Proposed NetBird Architecture

Network Diagram

Proposed NetBird Topology
Mermaid Source

graph TD
    subgraph AZURE["Azure Cloud"]
        NB_MGMT[NetBird Management Server<br/>netbird.gsisg.com<br/>Azure B1ms VM<br/>Entra ID SSO Integration]
    end

    subgraph HONOLULU["Honolulu Office (10.100.7.0/24)"]
        H_ISP[Spectrum<br/>98.147.1.83]
        H_RTR[HNL Router<br/>10.100.1.1]
        H_FW[PaloAlto 2020<br/>10.100.7.1<br/>Firewall only - no VPN]
        H_Core[Core Switch Stack]
        H_NB_PEER[NetBird Routing Peer<br/>Linux VM on DATA003/004<br/>Advertises 10.100.7.0/24]

        H_ISP --> H_RTR --> H_FW --> H_Core
        H_Core --> H_NB_PEER

        subgraph H_VMs["On-Prem Resources"]
            H_AD0[AD0<br/>10.100.7.10]
            H_AD1[AD1<br/>10.100.7.11]
            H_FILES[FILES<br/>10.100.7.15]
            H_CAD[CAD<br/>10.100.7.16]
            H_GIS[GIS<br/>10.100.7.17]
            H_GPS[GPS<br/>10.100.7.19]
            H_SAGE[SAGE<br/>10.100.7.40]
            H_P6RD[P6RD<br/>10.100.7.42]
        end

        H_Core --> H_AD0
        H_Core --> H_AD1
        H_Core --> H_FILES
        H_Core --> H_CAD
        H_Core --> H_GIS
        H_Core --> H_GPS
        H_Core --> H_SAGE
        H_Core --> H_P6RD
    end

    subgraph BOULDER["Boulder Office (10.15.0.0/24)"]
        B_ISP[Comcast<br/>50.198.217.249]
        B_FW[Netgate 6100 pfSense+<br/>10.15.0.254<br/>Also NetBird Routing Peer<br/>Advertises 10.15.0.0/24]
        B_Core[Core Switch Stack]

        B_ISP --> B_FW --> B_Core

        subgraph B_VMs["On-Prem Resources"]
            B_AD1[AD1<br/>10.15.0.10]
            B_AD2[AD2<br/>10.15.0.11]
            B_PORT01[PORT01<br/>10.15.0.16]
            B_ACCTRD[ACCTRD<br/>10.15.0.14]
            B_ACRD[ACRD<br/>10.15.0.15]
            B_ZABBIX[Zabbix<br/>10.15.0.34]
        end

        B_Core --> B_AD1
        B_Core --> B_AD2
        B_Core --> B_PORT01
        B_Core --> B_ACCTRD
        B_Core --> B_ACRD
        B_Core --> B_ZABBIX
    end

    subgraph REMOTE["Remote Users"]
        R_LAPTOP1[Company Laptops<br/>NetBird Always-On<br/>Deployed via TacticalRMM]
        R_LAPTOP2[BYOD Devices<br/>NetBird SSO Login]
        R_PHONE[Mobile Devices<br/>NetBird App]
    end

    NB_MGMT -.->|Coordination/Signaling| H_NB_PEER
    NB_MGMT -.->|Coordination/Signaling| B_FW
    NB_MGMT -.->|Coordination/Signaling| R_LAPTOP1
    NB_MGMT -.->|Coordination/Signaling| R_LAPTOP2
    NB_MGMT -.->|Coordination/Signaling| R_PHONE

    R_LAPTOP1 ==>|WireGuard P2P| H_NB_PEER
    R_LAPTOP1 ==>|WireGuard P2P| B_FW
    R_LAPTOP2 ==>|WireGuard P2P| H_NB_PEER
    R_LAPTOP2 ==>|WireGuard P2P| B_FW
    R_PHONE ==>|WireGuard P2P| H_NB_PEER
    R_PHONE ==>|WireGuard P2P| B_FW

    style NB_MGMT fill:#0078d4,color:#fff
    style H_NB_PEER fill:#2ea44f,color:#fff
    style B_FW fill:#2ea44f,color:#fff
    style H_FW fill:#d73a49,color:#fff
    style R_LAPTOP1 fill:#6f42c1,color:#fff
    style R_LAPTOP2 fill:#6f42c1,color:#fff
    style R_PHONE fill:#6f42c1,color:#fff