CARP on ESXi and promiscuous mode, security issues?
I've set-up 2 pfSense in CARP on two ESXi nodes and, as per documentation, I've created another port-group only for pfSense with promiscuos mode enabled.
Problem is that now pfSense receives all traffic that goes to the Virtual Switch, so LAN interface it's "flooded" by unwanted traffic and, more important, from within pfSense it's possible to sniff all the traffic that goes through the virtual switch.
Is there another way to be able to have CARP working on ESXi without promiscuous mode? If not, IMHO it should be highlighted in documentation that security (and performance) risk related to promiscuous mode..
FYI looks that on ESXi 6.7 (and 7 I guess) could be solved with this:
I'm implementing and testing it right now, probably pfSense documentation should be updated..
Hmmm it's working for other interfaces (DMZ) but not for LAN, really strange...
So, finally I've discovered that there is probably a bug in my HP SFP552 10GB cards that do not allow native Mac Learning to work on untagged port groups, moved to tagged port group, now everything it's working properly and I don't have anymore pfSense flooded with all traffic of promiscuous mode.
I think documentation should be updated reflecting this improvement.