Editing network configurations for templates and environments

Customize the virtual network configuration of templates and environments in Heropa to suit your lab or training scenario. This includes defining IP ranges, managing subnets, assigning static public IP addresses, and creating custom firewall rules.

In this article

Template network settings

• Editing network settings when creating a template
• Editing network settings for an existing template

VM network settings

• Editing network interfaces for VMs in a template or environment
• Adding or modifying network rules for a VM
• Editing network rules in a launched or running environment

Prerequisites

• You must have edit permissions for the Template for environment that you are modifying.
• Ensure you are familiar with basic networking concepts such as CIDR notation, subnets, and port ranges.

Template network settings

Editing network settings when creating a template

1. Navigate to the Templates page in the Heropa portal.
2. Click the Add button to create a new template.
3. Enter a title and select the desired region for deployment.
4. Click Show advanced to expand network configuration options.
5. Configure the Network CIDR block. Common options include:
   10.0.0.0/16
   172.31.0.0/22
   192.168.0.0/16
6. Add one or more subnets
7. You can add a Label to each subnet for clarity.
8. Click Create to save the template.

Note: The netmask of the first subnet determines the subnet mask for subsequent ones.
For example, with a /16 network and a /26 subnet mask, each new subnet will auto-calculate a non-overlapping CIDR block.

Editing network settings for an existing template

On the Templates page

1. Click on the Template that you want to modify.
2. Click Actions.
3. Select Edit network.
4. The Edit network modal will display.
5. In the Edit network modal for a Template, you can:
   1. Add or remove subnets.
   2. Edit subnet labels.

Note: VMs added to a template will automatically be assigned an IP from the first subnet.

VM network settings

Editing network interfaces for VMs in a template or environment

1. Open the Template or Environment that you want to modify.
2. Locate the VM you want to modify.
3. Click the row action and select Edit network.
4. The Edit network modal will display.
5. In the Edit network modal for a VM you can:
   1. Add additional network interfaces to span multiple subnets.
   2. Move the VM to a different subnet.
   3. Select a Primary IP address for the VM within the subnet.
      Note: Be sure that the IP you assign doesn’t conflict with others VMs in the same subnet.
   4. Enable Permanent public IP to retain the public IP even if the VM is stopped and restarted.

Adding or modifying network rules for a VM

1. Open the Edit network modal for a VM (either in the template or in an environment).
2. To add a rule:
   1. Click Add.
   2. Set the Direction (Inbound or Outbound).
   3. Enter the Source (Inbound) or Destination (Outbound) CIDR range.
      Use 0.0.0.0/0 to allow all.
      Use /32 for a single IP.
      Optionally: Click My IP to auto-fill your current IP.
   4. Choose the Protocol: TCP, UDP, or All.
   5. Set the Port range
      e.g. For RDP, use Start port: 3389 and End port:3389.
3. To remove a rule, click the Delete icon next to it.
4. Click Save to apply changes.

Tip: For security, avoid opening RDP to all IPs. Define rules per environment when needed.

Editing network rules in a launched or running environment

1. Navigate to the Environments page and select the environment to modify.
2. Locate the VM you want to modify.
3. Click the Row action and select Edit network.
4. Modify the network rules as needed:
   You can only delete existing rules and then add new ones (rules cannot be edited directly).
5. Click Save to save changes.
6. After changes have been made to an environment, an Update required button will appear in the top-right of the page.
7. Click Update required to apply the changes.
8. A progress bar will appear while the environment is updated.

Note: Network changes take a few minutes to apply.

Notes and tips

• Subnet CIDR ranges are automatically calculated based on the first subnet mask.
• Static public IPs are useful when environments must maintain the same address across restarts (e.g. for allowlisting).
• Network rules in templates define default VM behavior; environment-specific rules override these when needed.
• Best practice: Only expose required ports and use restrictive CIDR ranges to improve security.

Related articles

• Creating and configuring a template
• Classroom session mirroring with Direct RDP