HA: disallowed_on_sync_iface log events with rule=HA_RestrictSyncIf for Reverse ARP, RARP, and IGMP

Last modified on 8 Sep, 2020. Revision 3
cOS Core will log about unexpected packets on its sync interface in order to alert you about the sync interface possibly becoming connected to a general LAN - something which likely would be harmful to your security level.However, if all you see if Reverse ARP (RARP) and IGMP broadcasts, chances are that you are seeing a VMWare ESX host with the vswitch "Notify Switches" setting enabled.
Up to date for
Core 12.00.20
Status OK

If it is established that the source of the packets is ESXi and there are no other packet types, there is no need for further action.

It is however completely safe to disable “Notify Switches” on vhost interfaces used for HA sync - they will do broadcasts of their own very often and do not need help with notifying switches.

Further reading

Google: esxi “notify switches” setting “nic teaming” rarp

Related articles

Differences between the NetWall E80A and E80B
31 May, 2021 hardware ha e80a e80b