Thanks. I think it's important to document this feature, since no alarms came up on the PAN when the syslogs didn't arrive correctly to the MnT node. Only when removing this checkbox could I see new syslogs on the MnT.
Just to make sure that the feature is clear for posterity's sake:
If CN of secure syslog certificate is different from FQDN of TLS server (for example MnT syslogs arriving from PSN), it drops the TLS session. Is this correct?