04-20-2026 07:32 PM
I found a KB article stating that the active firewall sends out gratuitous ARPs every 60 seconds during normal operation, but it doesn't explain why. What is the reason for this behaviour?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004Ny3CAE
04-21-2026 04:04 AM
In an active–passive high availability firewall setup, the active firewall may broadcast gratuitous ARPs every 60 seconds as a way to continuously assert its ownership of the virtual IP address and keep network devices updated. Gratuitous ARP messages help ensure that switches, routers, and connected hosts maintain the correct MAC-to-IP mapping in their ARP tables, preventing stale or incorrect entries that could disrupt traffic flow. This periodic broadcasting is especially useful in environments where ARP table entries might age out or where there is a risk of failover events, as it reinforces network stability and minimizes packet loss or misrouting by reminding all devices that the active firewall is still responsible for handling traffic.
04-24-2026 12:24 AM
Hi @A.Leung514385 ,
It is just way of telling the switch that the current active is still the one active (liveliness check), because switches have timer associated with the CAM entries.
Kind regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
