Hello CheckPoint,

Hello @Arik_Ovtracht ,

we use several Gateways 26000 and Maestro and 64k. All of these Gateways have the "MDPS Feature" enabled. We want to send OpenTelemetry Data through the dedicated mplane interface. To solve this we added an "add mdps task address 10.197.38.11" which is our prometheus server. In general this is working for this specific Gateways where I have this configured.

However I have some loadbalancer devices behind the gateways and I want to monitor these with Prometheus, too.

Prometheus in this situation uses "PULL" to connect to the Loadbalancer API on port 443.

The SYN passing correctly through the dplane of the CheckPoint Gateways but the response (SYN-ACK) from the loadbalancer arrives on a dplane interface of the CheckPoint gateway BUT because of "set mdps task address 10.197.38.11" the CheckPoint Gateway decides to route the SYN-ACK packet through its mplane interface instead of the dplane which results in asynchronous routing.

Instead of running into these routing issues because CheckPoint Gateway rediects (in my opinion wrong) traffic through mdps_tun to th" add mdps task address 10.197.38.11" entry I added the service to the mplane:

I added these tasks but I am not sure if this is allowed or which task is really needed:
add mdps task process OTLPAGENT
add mdps task process otelcol
add mdps task process otlpcol

Can you please clarify if it is possible to add the tasks to the mplane or if I lose any metrics or the exporter is not working as it should?

In addition I added two screenshots to demonstrate the behaviour and why it is mandatory to configure the outgoing traffic by something different than port and ip-address to not affect devices which are "behind" the MDPS enabled gateway.