>
    Strata Copilot
    Duplicate IP address detected on an interface
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. NGFW Incidents Reference
    4. Duplicate IP address detected on an interface
    Download PDF
    Next-Generation Firewall

    Duplicate IP address detected on an interface

    Table of Contents

    Duplicate IP address detected on an interface

    Incident Code
    INC_NGFW_DUPLICATE_IP_ADDRESS
    Severity
    Warning
    Category
    Network and Traffic
    Subcategory
    Interface
    Description
    This incident is triggered when a duplicate IP address is detected. The firewall's configuration can cause IP address conflicts on the network if any of the following conditions apply: 1. One of the firewall's interfaces has the same IP address. 2. A static Source Network Address Translation (SNAT) address is assigned that conflicts. 3. A static Destination Network Address Translation (DNAT) address is assigned that conflicts. 4. An IP address from a configured SNAT pool overlaps an existing subnet. 2. The IdP may fail to transmit the SAML assertion due to misconfiguration. This Incident automatically clears if no new errors are noticed for 24 hours since the detection of the duplicate IP address.
    Raise Condition
    This incident is triggered by the detection of at least one log message indicating a duplicate IP address (resulting from a conflicting received ARP).
    Clear Condition
    The alert will be cleared after 24 hours if no further duplicate IP logs are detected.

    © 2026 Palo Alto Networks, Inc. All rights reserved.