Multi-Domain Server Specifications

The Multi-Domain Server operates with the vsec_lic_cli tool in two modes:

Mode	Description
MDS (System) Mode	This is the default mode. Uses a license for the IP address of the Multi-Domain Server. The license pool is on the Multi-Domain Server. The licenses are attached to all of the CloudGuard Gateways that each Domain Management Server manage. To use this mode, run: `vsec_lic_cli mode mds` In System mode, all the CLI commands of the tool (see Managing CloudGuard Central Licenses) must be run from the context of the Multi-Domain Server. Important: MDS System mode requires: Connectivity to the Internet from the Management Server and each of its Domain Servers. Make sure that the DNS and proxy are configured correctly. (The proxy is configured in SmartConsole on each domain explicitly, configuring in Gaia WebUI of the domain is not enough. The proxy configuration is located in the SmartConsole menu, below Global Properties) A license for which the IP address has not been changed more than the maximum allowed by the User Center. If your license has had its IP address changed that many times, contact your sales representative.
Domain Mode	Domain Mode license pools are managed on each Domain. Licenses are distributed to the CloudGuard Gateways that the Domain manages. The license is generated with the IP address of the Domain to which it belongs. To use this mode, run: `vsec_lic_cli mode domain` In Domain mode only, these vsec_lic_cli tool CLI commands (see Managing CloudGuard Central Licenses) are only run from the context of the Multi-Domain Server: `vsec_lic_cli on` `vsec_lic_cli off` `vsec_lic_cli mode mds / domain / status` Important: The remaining vsec_lic_cli tool CLI commands run only from the context of a specific Domain Management Server. Note - Enabling or disabling the Gateways core usage report affects all domain servers even if it was enabled/disabled in one single domain.

Mode

Description

MDS (System) Mode

This is the default mode.

Uses a license for the IP address of the Multi-Domain Server.

The license pool is on the Multi-Domain Server.

The licenses are attached to all of the CloudGuard Gateways that each Domain Management Server manage.

To use this mode, run:

vsec_lic_cli mode mds

In System mode, all the CLI commands of the tool (see Managing CloudGuard Central Licenses) must be run from the context of the Multi-Domain Server.

Important:

MDS System mode requires:

Connectivity to the Internet from the Management Server and each of its Domain Servers. Make sure that the DNS and proxy are configured correctly. (The proxy is configured in SmartConsole on each domain explicitly, configuring in Gaia WebUI of the domain is not enough. The proxy configuration is located in the SmartConsole menu, below Global Properties)
A license for which the IP address has not been changed more than the maximum allowed by the User Center. If your license has had its IP address changed that many times, contact your sales representative.

Domain Mode

Domain Mode license pools are managed on each Domain.

Licenses are distributed to the CloudGuard Gateways that the Domain manages.

The license is generated with the IP address of the Domain to which it belongs.

To use this mode, run:

vsec_lic_cli mode domain

In Domain mode only, these vsec_lic_cli tool CLI commands (see Managing CloudGuard Central Licenses) are only run from the context of the Multi-Domain Server:

vsec_lic_cli on

vsec_lic_cli off

vsec_lic_cli mode mds / domain / status

Important:

The remaining vsec_lic_cli tool CLI commands run only from the context of a specific Domain Management Server.

Note - Enabling or disabling the Gateways core usage report affects all domain servers even if it was enabled/disabled in one single domain.

Changing the context of the Multi-Domain Server

To go to the context of the Multi-Domain Server, run: mdsenv

To go to the context of a Domain Management Server, run mdsenv <Name or IP Address of Domain Management Server>

Changing the mode of the Multi-Domain Server

The vsec_lic_cli tool operates either in MDS (System) mode or Domain mode. Do not use both at the same time.

To see the current mode (in some versions) run: vsec_lic_cli mode status

If it is necessary to change the mode, then do these steps:

Remove all the CloudGuard Central Licenses added in the current mode. (See Remove license).
From the Multi-Domain Server context, change the tool mode by running vsec_lic_cli mode <mode> where <mode> can be "domain" or "mds".