We need to replace a hardware firewall (cisco pix) and have a spare that we will use (temporarily). The firewall sits in front of a couple of web-servers colocated at a data-centre.
The replacement will be configured with identical settings (external/internal IP addresses, configured ports etc.).
When we swap the firewalls over, will this work immediately or will the old Pix's mac address be cached and the new firewall not be seen until the cache is cleared? (What is it though that is caching the address? Is it just the switch/router that our pix is connected to?)
Reason for asking is a few years ago I had a smoothwall firewall in front of a lone server (the external IP of the smoothwall was also the external IP of the web-server). When I replaced the smoothwall with a pix, the IP address of the web-server stayed the same but it now had to be reached via the new firewall on a different IP. It took about 2-4 hours before the rest of the world could see that web-server again. I'm hoping for less downtime this time!
Have your hosting company clear the arp cache.
Mac address are indeed cached, but the lifetime of an entry is quite short (few minutes).
I think that when you changed the smoothwall by a pix, it took some time more because of some dns caching that arp caching.
As you're not changing IPs on your setup, it should work without any delay.
Both, it is cached AND it has a protocol that makes sure it will be recognized pretty much immediately. The firewall will run some announcements via ARP protocol on every port "coming up".