I recently made the change to enable management plane separation following sk138672. After the change, I noticed something I don't understand. Attached you will find a diagram that represents the network.
If I connect (ssh, https) from the PC (green) the traffic goes to the check point management interface directly and no issues. The traffic goes directly into the management interface and doesn't have to traverse the check point data plane.
If I, however, connect from the laptop (shown as black on top of the diagram) from a different network, I'm getting a connection refused from the firewall. My understanding is that the data plane and management plane are totally isolated so, the traffic should follow the following path.
Laptop > check point (eth1) > Router > check point management interface. However, it doesn't work at the moment. I already have a firewall policy to allow the connections. (Check point has a static route for 172.16.10.0/24 pointing to the Router)
If I check the data plane routing table, it has an entry for 172.16.10.10/32 shown as mdps_tun. Does that mean the traffic is not forwarded to the router?
C 172.16.10.10/32 is directly connected, mdps_tun
Thanks in advance.