & Subnet Connectivity

The Nerdio Admin Portal relies on direct connectivity to the Azure virtual machines for provisioning and ongoing management (through utilities such as PSEXec, PowerShell Remoting, SMB, and others). During provisioning, NAP automatically adds rules to the LAN and DMZ NSGs to permit this communication. When changing Virtual Network routing or NSG policies, be sure to verify connectivity to the below subnets remains unmodified: 

52.162.85.208/28

69.8.122.0/24

 

Nerdio Tip
  • Attempting to route Nerdio subnet traffic through the 3rd party firewall is not recommended and may lead to an impairment of any and all functions attempted by the NAP.

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Important Notification for NFA Partners Only
  • Microsoft is sunsetting Azure Classic (not Azure Virtual Desktop (AVD)) - Microsoft Article
  • NFA sunset occurs February 20th, 2023
  • Only new account creation will be unavailable on November 30th 2022
  • NFA will be fully supported until the official sunset - nfa.support@getnerdio.com

Comments

Article is closed for comments.