I've been fighting an issue for months where my other offices haven't been able to reach our internal web portal sporadically. I haven't had time to devote to the issue, because it was sporadic and I always had something else that took a higher priority any time the issue came up. After a particularly obnoxious few days with the issue, it got bumped up higher on the priority list and I got to devote time to it. After a lot of digging around I found the issue came down to incorrect MAC entries being sent out in response to ARP requests. It appears my firewall is answering ARP requests with its MAC for requests that are going to my router. The MPLS router is the default gateway for my network, and it passes traffic that isn't bound for the outside offices to the firewall to pass on to the internet.
So, after some reading I think my NATing is causing the firewall to answer ARP requests for my router and messing up my clients' ARP tables. I read about similar problems on this forum and there was discussion talking about ARP proxy being set by default and causing the behavior. There was a command for disabling ARP proxy, but I didn't want to toss it on my firewall without clearly understanding what it would do as I don't want to break my NATing. Anyone able to help me out and give me a broad overview of what happens when you issue the "sysopt noproxyarp Inside" command?