Users are intermittently not able to connect to web sites through Security Gateway in the following scenario:

1. Topology:
   
   • Users receive an IP address from a DHCP Server.
   • DHCP Server and DNS server are located behind the Security Gateway.
   • A new IP address is assigned after user disconnects from a network and reconnects.
   
2. SecureXL is enabled on the Security Gateway.
3. When user connects for the first time, access to web sites by their URLs works correctly.
4. After user disconnects and reconnects for the second time, access to web sites by their URLs stops working intermittently.
   It is possible to access web sites only by their IP addresses.

Checking the ARP table on the Security Gateway (with "arp -nv", "ip -s -s -4 neigh show" commands) during the issue shows the following:

• IP address of the user's computer, who experiences this issue, is associated with a wrong MAC Address
• The relevant entry is refreshed and associated with the correct MAC Address only in the following cases:
  
  • some traffic (e.g., ping) is sent from the Security Gateway to the IP address of the user's computer
  • SecureXL is disabled ('fwaccel off') and reenabled ('fwaccel on') on the Security Gateway
  • user tries to access web sites by their IP addresses

This issue does not occur for users, whose computers are configured with static IP addresses.

Disabling SecureXL on the Security Gateway resolves the issue.