SEDR appliance messages log contains numerous log entries noting martians appearing on eth1 and eth2
search cancel

SEDR appliance messages log contains numerous log entries noting martians appearing on eth1 and eth2

book

Article ID: 185112

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Symantec Endpoint Detection and Response (SEDR) appliance messages log contains numerous log entries noting martians appearing on eth1 and eth2

Log entries similar to the following appear in the messages log of SEDR appliance:

Jan 13 00:01:10 satp-pd-mgmt-01 kernel: IPv4: martian source 192.0.2.255 from 192.0.2.8, on dev eth1

...

Jan 13 00:01:11 satp-pd-mgmt-01 kernel: IPv4: martian source 192.0.2.255 from 192.10.2.8, on dev eth2

...
 

Environment

SEDR Virtual Edition (VE) appliance is deployed as a guest Virtual Machine with the Management Server role, but not the Scanner or AllInOne role.

Resolution

 

  1. Create two new virtual switches without uplink
  2. Create and associate two new port groups
  3. Power down the guest VM which is the SEDR virtual appliance
  4. Edit the guest VM to point Network adapter 2 to one of the new switch groups, and to point Network adapter 3 to the other new switch group.
  5. Power on the guest VM

 

To create two new virtual switches without uplink

  1. Within the ESXi Web Console, on the host where SEDR VE is installed, navigate to Networking.
  2. On the virtual switches, click "Add standard virtual switch"
  3. On the dialog box, select options as follows. The name can be different, so long as it is unique.
  4. DO NOT ADD AN UPLINK TO THESE TWO NEW VIRTUAL SWITCHES.
  5. Create a second virtual switch with the same options, except for a unique name.
  6. On the list of virtual switches, the new switches appear, but show port groups of "0"
     

To create and associate two new port groups

  1. At the top, click on the Port Groups tab.
  2. Click "Add Port Group"
  3. On the "Virtual switch" dropdown box, select one of the two new virtual switches.
  4. Click Add.
  5. Click "Add Port Group"
  6. On the "Virtual switch" dropdown box, select the other of the two new virtual switches.
  7. Click Add.
  8. The new port groups appear on the list of port groups...
     

To associate Network adapter 2 and Network adapter 3 with the new port groups

  1. Power off the VM for the ATP or SEDR appliance in a scheduled maintenance window.
  2. Edit the VM which is the ATP or SEDR appliance.
  3. Point Network adapter 2 to one of the new port groups and Network adapter 3 to the other new port group. Click Save.
  4. Power on the VM guest which is the ATP or SEDR appliance.

 

Powered by Wolken Software