I'm assuming the site_1 and site_2 Check Point firewalls are managed by the same SMS. If so, you have an automatic NAT rule configured in the policy but you forgot to change the "Install On Gateway" from the default of "Any" to either the site_1 or site_2 gateway specifically. That is why you are seeing the proxy ARP entry in the fw ctl arp output on the "wrong" firewall. Correct the Install On Gateway field for the automatic NAT referencing 10.1.0.5 and push policy to BOTH sites.
In my CCSA classes, I talk about the effect of leaving the "Install On Gateway" set to Any as helping trigger what I call the NAT Bomb when a second site/gateway is added for the first time. Most sites start with just one firewall/cluster and they configure NAT as needed. Unfortunately they leave the "Install On Gateway" set to "Any" in their automatic NAT setups or even in manual NAT rules. This is fine as long as there is only one gateway/cluster being managed. However when a second firewall/site is added and is managed by the same SMS, the NAT Bomb is triggered as soon as the policy is installed to the new gateway. It immediately starts trying to perform all the NATs configured for the original gateway, and will even attempt to proxy ARP for the original firewall's NAT addresses as well in the case of automatic NATs. This causes instant mayhem at both sites as asymmetric routing occurs and TCP out of state conditions are rampant. This lively class discussion is further reinforced by all the Automatic NAT example screenshots in the CCSA courseware showing the "Install On Gateway" left set to the default of "Any". Grrrr.
--
CheckMates Break Out Sessions Speaker
CPX 2019 Las Vegas & Vienna - Tuesday@13:30
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com