Recently I experienced a support ticket where ARP table of Firewall was full. It was a little confusing to get which interface was the one causing the issue since was necessary to verify interfaces one by one and customer had a lot of subinterface on multiple bonds.

So i decided to create a basic script to get all firewall interfaces (fw getifs) and count how many ARP entries are seen on each one (arp -a) ordered descending by number of entries. At the end it sums the total of ARP entries.

The script has a lot of room for improvement (validations also) and perhaps someone can convert to a one-liner.

Please note the following:

•  The script does not consider local Proxy ARP entries (fw ctl arp)
• <incomplete> entries of arp command are also counted
• The source is defined for R80, feel free to change for a lower version.

Here is an output for the script: