We have a customer that appears to be experiencing this bug but with FWSM 4.1(15).
There is a Linux HA solution on one side of the FWSM and when a failover occurs the Linux HA sends a Gratuitous ARP which updates the FWSM ARP cache however not all connections are updated. If we sniff traffic exiting the FWSM we can see the destination MAC address for 'some' existing connections have the wrong MAC address (the old MAC address). The clients are constantly sending traffic (SIP) to the Linux server so the connection states are continually refreshed. If we manually clear the connections or let them time out by disconnecting one of the SIP clients for 30-minutes (the default SIP control channel session timeout) it recovers, however this isn't practical.
We have recommended introducing a layer-3 hop between the FWSM and the Linux HA devices as we suspect this will solve the problem (i.e. the destination MAC will be the L3 next-hop and not the Linux server itself). In looking at the issue we identified the behaviour as the same as that documented under BugID: CSCsy35054, however this says it appeared in 3.2(6) and was fixed in 3.2(12.1) & 4.0(5.4) however we are running 4.1(15) which is the latest release.
Any other ideas?
Andy