melipla thanks for the info.
Here is a sanitized copy of one of the log files
Code:
Number: 12844
Date: 18Nov2007
Time: 10:23:18
Product: VPN-1 Power/UTM
Interface: eth0
Origin: xxxxxxxxxxxx
Type: Log
Action: Accept
Protocol: tcp
Service: partner_service (2222)
Source: 10.0.57.150
Destination: Partner_Object
Rule: 13
Current Rule Number: 13-Standard
Rule Name: Partner
Source Port: 1047
NAT additional rule number: 0
NAT rule number: 1
Rule UID: {5DE07C3B-4844-4EFE-9451-91F644338741}
SmartDefense Profile: Default_Protection
XlateSPort: 10255
XlateSrc: Partner_Ext_NAT_IP
Policy Info: Policy Name: Standard
Created at: Sat Nov 17 01:50:34 2007
Installed from: xxxxxxxxxxxxxx I think you may be right about the ARP causing the problems
Would it be possible to cheat the firewall in to creating the ARP correctly by creating an object and setting up automatic Hide NAT on the object itself to make the ARP entry and then place my manual NAT statement above it, thus getting passed the need to keep an ARP list?
Just a thought.