Policy based forwarding is getting hits but dropping packets

Policy based forwarding is getting hits but dropping packets

4855
Created On 10/08/23 19:01 PM - Last Modified 12/04/25 08:50 AM


Symptom


  • Policy based Forwarding is configured.
  • The traffic matches the PBF rule, but is dropped
  • Global counters (show counters global) display  "flow_fwd_l3_noarp" (Packets dropped: no ARP)as the reason for drop (Packets dropped: no ARP"

Environment


  • Palo Alto Firewalls
  • PAN-OS 10.x
  • Policy Based Forwarding (PBF)

Cause


  • Next hop is set to None.
  • When the next hop is set to none, the destination IP address of the packet is used as the next hop.
  • Forwarding fails if the destination IP address is not in the same subnet as the egress interface.
  • This is explained in the documentation.

Resolution


Set the correct next hop where the firewall can send the packet.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g2MRCAY&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail