Hi there,
I’m trying to fix in my lab best configuration for MDS R81.10 HA that have strict security policy for interface access.
Architecture is like this:
- bond1 (configured as leading interface) that can be reached only by appliance that have to be managed by various CMA. IP are like 192.168.1.2/24 CMA1 , 192.168.1.3/24 CMA2 , 192.168.1.4/24 CMA3
- eth0 (configured as leading interface too) that can be reached only for SmartConsole/ssh access. IP is 10.0.0.1/24
Customer security policy don’t want that 192.168.1.0/24 can be reached for administration traffic, SmartConsole.
Routing is configured with default gateway pointing to 192.168.1.1 on bond1 interface and with a static route to management subnet through the eth0.
If I connect to 10.0.0.1 with SmartConsole I can access MDS environment but if I try to connect to active server of CMA my pc start a new session pointing to CMD IP (ex. 192.168.1.2) and this can’t be valid for security policy.
My question is, there is a way to access CMA with SmartConsole through the eth0 and not through the bond1? Otherwise I have asymmetric routing issue.
Regards
M