This is a real life sample alert from the indeni guide to preemptive maintenance for Check Point Firewalls.
This firewall used to have (51) proxy ARP entries. They have disappeared suddenly from the output of “fw ctl arp”. Proxy ARP behavior may be impacted.
Manual Remediation Steps:
If this is due to an interface being taken down, please verify that “fw ctl arp” provides the correct output after the interface being turned back on. If it doesn’t, contact technical support.
If this is not due to an interface being taken down, we recommend you contact technical support. Please review SK98740 and SK93534.
How does this alert work?
indeni runs the “fw ctl arp” command every few minutes and identifies when there is a major change in the response.