On three separate occasions we tried to swap out our firewall for a newer model but we kept having problems with inbound traffic on public IP addresses other than the one assigned to the WAN interface of the firewall.  Turns out that the switch on the ISP side wasn’t seeing the interface go down so the ARP cache was not clearing (I think this had something to do with the way our SONET Fiber ring is configured).  Once we got our ISP to clear the cache, inbound traffic routed correctly.  Cox, our ISP says the default timeout on their switch for the cache is 10 minutes.