Hi Morten,

That’s correct; we are running NAV 5.10.2. Our network consists of multiple L2/L3 HP Aruba switches and Palo Alto firewalls. NAV collects ARP records using SNMP from the HP Aruba switches, and we don’t encounter any expired ARP issues with those records. However, we do experience expired ARP issues with records retrieved from the Palo Alto firewalls. For reference, our ipdevpool.conf configuration for ip2mac is as follows:

[job_ip2mac]
interval: 20m
intensity: 0
plugins:
 arp paloaltoarp
description:
 The ip2mac job logs IP to MAC address mappings from routers and firewalls
 (i.e. from IPv4 ARP and IPv6 Neighbor caches)


Thank you for your support.

Best Regards

Mehmet E. ŞAHİN

Kimden: "Morten Brekkevold" <morten.brekkevold@sikt.no>
Kime: "Mehmet E. Şahin, BAŞKANLIK-BİDB" <mehmet.sahin@tubitak.gov.tr>
Kk: "nav-users" <nav-users@uninett.no>
Gönderilenler: 6 Aralık Cuma 2024 16:06:28
Konu: Re: [Nav-users] NAV - Palo Alto Plugin: MAC Records Keep Expiring

On Wed 05 Jun 2024 at 13:53, Mehmet E. Şahin (BAŞKANLIK-BİDB) <mehmet.sahin@tubitak.gov.tr> wrote:

> Hi Everyone,
>
> We started using the new Palo Alto plugin with excitement. It
> successfully retrieves the ARP table from the Palo Alto firewall as
> XML every 20 minutes.

Hi Mehmet, I'm trying to dig deeper into this issue you reported, at
least beyond my off-the-cuff analysis given at the time, and I posted a
bug report to GitHub about it at
https://github.com/Uninett/nav/issues/3252

However, it occurs to me that the pattern you're describing is eerily
similar to the ARP bug that was supposedly fixed in NAV 5.10.2, which
was released only a couple of days before your report (and which you
said you were running at the time):
https://github.com/Uninett/nav/issues/2910


Is the issue still unresolved for you?  Do you see the issue for any
other routers than Palo Alto firewalls?


Our network engineers have still not configured the Palo Alto plugin on
the one or two customer installations where they manage Palo Alto
firewalls, so I have not had the opportunity to test on field equipment
quite yet, but I'll see if I can't nudge them in the right direction.

--
Sincerely,
Morten Brekkevold

Sikt – Norwegian Agency for Shared Services in Education and Research