You can do a packet capture on the firewall using TCP Dump to identify the MAC addr of the sender of these broadcast packets, and then look at the firewall MAC addr table to see the firewall interface from which they are coming.
If you have managed switches, you can find out the switch port to which that MAC addr is connected.
Also you can do a MAC addr lookup on the Internet to see the manufacturer of the Ethernet NIC which may help identify the source device.
Comments
You can do a packet capture on the firewall using TCP Dump to identify the MAC addr of the sender of these broadcast packets, and then look at the firewall MAC addr table to see the firewall interface from which they are coming.
If you have managed switches, you can find out the switch port to which that MAC addr is connected.
Also you can do a MAC addr lookup on the Internet to see the manufacturer of the Ethernet NIC which may help identify the source device.
TCP Dump
Run Diagnostic Tasks on Your Firebox
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_diagnostics_tasks_web.html
https://isc.sans.edu/data/port/4711 says that this is possible user of UDP port 4711:
Trinity Trust Network Node Communication
thank you for your help. I'll create a dump and then check what kind of device it is. I didn't even think of that right away
You can specify the firewall interface to use for the dump, source or dest IP addr etc using the Advanced Options