Q: Box is in Backwards Alarm
A: The alarm indicates that, when the appliance is ARPing for its WAN side default gateway it's receiving a reply on the lan port.
1. Make sure the cables are plugged in correctly. You can swap them to see if the alarm goes away.
1. Ensure that both lan0 and wan0 ports are in promiscuous mode.
2. There's no switching loop present where an ARP for the default gateway (remember that this ARP is a broadcast out of all ports) is being answered by a device on LAN side.
3. Also in bridge mode all traffic should be routing through the VM, there should be no alternate path that traffic can take in the network.
4. The lan0 and wan0 ports should be on different vswitches to ensure that there's no bridging between them.
5. If the LAN side has a route through which you can access the edge router though the LAN core switch then you can disable the gateway check to get rid of this alarm using the command below -
vxa (config) #system watchdog datapath gateway-connect disable
vxa (config) #wr mem
6. The following commands can be used to gather useful information -
a. sh arp
b. sh cdp neighbor
c. sh bridge mac-address-table interface wan0
d. sh bridge mac-address-table interface lan0
e. sh interface wan0
f. sh interface lan0
g. sh system nexthops