After upgrading to SEP 12.1, I'm getting a lot of ETHERNET [type=0x806] entries being logged in my firewall logs.
I even tried creating a new FW rule that said allow these ethernet entries and don't log them, but they are still being created.
(Verified that the new FW policy is in effect on the clients)
This is being logged by the "Block all other traffic" rule.
Anyone else seeing this?
EDIT: "Enable anti-MAC spoofing" is not enabled.aa