When I set up manual NAT entries on Checkpoint, the Checkpoint usually automatically responds to ARP requests for NATted outside addresses with (proxy) ARP replies. Every now and then this stops working. The fix (workaround) is to add manual proxy ARP entries for the offending addresses.
Anyone know the logic around this? When do you have to add manual proxy ARP entries and when not? Is there a file somewhere I can check automatic proxy ARP entries?
I've asked Checkpoint about this but they've pretty much just answered with work instructions around how to add manual proxy ARP entries and how to debug proxy ARP issues, to identify that I have a proxy ARP issue. All of which I already knew.