Article number
Affected Versions
Source Hypervisor

Failover To AWS Failed With ‘Must Provide A Security Group When Creating Interfaces In A Shared Subnet.’

Viewed 175 times

Root Cause

In each VPG replicating to AWS, a Subnet and at least one Security Group must be selected. 

However, we still receive the error above because the AWS API is used on the boot disk for ZImport for Data Volumes and all disks for AWS Import.

Zerto currently does not support shared subnets in AWS for this reason, currently.


Customer performs a Failover to AWS with either 'ZImport for Data Volumes' or 'AWS Import' import method which fails with message:

Must provide a security group when creating interfaces in a shared subnet.



There are ultimately two options.

1] Re-organize the subnets in the VPC of choice so no shared subnets are used, update the VPG with the new subnet, try the Failover again.

2] To avoid using the AWS API, change the Import Method to ZImport for All Volumes and try the Failover again.

NOTE: This option requires the setup of Zerto Tools for Windows and/or Zerto Tools for Linux be executed successfully on all Protected VMs in said VPG ahead of next Failover attempt.