https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161678#M70528 <P>No this is not the case. In my example it shows up for two: TARGET CMAs.</P> Wed, 09 Nov 2022 13:38:34 GMT pabu 2022-11-09T13:38:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161668#M70526 <P>Hi all!</P><P>One of my customers run into a strange scenario using MDS (multi-domain server) with a VSX cluster. All running on R81.10 with jumbo GA take 78.</P><P><SPAN>If we create a new VLAN interface in one of </SPAN>our virtual systems <SPAN>(without doing a policy install</SPAN>, changed on VS gateway object only<SPAN>), we see in the audit log this interface is created </SPAN>also <SPAN>within other CMAs. </SPAN></P><P><SPAN>In </SPAN>my<SPAN> view this should never be </SPAN>the case<SPAN>. It seems to be randomly determined in which CMA it is</SPAN> also<SPAN> created according audit log. It's not really created. We can reproduce this in our lab environment</SPAN>, added a screenshot<SPAN>.</SPAN> This screenshot is made in my lab environment where I added a fictional interface bond1.99. The global MDS audit log shows this interface is added in one more CMA’s! This is random behavior. We saw scenarios added to three other CMA’s!</P><P><SPAN>Are we dealing with a bug…? Or is this by design…?</SPAN> What is the experience of the community?</P><P>Thanks a lot!</P><P>Regards, Paul</P><P><SPAN>&nbsp;</SPAN></P> Wed, 09 Nov 2022 12:20:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161668#M70526 pabu 2022-11-09T12:20:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161672#M70527 <P>The only case when it makes sense is if the logs appear on both MAIN and TARGET CMAs. MAIN is one managing the physical VSX object. TARGET is one with the actual VS.&nbsp;</P> <P>Please check if this is not the case and let us know.</P> Wed, 09 Nov 2022 12:31:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161672#M70527 _Val_ 2022-11-09T12:31:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161678#M70528 <P>No this is not the case. In my example it shows up for two: TARGET CMAs.</P> Wed, 09 Nov 2022 13:38:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161678#M70528 pabu 2022-11-09T13:38:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161681#M70529 <P>Are those CMAs both have VSs defined on the same cluster? If yes, is there any automatic topology propagation set between those VSs?<BR /><BR />If the answer is no, then please open a TAC case.&nbsp;</P> Wed, 09 Nov 2022 13:59:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161681#M70529 _Val_ 2022-11-09T13:59:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161736#M70530 <P>Thanks for your reply!</P><P>Yes the VS are part of the same cluster (we have just one cluster in this labenvironment):</P><P>- Topology Calculation (Calculate topology automatically based on routing informatoin) is enabled on the MAIN CMA, disabled on the TARGET CMA's</P><P>- On the interface: "Propagate route to adjacent VD" is disabled</P><P><BR />Regards, Paul</P> Thu, 10 Nov 2022 08:22:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-leaks-information-to-other-CMA-s/m-p/161736#M70530 pabu 2022-11-10T08:22:00Z