How Can I Determine if the Palo Alto Networks Firewall is Reaching The Maximum Limit of ARP Entries?
Resolution
Run the following CLI command to show information for all ARP tables:
> show arp all
The following information will appear at the top of the output (maximum supported entries will depend on the device):
maximum of entries supported : 500
default timeout: 1800 seconds
total ARP entries in table : 40
total ARP entries shown : 40
status: s - static, c - complete, e - expiring, i - incomplete
If the total ARP entries in table value is close to the maximum supported then the Palo Alto Networks firewall could be at risk.
Also, if the maximum limit has been reached, global counters for ARP will increment. Use the command below to view the ARP related counters:
> show counter global filter delta yes | match arp
flow_arp_alloc_failure | error | ARP entry allocation failure |
flow_arp_rcv_err | drop | ARP receive error |
owner: jteetsel