How Can I Determine if the Palo Alto Networks Firewall is Reaching The Maximum Limit of ARP Entries?

How Can I Determine if the Palo Alto Networks Firewall is Reaching The Maximum Limit of ARP Entries?

45152
Created On 09/25/18 17:52 PM - Last Modified 06/13/23 02:53 AM


Resolution


Run the following CLI command to show information for all ARP tables:

> show arp all

 

The following information will appear at the top of the output (maximum supported entries will depend on the device):

maximum of entries supported :      500

default timeout:                    1800 seconds

total ARP entries in table :        40

total ARP entries shown :          40

status: s - static, c - complete, e - expiring, i - incomplete

If the total ARP entries in table value is close to the maximum supported then the Palo Alto Networks firewall could be at risk.

 

Also, if the maximum limit has been reached, global counters for ARP will increment. Use the command below to view the ARP related counters:

> show counter global filter delta yes | match arp

flow_arp_alloc_failureerrorARP entry allocation failure
flow_arp_rcv_errdropARP receive error

 

owner: jteetsel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLDCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language