About ypopuri

This can be a common behavior with UDP sessions like SIP and IKE stuck in that state if the traffic is matching the same session continuously and gets refreshed because with SIP sessions you will see traffic on 5060 and for IKE 500 as the ports. If you have active calls and IKE traffic traversing through the firewall constantly it would match the same session and gets refreshed they tend to stay in an Active state for longer time. If you don't want that to happen you can work with timeout values. This KB article might help you understand a scenario on why you need to adjust timeout value for SIP session  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clg7CAC   There's a possibility that due to any reason this sessions can go into Discard state and be a stale session. A session in discard state will continue to be refreshed and discard traffic as long as the arriving traffic matches the discard session basically 6 tuples. Particularly with UDP traffic, you can end up stuck in this state. . At this point of time you will see traffic incrementing on total byte count in session info. And the only way is to manually clear the session. I hope this clarification helps.  ... View more