Cluster Sync Interface - Response to Web GUI

I have a question in regards to the cluster sync interface between 2 nodes (ClusterXL - Active/Active Bridge mode).

The GWs in question only have 2 IP network interfaces:

  • MGMT:  Used for actual management of the device
  • Sync:  A non routable 192.168.X.X /29 assigned; with a direct cross over cable between the clusters. 

The desired approach/idea here was to only have the MGMT network be reachable from outside of the cluster; with the cluster synch network being truly 'local' for the cluster.  

During a resent scan, we found that the 192.168. synch network was responding to web GUI attempts through the bridge interface.   It just so happens that the default route is going through this bridge and therefore scans from this IP is hitting this GW cluster in question. 

I've never really used the sync interface for any WebGUI/SSH access from any outside network in the past.   The only time I have used it is for SSH from one cluster member to the other during some triag/outages.  

Is it normal for the sync interfaces to respond to these attempts?   Is there anyway to keep this traffic 'local' or ill effect to such?  

I don't have direct access to this cluster (Only Smartconsole 'read-only') so if there are some info needed, let me know and I can request it. 


Thanks in advance 🙂

0 Kudos
1 Reply

Yes, it's normal, as multiportal (used for all web portals) and SSH listen on all interfaces by default.
You can change the listening IP/port for sshd by following a procedure similar to:
Not sure on Multiportal, short of disabling it and configuring a different port for the Gaia WebUI.

A better solution might be blackholing the specific sync subnet on your internal router (that way, no traffic can reach the gateway on those IPs).


