09-18-2012 11:45 AM
Hi
I have 2 PA500 firewalls running in a active/passive HA setup, the firewalls are fully integrated into active directory using the Identification client for security polices all clients on the network are set to use our core switch as their default gateway and the switch has a route set so it uses the firewalls IP as its gateway. Problem is the PA500 has a hard limit of 500 ARP table entries and we have a lot more than 500 network devices on the network, so when the firewall reaches its 500 ARP limit no more devices can connect to the internet, the only way i have found to try and allow other clients is to clear the ARP tables on the firewalls, but this causes other clients to have no internet connectivity. Does anyone have any ideas on how i can resolve this without upgrading to the larger firewalls?
Thanks
Matt
09-18-2012 12:08 PM
Check the Destination NAT rules ,if they have been configured with the entire subnet.
Try removing the interfaces from the static route config just keeping the next-hop as IP address.
-Ameya
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
