Stale ARP Entries

Ever since we upgrade to R80.40 JHF118 at the end of August, we've run into issues where ARP entries are not getting updated (or purged) on the gateways appropriately.  This really only impacts our Guest Wifi as the churn on DHCP leases is the highest.

I've changed the lease time on the scope from 1 day to 3 days to avoid a lease being handed back out too soon to give the gateways time to purge the stale ARP entry, but this is not really helping.

What did help was to ping each IP in the subnet once day to help the gateway refresh its ARP table.  This is well and good unless we have a surge of guest wifi users (large meeting).  When I first tracked down the issue there weren't any SKs published related to the behavior and we had a decent workaround until the problem with larger meetings became apparent.

On 10/7, a new SK was published (sk175603) that describes the behavior and that CP support pointed out to us after opening a case.

I wanted to share this out to the community in case you were running into anything like this.   The fix will be included in a JHF in mid-December (right during our year-end change freeze) so we're looking at not having a JHF until January sometime in our environment.  Anyone have any issues applying a specific hotfix provided by Checkpoint (which is also an option to resolve this)?

Any thoughts on workarounds/alternatives to help alleviate the issue (I'm already debating changing the frequency of pinging the individual IP addresses in the subnet from once a day to maybe once an hour).

Thank you

3 Replies
