Ticket raised for the cluster issue, thx!

Hi Antonio,

Thx for your response, this takes care of 50% of the answer the Agent search path. Looking back on the original "security complaint" I notice it is about the activeGates. They are trying to connect the "unreachable" interfaces on the cluster.

For this I need to go for option 1, the ticket (-;

KR Henik 

@henk_stobbe,

The AGs will follow that CMC configuration too, so it should resolve for both OneAgents and ActiveGates.

Hi Antonio,

Just had to check (-; installed a oneAgent and found the error in the list the oneAgent gets from the cluster:

ClusterAG ip:9999

                  ip:443

ClusterNode1 ip:8443

ClusterNode2 ip:8443

ClusterNode3 ip:8443

ClusterNode4 ip:8443

ClusterNode5 ip:8443

ClusterNode5 ip2:8443

ClusterNode5 ip3:8443

ClusterNode5 hostname:8443

ClusterNode5 hostname_backup_interface:8443

So there is a error on the cluster I assume Node5 -> I will create a ticket for this

General (I do not think this this is available) for security reasons e.g. preventing calls to unavailable destinations, it would be nice to have an option to turn off traffic to cluster-nodes or to the cluster activeGate completely.

Normal behavior for an activeGate is to connect to :

• Index 1—Embedded ActiveGates
• Index 2—Cluster ActiveGates

In this use case, the AG can only connect to the Cluster ActiveGate )-;

KR Henk

@henk_stobbe,

Looks like there are some dependencies that I was not aware of. Have you tried Network Zones to segment traffic?

No not yet, I will propose it. (-; Just figured out that agents that are technically limited to connect to one Environment ActiveGate, still get the long node list, and will thy them all! So implementing network zones looks to me as a great idea!

KR Henk