There are products that use ARP broadcasts as a component of heartbeat/failover...so yes, you may see false positives for this signature. Cisco ASA is one example of many. Enable the trigger packet and you should be able to track down the "offending" device.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.