In trying to chase down another issue on a network I discovered what seems to be an anomaly or at least something which I don't believe should happen and/or is unnecessary, causing (possibly) certain network problems.
I have observed that whenever I ping a host on this LAN (from another host on the same LAN) the SonicWALL will always respond to the initial ARP request with its own MAC address. This seems to be happening at the beginning of other network communications as well although I haven't dug as deep as I have with the following scenarios.
Please see the respective figures below (attached file) which correspond with the following (these are all on the same LAN - no VLAN's or anything):
Note: initiator (pinger) is Broadcom. . . / 10.0.181.15 in each case.
1) Ping live host. Initial arp request is answered by SonicWALL, then by actual host. Subsequent ping request/reply is normal between only pinger and pingee.
2) Ping live host. Initial arp request is answered by actual host, then by SonicWALL (arp response reverse of scenario 1). Subsequent ping request/reply exchange works except that two ping requests are sent for each reply. The first request is sent to the SonicWALL's MAC, the next is sent to the correct host MAC. It is apparent that the initiating host cached the MAC address of both replies and is sending requests in the order the arp responses were received.
3) Ping non-existent host. SonicWALL responds to arp request with its own MAC, then proceeds to send three arp requests to the (non-existent) destination host. Since the initiating host received a reply to its initial arp request it sends specified number of ping requests to the SonicWALL's MAC. Of course the SonicWALL doesn't answer and the result is request timed out.
1) Why does SonicWALL do this?
2) Can it be disabled?
3) Is this arp proxying?