sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-15 23:16:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

moves section to own page

Browse Source
This commit is contained in:
Marco Garcês
2024-12-16 18:20:22 +00:00
parent 324198e6cd
commit dff66b9db2
3 changed files with 66 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/components/NavigationDocs.jsx
View File

@@ -87,11 +87,18 @@ export const docsNavigation = [
isOpen: false,
links: [
{ title: 'Groups & Policies', href: '/how-to/manage-network-access' },
{ title: 'Posture Checks', href: '/how-to/manage-posture-checks' },
{
title: 'Posture Checks',
href: '/how-to/manage-posture-checks',
isOpen: false,
links: [
{ title: 'Connecting from the office', href: '/how-to/disabling-network-route-when-connecting-from-the-office' },
]
},
{
title: 'Integrate EDR',
href: '/how-to/endpoint-detection-and-response',
isOpen: false,
isOpen: false,
links: [
{ title: 'CrowdStrike Falcon', href: '/how-to/crowdstrike-edr' },
]

56
src/pages/how-to/disabling-network-route-when-connecting-from-the-office.mdx Normal file
View File

@@ -0,0 +1,56 @@
# Disabling network route when connecting from the office
A common scenario our users have is to allow theirs peers to externally access their local office network subnet. Having the hability to easily connect to locally exposed services from anywhere in the world, using NetBird is a trivial task, but you don't want to route your traffic via NetBird when you are in the office. To solve this, you can create a policy that will allow connection to the routing peers group, only if they are outside the office, using **Block Peer Network Range** Posture Check.
A common scenario our users have is to allow their peers to externally access their local office network subnet. Having the ability to easily connect to locally exposed services from anywhere in the world, using NetBird, is a trivial task. Still, you don't want to route your traffic via NetBird when you are in the office. To solve this, you can create a policy that will allow connection to the routing peers group, only if they are outside the office, using **Block Peer Network Range** Posture Check.
<p>
<img src="/docs-static/img/how-to-guides/posture-check-new-block-network-range.png" alt="high-level-dia" className="imagewrapper"/>
</p>
<p>
<img src="/docs-static/img/how-to-guides/posture-check-block-network-range.png" alt="high-level-dia" className="imagewrapper"/>
</p>
After you save and give this **Posture Check** a name, you can assign it to a policy. (let's assume the name you gave was "Exclude Office subnet")
In this example, our office network is on the subnet `192.168.1.0/24`. You will need a policy that allows access to the routing peers; this can be any protocol and port, you just need to be able to connect to your routing peer in some way. Let's assume all users will be part of the group `route-users` and the routing peer for our office will be inside the group `route-nodes`.
With this in mind, create a policy that allows access to the routing peer group and assign the posture check `Exclude Office subnet` to it.
<p>
<img src="/docs-static/img/how-to-guides/policy-office-subnet-with-posturecheck.png" alt="high-level-dia" className="imagewrapper"/>
</p>
Now, let's create a **Network Route** that will expose the local office subnet `192.168.1.0/24`, which gets distributed to all peers inside the group `route-users`.
<p>
<img src="/docs-static/img/how-to-guides/route-office-subnet-posturecheck.png" alt="high-level-dia" className="imagewrapper"/>
</p>
In this example, our routing peer is called `router-01` and sits inside the `route-nodes` group this way, the policy we just created goes into effect, and all peers inside `route-users` will be able to reach `router-01` only if they are not in the office network, due to our posture check.
From inside our office:
<p>
<img src="/docs-static/img/how-to-guides/wifi-inside-office-subnet.png" alt="high-level-dia" className="imagewrapper"/>
</p>
And on the command line, you can observe:
<p>
<img src="/docs-static/img/how-to-guides/netbird-routes-list-local.png" alt="high-level-dia" className="imagewrapper"/>
</p>
<p>
<img src="/docs-static/img/how-to-guides/netstat-routes-grep-local.png" alt="high-level-dia" className="imagewrapper"/>
</p>
When we are connected somewhere outside the office, we can observe:
<p>
<img src="/docs-static/img/how-to-guides/netbird-routes-list-external.png" alt="high-level-dia" className="imagewrapper"/>
</p>
<p>
<img src="/docs-static/img/how-to-guides/netstat-routes-grep-external.png" alt="high-level-dia" className="imagewrapper"/>
</p>
Notice that the subnet `192.168.1.0/24` is routed through our Wireguard interface (`utun100`).
This concludes this Posture Check example.

57
src/pages/how-to/manage-posture-checks.mdx
View File

@@ -142,59 +142,4 @@ Click `Browse Checks` and select the posture check we created earlier, `NetBird
The `NetBird Version` check will be assigned to the policy. Click `Save Changes` to save the policy updates.
<p>
<img src="/docs-static/img/how-to-guides/policy-posture-checks-assigned.png" alt="high-level-dia" className="imagewrapper"/>
</p>
### Example use case for local office network
A common scenario our users have is to allow theirs peers to externally access their local office network subnet. Having the hability to easily connect to locally exposed services from anywhere in the world, using NetBird is a trivial task, but you don't want to route your traffic via NetBird when you are in the office. To solve this, you can create a policy that will allow connection to the routing peers group, only if they are outside the office, using **Block Peer Network Range** Posture Check.
A common scenario our users have is to allow their peers to externally access their local office network subnet. Having the ability to easily connect to locally exposed services from anywhere in the world, using NetBird, is a trivial task. Still, you don't want to route your traffic via NetBird when you are in the office. To solve this, you can create a policy that will allow connection to the routing peers group, only if they are outside the office, using **Block Peer Network Range** Posture Check.
<p>
<img src="/docs-static/img/how-to-guides/posture-check-new-block-network-range.png" alt="high-level-dia" className="imagewrapper"/>
</p>
<p>
<img src="/docs-static/img/how-to-guides/posture-check-block-network-range.png" alt="high-level-dia" className="imagewrapper"/>
</p>
After you save and give this **Posture Check** a name, you can assign it to a policy. (let's assume the name you gave was "Exclude Office subnet")
In this example, our office network is on the subnet `192.168.1.0/24`. You will need a policy that allows access to the routing peers; this can be any protocol and port, you just need to be able to connect to your routing peer in some way. Let's assume all users will be part of the group `route-users` and the routing peer for our office will be inside the group `route-nodes`.
With this in mind, create a policy that allows access to the routing peer group and assign the posture check `Exclude Office subnet` to it.
<p>
<img src="/docs-static/img/how-to-guides/policy-office-subnet-with-posturecheck.png" alt="high-level-dia" className="imagewrapper"/>
</p>
Now, let's create a **Network Route** that will expose the local office subnet `192.168.1.0/24`, which gets distributed to all peers inside the group `route-users`.
<p>
<img src="/docs-static/img/how-to-guides/route-office-subnet-posturecheck.png" alt="high-level-dia" className="imagewrapper"/>
</p>
In this example, our routing peer is called `router-01` and sits inside the `route-nodes` group this way, the policy we just created goes into effect, and all peers inside `route-users` will be able to reach `router-01` only if they are not in the office network, due to our posture check.
From inside our office:
<p>
<img src="/docs-static/img/how-to-guides/wifi-inside-office-subnet.png" alt="high-level-dia" className="imagewrapper"/>
</p>
And on the command line, you can observe:
<p>
<img src="/docs-static/img/how-to-guides/netbird-routes-list-local.png" alt="high-level-dia" className="imagewrapper"/>
</p>
<p>
<img src="/docs-static/img/how-to-guides/netstat-routes-grep-local.png" alt="high-level-dia" className="imagewrapper"/>
</p>
When we are connected somewhere outside the office, we can observe:
<p>
<img src="/docs-static/img/how-to-guides/netbird-routes-list-external.png" alt="high-level-dia" className="imagewrapper"/>
</p>
<p>
<img src="/docs-static/img/how-to-guides/netstat-routes-grep-external.png" alt="high-level-dia" className="imagewrapper"/>
</p>
Notice that the subnet `192.168.1.0/24` is routed through our Wireguard interface (`utun100`).
This concludes this Posture Check example.
</p>