How to Configure Static ARP on the Palo Alto Networks Firewall

How to Configure Static ARP on the Palo Alto Networks Firewall

96748
Created On 09/25/18 17:36 PM - Last Modified 01/30/25 22:16 PM


Environment


  • Any PAN-OS.
  • Palo Alto Firewall.

Procedure


Overview

Static ARP (Address Resolution Protocol) entries reduce ARP processing and preclude man-in-the-middle attacks for the specified addresses.

 

Steps

Navigate to the ARP entry configuration:

  1. On the WebGUI, go to Network > Interfaces > Ethernet.
  2. Select the appropriate L3 interface.
  3. Click Advanced.
  4. Click ARP Entries.
  5. Click Add and add the desired entry.
  6. Click OK and commit the configuration.

static arp entries.png

 

From the CLI:

> configure
# set network interface ethernet ethernet1/5 layer3 arp 10.101.10.10 hw-address F0:1F:AF:02:96:36
# commit

 

Note: It's not possible to change the Palo Alto Networks interface MAC address.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGrCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language