topic Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in in Next-Generation Firewall Discussions

After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on interf

yassinehounaihi — Wed, 15 Mar 2023 16:26:01 GMT

After an upgrade to version 10.2.3 h4 I got this message:

2023/03/08 20:52:23 info general general 0 Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:92:cd:0c

And this address is for the other peer .

The firewall is a VM300

Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in

Raido_Rattameister — Thu, 16 Mar 2023 03:36:40 GMT

In VMware environment you can't have 2 VMs with same mac address.

For that reason virtual Palos in HA cluster have different mac addresses.

Virtual Palos can have same mac only if VMware port group is configured in promiscuous mode and this is very bad practice.

But to receive conflicting IP address alert both of your firewalls must be active at the same time.

Do you have active/passive HA?

Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in

yassinehounaihi — Thu, 16 Mar 2023 07:33:55 GMT

Yes the two firewalls in HA.

address and mac for the other peer .

Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in

Raido_Rattameister — Thu, 16 Mar 2023 12:39:24 GMT

Are firewalls in active/active or active/passive HA?

If you enable mac column in both firewalls do mac addresses match on both of them or are they different?

Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in

yassinehounaihi — Thu, 16 Mar 2023 12:58:28 GMT

HA in active passive .

You will find below the configuration of the interfaces as well as the message on the two firewalls :

========================================================

FW1

> show interface all

total configured hardware interfaces: 9

name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 ukn/ukn/down(power-down) 00:50:56:92:82:af
ethernet1/2 17 10000/full/up 00:50:56:92:7e:bc
ethernet1/3 18 10000/full/up 00:50:56:92:20:2f
ethernet1/4 19 10000/full/up 00:50:56:92:cd:0c
ethernet1/5 20 10000/full/up 00:50:56:92:f7:49
ethernet1/6 21 10000/full/up 00:50:56:92:2f:36
ethernet1/7 22 10000/full/up 00:50:56:92:ae:b6
ethernet1/8 23 10000/full/up 00:50:56:92:77:3a
ethernet1/9 24 ukn/ukn/down(autoneg) 00:50:56:92:5e:a5

aggregation groups: 0

total configured logical interfaces: 9

name id vsys zone forwarding tag address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/1 16 1 tap 0 N/A
ethernet1/2 17 1 ha 0 192.168.1.67/24
ethernet1/3 18 1 ha 0 192.168.2.67/24
ethernet1/4 19 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.0.1/21
ethernet1/5 20 1 DMZ_INTERNET vr:DMZ_WIFI_ROUTEUR 0 90.83.58.124/25
ethernet1/6 21 1 VRF_GUEST vr:DMZ_WIFI_ROUTEUR 0 10.109.32.250/32
ethernet1/7 22 1 DMZ_SORTANTES vr:DMZ_WIFI_ROUTEUR 0 192.168.215.47/24
ethernet1/8 23 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.8.1/22
ethernet1/9 24 1 tap 0 N/A

Error message :

============================================

2023/03/08 20:52:01 info general general 0 Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:a5:bc:3b

==========================================

FW2

=================================================

> show interface all

total configured hardware interfaces: 9

name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 ukn/ukn/down(power-down) 00:50:56:a5:9b:91
ethernet1/2 17 10000/full/up 00:50:56:a5:79:47
ethernet1/3 18 10000/full/up 00:50:56:a5:b1:ca
ethernet1/4 19 10000/full/up 00:50:56:a5:bc:3b
ethernet1/5 20 10000/full/up 00:50:56:a5:0d:e4
ethernet1/6 21 10000/full/up 00:50:56:a5:51:9b
ethernet1/7 22 10000/full/up 00:50:56:a5:5c:c5
ethernet1/8 23 10000/full/up 00:50:56:a5:63:9a
ethernet1/9 24 ukn/ukn/down(autoneg) 00:50:56:a5:de:f0

aggregation groups: 0

total configured logical interfaces: 9

name id vsys zone forwarding tag address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/1 16 1 tap 0 N/A
ethernet1/2 17 1 ha 0 192.168.1.68/24
ethernet1/3 18 1 ha 0 192.168.2.68/24
ethernet1/4 19 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.0.1/21
ethernet1/5 20 1 DMZ_INTERNET vr:DMZ_WIFI_ROUTEUR 0 90.83.58.124/25
ethernet1/6 21 1 VRF_GUEST vr:DMZ_WIFI_ROUTEUR 0 10.109.32.250/32
ethernet1/7 22 1 DMZ_SORTANTES vr:DMZ_WIFI_ROUTEUR 0 192.168.215.47/24
ethernet1/8 23 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.8.1/22
ethernet1/9 24 1 tap 0 N/A

===========================================

Error message

========================================

2023/03/08 20:52:23 info general general 0 Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:92:cd:0c

======================================================================

Thank you

Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in

Raido_Rattameister — Thu, 16 Mar 2023 13:12:39 GMT

Did you get arp conflict once during upgrade or are you continuously getting those alerts?

Re: After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on in

yassinehounaihi — Thu, 16 Mar 2023 13:19:49 GMT

We still have the error message, I turned off one of the firewall so as not to impact the production