Support Center > Search Results > SecureKnowledge Details
DHCP relay traffic drop after policy installation
Symptoms
  • DHCP relay traffic drop after policy installation.
  • Running kernel debug (fw ctl debug -m fw + drop) is showing the following log:
    dropped by fw_handle_old_conn_recovery Reason: UDP packet that belongs to an old session;
  • Rebooting upstream switch temporarily resolves the issue until the next policy installation.
Cause

The drops are caused by a policy installation and the mechanism associated with matching old and new connections. When a policy is installed, all the existing connections are marked with OLD flag. After this happens, client to server  packets that arrive are being re-matched in rulebase and OLD flag is removed. But, if server to client packet arrives on an OLD connection it is dropped by the Security Gateway.


Solution
Note: To view this solution you need to Sign In .