https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131577#M19393 <P>Ever since we upgrade to R80.40 JHF118 at the end of August, we've run into issues where ARP entries are not getting updated (or purged) on the gateways appropriately.&nbsp; This really only impacts our Guest Wifi as the churn on DHCP leases is the highest.</P><P>I've changed the lease time on the scope from 1 day to 3 days to avoid a lease being handed back out too soon to give the gateways time to purge the stale ARP entry, but this is not really helping.</P><P>What did help was to ping each IP in the subnet once day to help the gateway refresh its ARP table.&nbsp; This is well and good unless we have a surge of guest wifi users (large meeting).&nbsp; When I first tracked down the issue there weren't any SKs published related to the behavior and we had a decent workaround until the problem with larger meetings became apparent.</P><P>On 10/7, a new SK was published (<SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk175603&amp;partition=Advanced&amp;product=SecureXL" target="_self">sk175603</A>) that describes the behavior and that CP support pointed out to us after opening a case.</SPAN></P><P><SPAN>I wanted to share this out to the community in case you were running into anything like this.&nbsp; &nbsp;The fix will be included in a JHF in mid-December (right during our year-end change freeze) so we're looking at not having a JHF until January sometime in our environment.&nbsp; Anyone have any issues applying a specific hotfix provided by Checkpoint (which is also an option to resolve this)?</SPAN></P><P><SPAN>Any thoughts on workarounds/alternatives to help alleviate the issue (I'm already debating changing the frequency of pinging the individual IP addresses in the subnet from once a day to maybe once an hour).</SPAN></P><P>Thank you</P> Tue, 12 Oct 2021 15:09:46 GMT Matt_Taber 2021-10-12T15:09:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131577#M19393 <P>Ever since we upgrade to R80.40 JHF118 at the end of August, we've run into issues where ARP entries are not getting updated (or purged) on the gateways appropriately.&nbsp; This really only impacts our Guest Wifi as the churn on DHCP leases is the highest.</P><P>I've changed the lease time on the scope from 1 day to 3 days to avoid a lease being handed back out too soon to give the gateways time to purge the stale ARP entry, but this is not really helping.</P><P>What did help was to ping each IP in the subnet once day to help the gateway refresh its ARP table.&nbsp; This is well and good unless we have a surge of guest wifi users (large meeting).&nbsp; When I first tracked down the issue there weren't any SKs published related to the behavior and we had a decent workaround until the problem with larger meetings became apparent.</P><P>On 10/7, a new SK was published (<SPAN><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk175603&amp;partition=Advanced&amp;product=SecureXL" target="_self">sk175603</A>) that describes the behavior and that CP support pointed out to us after opening a case.</SPAN></P><P><SPAN>I wanted to share this out to the community in case you were running into anything like this.&nbsp; &nbsp;The fix will be included in a JHF in mid-December (right during our year-end change freeze) so we're looking at not having a JHF until January sometime in our environment.&nbsp; Anyone have any issues applying a specific hotfix provided by Checkpoint (which is also an option to resolve this)?</SPAN></P><P><SPAN>Any thoughts on workarounds/alternatives to help alleviate the issue (I'm already debating changing the frequency of pinging the individual IP addresses in the subnet from once a day to maybe once an hour).</SPAN></P><P>Thank you</P> Tue, 12 Oct 2021 15:09:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131577#M19393 Matt_Taber 2021-10-12T15:09:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131809#M19463 <P>Did you receive a private fix from TAC?</P> Fri, 15 Oct 2021 08:01:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131809#M19463 _Val_ 2021-10-15T08:01:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131842#M19477 <P>I submitted requested cpinfo files a few days ago; still waiting on the hotfix.</P> Fri, 15 Oct 2021 12:32:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131842#M19477 Matt_Taber 2021-10-15T12:32:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131844#M19479 <P>Replied to this before checking my email this morning,&nbsp; Support notified me yesterday evening that the hotfix is available via SFTP.</P> Fri, 15 Oct 2021 12:34:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Stale-ARP-Entries/m-p/131844#M19479 Matt_Taber 2021-10-15T12:34:40Z