Support Center > Search Results > SecureKnowledge Details
Dropped UDP Server to Client packets refresh the connection timeout Technical Level
  • UDP packets from Server to Client are dropped by the Security Gateway, as mentioned in sk103598.
  • Kernel debug (fw ctl zdebug + drop) shows:
    ;[fw4_0];fw_log_drop_ex: Packet proto=17 -> dropped by fw_handle_old_conn_recovery Reason: UDP packet that belongs to an old session;
  • The connection timer is reset by the dropped packets.

There is an existing session table entry for this session.

By default UDP is a sessionless protocol and by design Check Point creates a virtual session for UDP.

If a server creates a session to a client, for the client it's not possible to initiate a same session with the same IP:Port combination.

    Note: To view this solution you need to Sign In .