DHCP relay traffic drop after policy installation
The drops are caused by a policy installation and the mechanism associated with matching old and new connections. When a policy is installed, all the existing connections are marked with OLD flag. After this happens, client to server packets that arrive are being re-matched in rulebase and OLD flag is removed. But, if server to client packet arrives on an OLD connection it is dropped by the Security Gateway.