FW-1 load balancing is unbalanced

[Neil Ratzlaff <Neil.Ratzlaff () ucop edu>]

I am trying to use FireWall-1 (solaris 2.5.1 on Sparc20, running FW 3.0b)
for load balancing a group of https web servers (type = Other, method =
Round Robin).  The certificate is for a virtual machine on the same subnet
as the servers.  I started with 2 servers and things worked well.  I added
a third server to the server group, and this server began to get the
majority of hits.  When the third server is not in the group but still
available directly on the WWW, it gets almost no hits.   This is very
reproducible, as I can move the server in and out of the group and see the
same responses every time.

There are two types of hits: a cgi script which is a major CPU load and
some graphics.  The third server grabs almost all the CGI hits, leaving the
other two servers to deal with the graphics.

Yes, I have tried reinstalling the policy.  I have run snoop on the
external interface, and see nothing coming in directed to the third server.
 All inbound packets are coming to the virtual server.

A.B.C.4 and A.B.C.11 are the first two addresses, and A.B.C.1 is the third.
 I am beginning to wonder if FW-1 thinks that X.Y.Z.1 is a special address
for load balancing.  Something appears to be weighting FW-1 load balancing
in favor of that machine, but I have no clue as to what it might be.  I am
almost desparate enough to change the IP address of the third machine, just
to see if it helps.

Does anyone have load balancing working?  Does anyone have any suggestions
for me?  

Thanks for any help,
Neil