The need of manual proxy ARP depends on some factors.

First of all if the NAT IP is part of the relevant interface subnet. If not, proxy ARP is not needed but a return-route.

If it is part of the subnet, then proxy ARP is needed, but if global properties are defined correctly by using automatic NAT (configured on objects) will create the relevant proxy ARP for you.

Were the 8 NAT addresses "plucked" from the so-called dirty segment between the firewall's external interface and your Internet perimeter router?  If so proxy ARPs are needed but assuming "Automatic ARP Configuration" is checked on the NAT Global Properties it should create them for you when you use the Automatic NAT setup (which is what you are doing).  Run command fw ctl arp to see what addresses the firewall believes it needs to provide proxy ARP service.

If the 8 addresses are not "plucked" and there is a different transit subnet in use on the dirty segment, proxy ARP is not needed but then these 8 addresses need to be properly routed inbound to your firewall via the transit subnet.  The Internet perimeter router needs a static route for these addresses/subnet pointing to the outside IP address of the firewall.  This assumes of course that these 8 addresses are actually being correctly routed to you over the Internet in the first place, to confirm try to traceroute to one of these addresses from somewhere else on the Internet outside the firewall.  Does it seem to be coming your way?  How far is it getting to you?