HA: disallowed_on_sync_iface log events with rule=HA_RestrictSyncIf for Reverse ARP, RARP, and IGMP
Last modified on 8 Sep, 2020. Revision 3
cOS Core will log about unexpected packets on its sync interface in order to alert you about the sync interface possibly becoming connected to a general LAN - something which likely would be harmful to your security level.However, if all you see if Reverse ARP (RARP) and IGMP broadcasts, chances are that you are seeing a VMWare ESX host with the vswitch "Notify Switches" setting enabled.
| Up to date for |
Core 12.00.20
|
| Status | OK |
If it is established that the source of the packets is ESXi and there are no other packet types, there is no need for further action.
It is however completely safe to disable “Notify Switches” on vhost interfaces used for HA sync - they will do broadcasts of their own very often and do not need help with notifying switches.
Further reading
Google: esxi “notify switches” setting “nic teaming” rarp
Related articles
Adjusting advanced cluster settings on larger installations
13 Jan, 2021 core ha cluster
13 Jan, 2021 core ha cluster
Solving HA nodes both going active/inactive at the same time
21 Apr, 2021 core cluster ha
21 Apr, 2021 core cluster ha
Differences between the NetWall E80A and E80B
31 May, 2021 hardware ha e80a e80b
31 May, 2021 hardware ha e80a e80b