Question regarding ARP timeout

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question regarding ARP timeout

Not applicable

Hi,

I have a question regarding ARP caching and timeout on the Palo Alto platform.

Based on the output of the "show arp all" command, it looks as if the "default timeout" is 1800 seconds.  I am doing some work with failover for a cluster inside my firewall, and I wanted to know if there was persistent ARP caching such that a different MAC address can immediately begin ARPing for an IP that is cached on the firewall itself.   I have seen some environments where persistent ARP caching is implemented as security feature to resolve inadvertent IP address conflicts.  Is this sort of feature enabled on the Palo Alto platform?  Does anybody know if this is related to the ARP settings in the output of "show arp all"?  I basically want to make sure that my firewall is configured in a way that a new MAC address can immediately being ARPing for an IP address withouth having to flush a cache or waiting for a cached entry to expire (even if the expiration would occur after a few seconds).

I currently have the software version 4.1.6 installed on my cluster (I searched the admin guide for all occurrences of the word ARP and couldn't find the information I am looking for).  I appreciate any guidance you could provide in helping me answer this question.


Dan Sullivan

1 accepted solution

Accepted Solutions

L4 Transporter

The cache on the pan is not persistent. The ARP table will update accordingly. I tested it out and you do not have to flush the cache manually or wait for the time out, as expected.

Dominic

View solution in original post

1 REPLY 1

L4 Transporter

The cache on the pan is not persistent. The ARP table will update accordingly. I tested it out and you do not have to flush the cache manually or wait for the time out, as expected.

Dominic

  • 1 accepted solution
  • 3072 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!