Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

How does Domain Management Server (CMA) get to the internet?

Hello team,

I want to route the traffic from a Domain Management Server through a proxy. So I need the source IP (from this traffic is originated). How can I check if a CMA Domain management server can reach the internet? 

I know I can't ssh directly to a CMA. Only check filesystem via #mdsenv "X" and #cd $FWDIR

How does a Domain Management Server gets to the internet? And a Domain Log Server? Do they reach the internet via MDS IP or via each Domain Server IP.

I saw I can configure a proxy to reach internet in each Domain Management Server... so I'm a bit confused about this flow.

Thank you in advance.

Daniel

0 Kudos
6 Replies
Highlighted
Champion
Champion

A DMS uses a secondary IP address on the MDS primary interface to connect to the internet. So it uses the normal default gateway routing configured on GAiA of the MDS.

Highlighted
Champion
Champion

There are some processe that will use the MDS base IP and there are processes that use the DMS (CMA) IP, I have seen on R80.20, that for IA, the function to add a user or group the DMS IP is used but when you go to the AD Domain page and request to get the branches it uses the MDS IP. 

For getting updates on IPS the DMS IP is used, same for other DMS specific updates. However when you use IPS on a global level it will be updated based on the MDS IP.

Regards, Maarten
Highlighted
Contributor

Danny Jung Maarten Sjouw‌ Thank you 4 your replies.

0 Kudos
Highlighted
Contributor

Is there any way to execute a ping or tracert from a DMS?

Thanks

0 Kudos
Highlighted
Champion
Champion

Yes you can:

ping -I <CMA source IP> 8.8.8.8

Regards, Maarten
Highlighted
Contributor

Perfect! That works.

I executed that ping and a tcpdump in parallel and it seems that the DMS gets to the internet via MDS IP.

Thank you so much!

0 Kudos