I am trying to get 2 ASL 4.0 boxes to do HA failover properly. I believe I have everythign configured properly, but in the event of a simulated failure in the Primary firewall, the Standby firewall seems to come online, but of course all my machines have the MAC table entry of the old firewall. As far as I can tell, the ASL HA solution does _not_ use a virtual MAC/IP address as HSRP on a Cisco router would, is that correct? I would like to hear back from anyone using this feature so I know what to expect. Waiting 10 minutes for the ARP cache to timeout would kind of be bad.
