Support Center > Search Results > SecureKnowledge Details
Dropped UDP Server to Client packets refresh the connection timeout
Symptoms
  • UDP packets from Server to Client are dropped by the Security Gateway, as mentioned in sk103598.
  • Kernel debug (fw ctl zdebug + drop) shows:
    ;[fw4_0];fw_log_drop_ex: Packet proto=17 192.168.100.10:12000 -> 192.168.200.10:12000 dropped by fw_handle_old_conn_recovery Reason: UDP packet that belongs to an old session;
  • The connection timer is reset by the dropped packets.
Cause

There is an existing session table entry for this session.

By default UDP is a sessionless protocol and by design Check Point creates a virtual session for UDP.

If a server creates a session to a client, for the client it's not possible to initiate a same session with the same IP:Port combination.


Solution
Note: To view this solution you need to Sign In .