How to Reduce the Number of Forwarding Information Base (FIB) Entries on the Firewall

How to Reduce the Number of Forwarding Information Base (FIB) Entries on the Firewall

919
Created On 07/24/25 16:19 PM - Last Modified 07/29/25 17:43 PM


Objective


  • Check the maximum number of FIB Entries supported by the Firewall.
  • Reduce the FIB Entries of the Firewall.

Environment


  • NGFW
  • FIB entries

Procedure


  1. Check the maximum capacity of FIB entries for your Firewall.
    1. Go to the Product Selection web page. Click Show More under your firewall platform name. Find the System total forwarding table size.
    2. For VM-Flex Firewall running a version lower than 10.2.x, refer to Maximum Limits Based on Memory. For versions 10.2.x and higher, refer to Maximum Limits Based on Tier and Memory. Note that the memory size (memory profile) determines the capacity of the firewall. Check the memory profile "vm-cap-tier:" in the output of the FW CLI command:
      > show system info
    3. Alternatively, depending on whether you have enabled advanced routing on the firewall or not, use one of the following CLI commands and read the numerical value in the line maximum of fib entries for this fib: 
      > show routing fib | match max

      or

      > show advanced-routing fib | match max

  2. Perform Route Summarization on the adjacent router (neighbor) that is advertising routes to the firewall. This reduces the number of routes sent to the firewall, thereby decreasing the size of the firewall's routing and forwarding table.

    1. For Static Routes:

      1. Delete unnecessary or unused routes: Remove any static routes that are no longer needed or used by active traffic.

      2. Perform Route Summarization (Route Aggregation): Combine routes to multiple networks with similar network prefixes into a single, summarized routing entry. This process, also known as supernetting, involves deleting smaller, specific routes and replacing them with a larger, summarized route.

    2. For OSPF:

      1. Navigate the UI to: Network > Virtual Routers > Edit VR > OSPF > Click Areas > Edit Area > Click Range

        For more details, refer to How to Suppress OSPF Routes.

    3. For BGP:

      1. Navigate the UI to: Network > Virtual Routers > Edit VR > BGP > Click Aggregate

        For more details, refer to How to Aggregate Routes and Advertise via BGP and Create Filters for the Advanced Routing Engine.

         

  3. If even after following the recommendation listed above, you are unable to reduce the number of FIB entries below the capacity limit of the FW, then:
    1. For a hardware firewall, consider upgrading your firewall to a higher-capacity platform.
    2. For a VM-Flex FW if it's running a version lower than 10.2.0, consider upgrading to a version greater than 10.2.0 to take advantage of the increased configuration capacity offered by the Memory Scaling of the VM-Series Firewall Feature. Also, consider increasing the FW memory/RAM to increase the capacity of your VM-Flex FW.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNeMKAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail