I have a question regarding ARP caching and timeout on the Palo Alto platform.
Based on the output of the "show arp all" command, it looks as if the "default timeout" is 1800 seconds. I am doing some work with failover for a cluster inside my firewall, and I wanted to know if there was persistent ARP caching such that a different MAC address can immediately begin ARPing for an IP that is cached on the firewall itself. I have seen some environments where persistent ARP caching is implemented as security feature to resolve inadvertent IP address conflicts. Is this sort of feature enabled on the Palo Alto platform? Does anybody know if this is related to the ARP settings in the output of "show arp all"? I basically want to make sure that my firewall is configured in a way that a new MAC address can immediately being ARPing for an IP address withouth having to flush a cache or waiting for a cached entry to expire (even if the expiration would occur after a few seconds).
I currently have the software version 4.1.6 installed on my cluster (I searched the admin guide for all occurrences of the word ARP and couldn't find the information I am looking for). I appreciate any guidance you could provide in helping me answer this question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!