We have multiple interfaces on our nodes hosting the Dynatrace managed cluster. Only one interface per host can be used by agents and activeGates to connect to the cluster..
So all agents and activeGates use a list of addresses that can not be used, ever!
This situation exist for a long time, does anybody have a suggestion how to remove those unused interface from Dynatrace config?
Solved! Go to Solution.
Thx for your response, this takes care of 50% of the answer the Agent search path. Looking back on the original "security complaint" I notice it is about the activeGates. They are trying to connect the "unreachable" interfaces on the cluster.
For this I need to go for option 1, the ticket (-;
Just had to check (-; installed a oneAgent and found the error in the list the oneAgent gets from the cluster:
So there is a error on the cluster I assume Node5 -> I will create a ticket for this
General (I do not think this this is available) for security reasons e.g. preventing calls to unavailable destinations, it would be nice to have an option to turn off traffic to cluster-nodes or to the cluster activeGate completely.
Normal behavior for an activeGate is to connect to :
In this use case, the AG can only connect to the Cluster ActiveGate )-;