https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264632#M74422 <P>We have the same setup (using default arp cache timeouts) and we do not see this issue. everything fails over smoothly</P><P>&nbsp;</P><P>p.s. to see your current arp cache timeout use: show arp all</P><P>&nbsp;</P><P>it appears there is a bug with show system setting arp-cache-timeout (valid command seen here:&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/networking-features/arp-cache-timeout" target="_blank">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/networking-features/arp-cache-timeout</A>) because when I try that one I get an error but show arp all gives me the info</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 31 May 2019 20:32:57 GMT hshawn 2019-05-31T20:32:57Z https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264428#M74416 <P>We have two F5 devices configured as active standby behind PA. The issue is on failover F5 failover ARP table on the PA is not updated quickly enough for smooth transition. Is there a way to mitigate this problem and increase ARP update time for that interface only.</P> Fri, 31 May 2019 16:59:00 GMT https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264428#M74416 raji_toor 2019-05-31T16:59:00Z https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264618#M74420 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/56221">@raji_toor</a>,</P><P>From the CLI you can set the ARP cache timeout by issueing the command&nbsp;<EM>set system setting arp-cache-timeout &lt;value&gt;</EM> with the minimum being 60 seconds and the maximum being 65535 seconds. This of course is system wide and can't be adjusted for just one interface.&nbsp;</P><P>If you could script something to trigger when your F5 device logs a failover event, in a Slunk for example, you could utilize the API to clear the arp on the interface by issuing the&nbsp;<EM>clear arp &lt;interface&gt;&nbsp;</EM>command via the API. <EM>/api/?type=op&amp;cmd=&lt;clear&gt;&lt;arp&gt;interface&lt;/arp&lt;/clear&gt;</EM></P> Fri, 31 May 2019 20:13:40 GMT https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264618#M74420 BPry 2019-05-31T20:13:40Z https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264632#M74422 <P>We have the same setup (using default arp cache timeouts) and we do not see this issue. everything fails over smoothly</P><P>&nbsp;</P><P>p.s. to see your current arp cache timeout use: show arp all</P><P>&nbsp;</P><P>it appears there is a bug with show system setting arp-cache-timeout (valid command seen here:&nbsp;<A href="https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/networking-features/arp-cache-timeout" target="_blank">https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/networking-features/arp-cache-timeout</A>) because when I try that one I get an error but show arp all gives me the info</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 31 May 2019 20:32:57 GMT https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264632#M74422 hshawn 2019-05-31T20:32:57Z https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264695#M74424 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/42784">@hshawn</a>&nbsp;Do you use mac masquerading on F5</P> Fri, 31 May 2019 21:58:51 GMT https://live.paloaltonetworks.com/t5/general-topics/f5-failover-connected-behind-pa/m-p/264695#M74424 raji_toor 2019-05-31T21:58:51Z