Next hop inaccessible for Palo Alto Networks


Palo Alto Networks


Indeni will review the routing table and identify when a next hop router is showing as FAILED or INCOMPLETE in the ARP table.

Remediation Steps

Determine why the next hops are not responding.
Log into the device over SSH and review the output of "show arp" to identify failures.

How does this work?

This alert uses the Palo Alto Networks API to retrieve the full ARP table for a Palo Alto Networks firewall, excluding the ARP table of the management interface (normally retrieved via "show arp management").

Why is this important?

Tracking the ARP entry can indicate when certain hosts are failing to repsond to ARP requests. If that host is actually a next hop router, traffic may not reach its final destination. In addition, if there's a sudden jump in the number of ARP entries that are failing, it may indicate a connectivity issue at layer 2.

Without Indeni how would you find this?

An administrator could write a script to leverage the Palo Alto Networks API to collect this data periodically and alert appropriately. Alternatively, wait for an issue to occur and check the ARP cache status by running "show arp all".

View Source Code