Weird HA Issue: pinging VIP and both Members responding

[hotice_]

Running IPSO 4.1 on both firewalls in Cluster configuration...

and we're having two distinct problems right now:

1) On the INTERNAL SIDE: We have two PCs on the same LAN segment pinging the VIP of the cluster....One of the PC is getting an echo reply while the other gets nothing.

TCPDumps shows that exact behavior:

16:00:25.030123 I PC_A > VIP: icmp: echo request
16:00:30.037799 I PC_A > VIP: icmp: echo request
16:00:35.044795 I PC_A > VIP: icmp: echo request
16:00:40.051886 I PC_A > VIP: icmp: echo request
16:00:45.059192 I PC_A > VIP: icmp: echo request
16:00:50.066415 I PC_A > VIP: icmp: echo request
16:00:55.073650 I PC_A > VIP: icmp: echo request
16:01:00.080898 I PC_A > VIP: icmp: echo request
16:01:05.088232 I PC_A > VIP: icmp: echo request
16:01:10.095419 I PC_A > VIP: icmp: echo request
16:01:15.102684 I PC_A > VIP: icmp: echo request
16:01:18.412269 I PC_B > VIP: icmp: echo request
16:01:18.412722 O VIP > 172.26.7.9: icmp: echo reply


2) On the EXTERNAL SIDE, we get a different behavior.

Same PC pinging the external interface (VIP) of the firewall (allowed by rule) and this time BOTH firewalls are responding to the ping request. This is confirmed by the tracker.

The customer has set up a proxy ARP thru Nokia Voyager and set the Virtual MAC address 0:0:5e:0:1:[VRID] converted to HEX.

Has anyone ever encountered this weird problem before?