HA: disallowed_on_sync_iface log events with rule=HA_RestrictSyncIf for Reverse ARP, RARP, and IGMP

Last modified on 23 Aug, 2022. Revision 5
cOS Core will log about unexpected packets on its sync interface in order to alert you about the sync interface possibly becoming connected to a general LAN - something which likely would be harmful to your security level.However, if all you see is Reverse ARP (RARP) and IGMP broadcasts, chances are that you are seeing a VMWare ESX host with the vswitch "Notify Switches" setting enabled.
Up to date for
Core 12.00.20
Status OK

If it is established that the source of the packets is ESXi and there are no other packet types, there is no need for further action.

It is however completely safe to disable “Notify Switches” on vhost interfaces used for HA sync - they will do broadcasts of their own very often and do not need help with notifying switches.

Further reading

Google: esxi “notify switches” setting “nic teaming” rarp

Related articles

cOS Core HA clusters in VMware with Promiscuous Mode
4 Apr, 2023 core vmware highavailability ha promiscuous
Device initiated InControl management of NetWall HA clusters with a single public IP
31 Mar, 2022 incontrol core netcon netwall ha cluster coscore
Differences between the NetWall E80A and E80B
31 May, 2021 hardware ha e80a e80b
Avoiding cOS Core HA interruptions during configuration deployment
20 Feb, 2023 ha core idp cli cluster antivirus configuration
Transparent mode & L2TPv3 unavailable in cOS Core HA clusters
17 Feb, 2023 core ha cluster transparentmode l2tpv3
Managing NetWall HA clusters over the Internet using one public IP
21 Jun, 2022 core ha hacluster netwall coscore slb
cOS Core High Availability Cluster troubleshooting
23 Feb, 2023 core troubleshoot cluster ha