Would very much appreciate your help with understanding the inner concepts of topologies that are driving me crazy in the last 36 hours.

Refer to the base diagram in attachment, depicting a management server in the same AZ of a gateway, and one extra gateway in another AZ. All are R80.40, and other than the problem described working normally.

For my example I have the Standard Policy only opening SSH to be able to access the instances.

My problem is that depending on how I set the topology on the ENIs on the private subnets, DNS resolution stops working in a way that I can't understand. Let me give you the different combinations referring to diagram below:

* If both on A and B I have "Internal defined by address and mask", management server fails to communicate to communicate with B

* If I set both A and B to Specific "10.0.0.0/24" can manage both instances, B resolves DNS, but A instance not.

* If I set both A and B to Specific "10.0.0.128/25" can manage both instances, A resolves DNS, but A doesn't (times out).

* If I set A to "Internal defined by address and mask" and B to "10.0.0.0/24", I get everything working, but can't make any sense of what I am doing anymore.

I simulate all the scenarios above, just by changing interface definition, publishing and install policies. The behaviour switches right after the policy finishes installing.

For sure it has something to do with my less than perfect understanding of how topologies work, but if someone could explain it in the context of my example would be thankful. Ultimately would like a consistent topology definition of all the gateways, that made irrelevant in which AZ the gateways or the management servers were...

Thanks