HA: disallowed_on_sync_iface log events with rule=HA_RestrictSyncIf for Reverse ARP, RARP, and IGMP

Last modified on 23 Aug, 2022. Revision 5
cOS Core will log about unexpected packets on its sync interface in order to alert you about the sync interface possibly becoming connected to a general LAN - something which likely would be harmful to your security level.However, if all you see is Reverse ARP (RARP) and IGMP broadcasts, chances are that you are seeing a VMWare ESX host with the vswitch "Notify Switches" setting enabled.
Up to date for
Core 12.00.20
Status OK

If it is established that the source of the packets is ESXi and there are no other packet types, there is no need for further action.

It is however completely safe to disable “Notify Switches” on vhost interfaces used for HA sync - they will do broadcasts of their own very often and do not need help with notifying switches.

Further reading

Google: esxi “notify switches” setting “nic teaming” rarp

Related articles

Device initiated InControl management of NetWall HA clusters with a single public IP
31 Mar, 2022 incontrol core netcon netwall ha cluster coscore
Differences between the NetWall E80A and E80B
31 May, 2021 hardware ha e80a e80b
Managing NetWall HA clusters over the Internet using one public IP
21 Jun, 2022 core ha hacluster netwall coscore slb