05-27-2012 07:40 AM
Palo Alto seem to have the lowest arp/mac cache limits of any firewall I've ever come across.
Are there any plans to increase the limits please?
05-29-2012 03:49 PM
You can get the max number of arp entries supported on a platform using the following command:
show system state filter cfg.general.max*
Here is a sample output for 200:
admin@lab108-PA-200(active)> show system state filter cfg.general.max*
cfg.general.max-address: 0x9c4
cfg.general.max-address-group: 0xfa
cfg.general.max-address-per-group: 0x1f4
cfg.general.max-appinfo2ip-entry: 500
cfg.general.max-arp: 0x1f4
cfg.general.max-blacklist: 0x61a8
You can also get this value from:
admin@lab108-PA-200(active)> show arp all
maximum of entries supported : 500
default timeout: 1800 seconds
total ARP entries in table : 25
total ARP entries shown : 25
status: s - static, c - complete, e - expiring, i - incomplete
05-30-2012 01:58 AM
Hello,
You can also look at specsheets PDFs on PaloAlo home website, like this one: http://media.paloaltonetworks.com/documents/PA500_Specsheet.pdf
This is a very good limitation to know: MAC table size/device: 500 for PA-500
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
