08-30-2021 09:32 AM
Hi everyone, I should permit on my firewall the ip address of the DNA that goes to internet, this process is a little slow so I don´t want to make a mistake.
I have a 3 node cluster and only two intefaces per node, the enterprise and the cluster interface.
Only with the enterprise ip address should work? Or should I permit the cluster or virtual ip address?
Regards!!!
08-30-2021 11:16 AM
Hi Daniel,
You only need to allow it from the IP addresses of all 3 nodes Enterprise port, if that is the port you have configured a default gateway on.
The Cluster port is only used for the nodes to talk to each other.
09-15-2021 05:38 PM
The Cluster IP addressing does not need a default gateway, the 3 members are required to be on the Same VLAN to communicate only,
So in other words only your enterprise Subnets require a default Gateway to access the internet, I would not even create an L3 VLAN for your Cluster
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide