HA: disallowed_on_sync_iface log events with rule=HA_RestrictSyncIf for Reverse ARP, RARP, and IGMP

Last modified on 23 Aug, 2022. Revision 5
cOS Core will log about unexpected packets on its sync interface in order to alert you about the sync interface possibly becoming connected to a general LAN - something which likely would be harmful to your security level.However, if all you see is Reverse ARP (RARP) and IGMP broadcasts, chances are that you are seeing a VMWare ESX host with the vswitch "Notify Switches" setting enabled.
Up to date for
Core 12.00.20
Status OK

If it is established that the source of the packets is ESXi and there are no other packet types, there is no need for further action.

It is however completely safe to disable “Notify Switches” on vhost interfaces used for HA sync - they will do broadcasts of their own very often and do not need help with notifying switches.

Further reading

Google: esxi “notify switches” setting “nic teaming” rarp

Related articles

Upgrade VM Hardware Compatibility of virtual cOS Core 14.00 (x86_64) running on VMware
2 Feb, 2022 vmware esxi
Adjusting advanced cluster settings on larger installations
23 Aug, 2022 core ha cluster
Device initiated InControl management of NetWall HA clusters with a single public IP
31 Mar, 2022 incontrol core netcon netwall ha cluster coscore
Solving HA nodes both going active/inactive at the same time
21 Apr, 2021 core cluster ha
Differences between the NetWall E80A and E80B
31 May, 2021 hardware ha e80a e80b
Is it possible to avoid interruptions on HA clusters during configuration deployment? (multiple questions)
14 Dec, 2022 ha core idp cli cluster antivirus configuration
Managing NetWall HA clusters over the Internet using one public IP
21 Jun, 2022 core ha hacluster netwall coscore slb



Tagsvmwareloghararparpcore