Recently I experienced a support ticket where ARP table of Firewall was full. It was a little confusing to get which interface was the one causing the issue since was necessary to verify interfaces one by one and customer had a lot of subinterface on multiple bonds.
So i decided to create a basic script to get all firewall interfaces (fw getifs) and count how many ARP entries are seen on each one (arp -a) ordered descending by number of entries. At the end it sums the total of ARP entries.
The script has a lot of room for improvement (validations also) and perhaps someone can convert to a one-liner.
Please note the following:
- The script does not consider local Proxy ARP entries (fw ctl arp)
- <incomplete> entries of arp command are also counted
- The source is defined for R80, feel free to change for a lower version.
Here is an output for the script: