https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/413259#M93219 <P>Hi,</P> <P>&nbsp;</P> <P>In traffic allowed logs, I am seeing numbers in byte sent&nbsp;however byte received is zero and connections are getting aged-out for UDP voice traffic.</P> <P>Can anyone know about such traffic whether it is dropping or since this&nbsp; is UDP connection hence byte received is zero</P> <P>&nbsp;</P> <P>This traffic is allowing&nbsp; via security policy configured for outside to inside NAT, NATED IP is of cisco meraki&nbsp; server.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks</P> <P>Dhananjay Bhakte</P> Tue, 15 Jun 2021 15:18:57 GMT DhananjayBhakte 2021-06-15T15:18:57Z https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/413259#M93219 <P>Hi,</P> <P>&nbsp;</P> <P>In traffic allowed logs, I am seeing numbers in byte sent&nbsp;however byte received is zero and connections are getting aged-out for UDP voice traffic.</P> <P>Can anyone know about such traffic whether it is dropping or since this&nbsp; is UDP connection hence byte received is zero</P> <P>&nbsp;</P> <P>This traffic is allowing&nbsp; via security policy configured for outside to inside NAT, NATED IP is of cisco meraki&nbsp; server.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thanks</P> <P>Dhananjay Bhakte</P> Tue, 15 Jun 2021 15:18:57 GMT https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/413259#M93219 DhananjayBhakte 2021-06-15T15:18:57Z https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/417030#M93502 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/129413">@DhananjayBhakte</a>&nbsp;</P><P>These are just sessions that are allowed but don't have any reply. Allowed UDP sessions always have the session end reason aged out as this protocol is stateless. There isn't a packet like FIN or RST packet in TCP, so the firewall applies a timeout after a udp packet and if there is no answer or another UDP packet for the same session, this session will be removed from the session table after this timeout is reached and the session is then displayed as aged-out in the logs.</P> Sat, 03 Jul 2021 22:24:24 GMT https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/417030#M93502 Remo 2021-07-03T22:24:24Z https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/417080#M93508 <P>Thank You Vsys_remo for reply,</P><P>&nbsp;</P><P>Yes I agree with you, later I saw applications are discovering in same traffic logs, those applications was SIP&nbsp; other voice related applications and these applications always runs on UDP protocol&nbsp; since it is connection less protocol I was getting bytes received zero and aged-out.</P><P>&nbsp;</P><P>Thanks</P><P>Dhananjay Bhakte</P> Mon, 05 Jul 2021 03:31:33 GMT https://live.paloaltonetworks.com/t5/general-topics/bytes-received-zero-for-allowed-udp-ports/m-p/417080#M93508 DhananjayBhakte 2021-07-05T03:31:33Z