The firewall event of Deep Security or Vulnerability Protection may show an unknown MAC address that does not belong to the current machine.
The event with invalid MAC address may occur in the following scenarios:
- NIC teaming setup
- Packet capture application such as Wireshark is running
This is a known issue. It happens because the NIC card is in promiscuous mode. During this mode, the NIC card will receive all packets with any MAC address as it will not be filtered out in the network adapter layer. As Deep Security Agent (DSA) or Vulnerability Protection Agent (VPA) is hooked after the network adapter layer, the unknown MAC address will appear.