Bidirectional Forwarding Detection (BFD) enables extremely fast detection of a link failure, which accelerates failover to a different route.
BFD Overview
Building Blocks of a BFD Profile
View BFD Summary and Details
Configure BFD for: Static Routes BGP OSPF OSPFv3 RIP
BFD Overview
BFD is a protocol that recognizes a failure in the bidirectional path between two forwarding engines, such as interfaces, data links, or the actual forwarding engines. In the PAN-OS implementation, one of the forwarding engines is an interface on the firewall and the other is an adjacent configured BFD peer. The BFD failure detection between two engines is extremely fast, providing faster failover than could be achieved by link monitoring or frequent dynamic routing health checks, such as Hello packets or heartbeats.
After BFD detects a failure, it notifies the routing protocol to switch to an alternate path to the peer. If BFD is configured for a static route, the firewall removes the affected routes from the RIB and FIB tables.
BFD is supported on the following interface types—physical Ethernet, AE, VLAN, tunnel (Site-to-Site VPN and LSVPN), and subinterfaces of Layer 3 interfaces. For each static route or dynamic routing protocol, you can enable or disable BFD, select the default BFD profile, or configure a BFD profile.
Building Blocks of a BFD Profile
You can enable BFD for a static route or dynamic routing protocol by applying the default BFD profile or a BFD profile that you create. The default profile uses the default BFD settings and cannot be changed. You can Add a new BFD profile and specify the following information.
BFD Profile Setting Description
Name Name of the BFD profile (up to 31 characters). The name is case-sensitive and must be unique on the firewall. Use only letters, numbers, spaces, hyphens, and underscores.
Mode Mode in which BFD operates: Active —BFD initiates sending control packets (default). At least one of the BFD peers must be active; they can both be active. Passive —BFD waits for the peer to send control packets and responds as required.
Desired Minimum Tx Interval (ms) Minimum interval (in milliseconds) at which you want the BFD protocol to send BFD control packets. Minimum value on PA-7000/PA-5000 Series is 50; minimum on PA-3000 Series is 100; minimum on VM-Series is 200 (maximum value is 2,000; default is 1,000). If you have multiple protocols that use different BFD profiles on the same interface, configure the BFD profiles with the same Desired Minimum Tx Interval.
Required Minimum Rx Interval (ms) Minimum interval (in milliseconds) at which BFD can receive BFD control packets. Minimum value on PA-7000/PA-5000 Series is 50; minimum on PA-3000 Series is 100; minimum on VM-Series is 200 (maximum value is 2,000; default is 1,000).
Detection Time Multiplier The local system calculates the detection time as the Detection Time Multiplier received from the remote system multiplied by the agreed transmit interval of the remote system (the greater of the Required Minimum Rx Interval and the last received Desired Minimum Tx Interval. If BFD does not receive a BFD control packet from its peer before the detection time expires, a failure has occurred (range is 2 to 50; default is 3).
Hold Time (ms) Delay (in milliseconds) after a link comes up before the firewall transmits BFD control packets. Hold Time applies to BFD Active mode only. If the firewall receives BFD control packets during the Hold Time, it ignores them (range is 0-120,000; default is 0). The default setting of 0 means no transmit Hold Time is used; the firewall sends and receives BFD control packets immediately after the link is established.
Enable Multihop Enables BFD over multiple hops. Applies to BGP implementation only.
Minimum Rx TTL Minimum Time-to-Live value (number of hops) BFD will accept (receive) when it supports multihop BFD. Applies to BGP implementation only (range is 1-254; there is no default).
View BFD Summary and Details
The following table describes how to view BFD information.
View BFD Information Description
View a BFD summary. Select Network > Virtual Routers and in the row of the virtual router you are interested in, click More Runtime Stats. Select the BFD Summary Information tab.
View BFD details. Select details in the row of the interface you are interested in to view BFD Details .

