Re: How does Domain Management Server (CMA) get to...

DPB_Point · ‎2019-02-22

Hello team,

I want to route the traffic from a Domain Management Server through a proxy. So I need the source IP (from this traffic is originated). How can I check if a CMA Domain management server can reach the internet?

I know I can't ssh directly to a CMA. Only check filesystem via #mdsenv "X" and #cd $FWDIR

How does a Domain Management Server gets to the internet? And a Domain Log Server? Do they reach the internet via MDS IP or via each Domain Server IP.

I saw I can configure a proxy to reach internet in each Domain Management Server... so I'm a bit confused about this flow.

Thank you in advance.

Daniel

Danny · ‎2019-02-22

A DMS uses a secondary IP address on the MDS primary interface to connect to the internet. So it uses the normal default gateway routing configured on GAiA of the MDS.

Maarten_Sjouw · ‎2019-02-23

There are some processe that will use the MDS base IP and there are processes that use the DMS (CMA) IP, I have seen on R80.20, that for IA, the function to add a user or group the DMS IP is used but when you go to the AD Domain page and request to get the branches it uses the MDS IP.

For getting updates on IPS the DMS IP is used, same for other DMS specific updates. However when you use IPS on a global level it will be updated based on the MDS IP.

Regards, Maarten

DPB_Point · ‎2019-02-24

Danny Jung Maarten Sjouw‌ Thank you 4 your replies.

DPB_Point · ‎2019-02-25

Is there any way to execute a ping or tracert from a DMS?

Thanks

Maarten_Sjouw · ‎2019-02-25

Yes you can:

ping -I <CMA source IP> 8.8.8.8

Regards, Maarten

DPB_Point · ‎2019-02-25

Perfect! That works.

I executed that ping and a tcpdump in parallel and it seems that the DMS gets to the internet via MDS IP.

Thank you so much!

Are you a member of CheckMates?

How does Domain Management Server (CMA) get to the internet?