Another datapoint on that. I am experiencing some issues with cable modems denying internet access to the Peplink SOHO, and while I still haven’t been able to confirm the problem here is the issue, I do see some local LAN ARP broadcasts on the WAN port, including Local LAN IPs and MAC addresses of devices behind the NAT firewall. Those devices should not be visible on the WAN port and those ARP should be dropped on the WAN, but according to the capture logs it is possible these are being forwarded on to the WAN link.
This could explain why I am having problems, because ISP cable modems typically only allow one MAC address to go through, so if one of these ARPs got to the modem before the SOHO’s own ARPs, the modem could lock onto the MAC address of the internal LAN device instead of the SOHO’s MAC.
Currently have an open ticket with @sitloongs on this modem issue. I think it is highly possible the problem here might be the root cause of mine.
Running FW 7.1.