After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info     general        general 0  Received conflicting ARP on interf

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info     general        general 0  Received conflicting ARP on interf

L1 Bithead

After an upgrade to version 10.2.3 h4 I got this message:

 

2023/03/08 20:52:23 info     general        general 0  Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:92:cd:0c

 

And this address is for the other peer .

 

The firewall is a VM300

6 REPLIES 6

Cyber Elite
Cyber Elite

In VMware environment you can't have 2 VMs with same mac address.

For that reason virtual Palos in HA cluster have different mac addresses.

Virtual Palos can have same mac only if VMware port group is configured in promiscuous mode and this is very bad practice.

But to receive conflicting IP address alert both of your firewalls must be active at the same time.

Do you have active/passive HA?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Yes the two firewalls in HA.

address and mac for the other peer .

Cyber Elite
Cyber Elite

Are firewalls in active/active or active/passive HA?

If you enable mac column in both firewalls do mac addresses match on both of them or are they different?

Raido_Rattameister_0-1678970353596.png

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

HA in active passive .

 

You will find below the configuration of the interfaces as well as the message on the two firewalls :

========================================================

FW1 

> show interface all

total configured hardware interfaces: 9

name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 ukn/ukn/down(power-down) 00:50:56:92:82:af
ethernet1/2 17 10000/full/up 00:50:56:92:7e:bc
ethernet1/3 18 10000/full/up 00:50:56:92:20:2f
ethernet1/4 19 10000/full/up 00:50:56:92:cd:0c
ethernet1/5 20 10000/full/up 00:50:56:92:f7:49
ethernet1/6 21 10000/full/up 00:50:56:92:2f:36
ethernet1/7 22 10000/full/up 00:50:56:92:ae:b6
ethernet1/8 23 10000/full/up 00:50:56:92:77:3a
ethernet1/9 24 ukn/ukn/down(autoneg) 00:50:56:92:5e:a5

aggregation groups: 0


total configured logical interfaces: 9

name id vsys zone forwarding tag address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/1 16 1 tap 0 N/A
ethernet1/2 17 1 ha 0 192.168.1.67/24
ethernet1/3 18 1 ha 0 192.168.2.67/24
ethernet1/4 19 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.0.1/21
ethernet1/5 20 1 DMZ_INTERNET vr:DMZ_WIFI_ROUTEUR 0 90.83.58.124/25
ethernet1/6 21 1 VRF_GUEST vr:DMZ_WIFI_ROUTEUR 0 10.109.32.250/32
ethernet1/7 22 1 DMZ_SORTANTES vr:DMZ_WIFI_ROUTEUR 0 192.168.215.47/24
ethernet1/8 23 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.8.1/22
ethernet1/9 24 1 tap 0 N/A

 

Error message :

 

============================================

2023/03/08 20:52:01 info general general 0 Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:a5:bc:3b

==========================================

 

FW2 

 

=================================================

> show interface all

total configured hardware interfaces: 9

name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 ukn/ukn/down(power-down) 00:50:56:a5:9b:91
ethernet1/2 17 10000/full/up 00:50:56:a5:79:47
ethernet1/3 18 10000/full/up 00:50:56:a5:b1:ca
ethernet1/4 19 10000/full/up 00:50:56:a5:bc:3b
ethernet1/5 20 10000/full/up 00:50:56:a5:0d:e4
ethernet1/6 21 10000/full/up 00:50:56:a5:51:9b
ethernet1/7 22 10000/full/up 00:50:56:a5:5c:c5
ethernet1/8 23 10000/full/up 00:50:56:a5:63:9a
ethernet1/9 24 ukn/ukn/down(autoneg) 00:50:56:a5:de:f0

aggregation groups: 0


total configured logical interfaces: 9

name id vsys zone forwarding tag address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
ethernet1/1 16 1 tap 0 N/A
ethernet1/2 17 1 ha 0 192.168.1.68/24
ethernet1/3 18 1 ha 0 192.168.2.68/24
ethernet1/4 19 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.0.1/21
ethernet1/5 20 1 DMZ_INTERNET vr:DMZ_WIFI_ROUTEUR 0 90.83.58.124/25
ethernet1/6 21 1 VRF_GUEST vr:DMZ_WIFI_ROUTEUR 0 10.109.32.250/32
ethernet1/7 22 1 DMZ_SORTANTES vr:DMZ_WIFI_ROUTEUR 0 192.168.215.47/24
ethernet1/8 23 1 GUEST_LAN vr:DMZ_WIFI_ROUTEUR 0 172.16.8.1/22
ethernet1/9 24 1 tap 0 N/A

 

===========================================

 

Error message 

 

========================================

2023/03/08 20:52:23 info general general 0 Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:92:cd:0c

 

======================================================================

 

Thank you 

Cyber Elite
Cyber Elite

Did you get arp conflict once during upgrade or are you continuously getting those alerts?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L1 Bithead

We still have the error message, I turned off one of the firewall so as not to impact the production

  • 1404 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!