What you have found aligns perfectly with the behavior you are seeing.
I can't see why a Netscaler or any other device would try to use or take over another system's MAC address, unless you got extremely unlucky and the Netscaler and the cluster happened to dynamically derive the exact same VMAC address for their use. Here is how the Check Point cluster computes the VMAC to use:
First 24 bits
|
Unique constant value.
|
00:1C:7F
|
Next 8 bits
|
VSX Virtual System ID.
|
-
In a VSX Cluster:
Virtual System ID
-
In a non-VSX Cluster
000000000
|
Last 16 bits
|
Unique value that the
assigns to each cluster object.
This makes the VMAC value unique for each managed cluster.
|
Unique value for each cluster
|
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com