After policy install: UDP packet that belongs to an old session drops

Problem description

At the customer site we have a rule which allows a WLAN Controller to connect to the RADIUS Server in another network.
After installing the rules, the UDP connections were rematched because it is the needed global Setting on this Firewall.

With fw ctl zdebug drop we see the following:

;[vs_1];[tid_0];[fw4_0];fw_log_drop_ex: Packet proto=17 10.1.1.1:57056 -> 10.45.99.40:1812 dropped by fw_handle_old_conn_recovery Reason: UDP packet that belongs to an old session;

So the RADIUS Connection will not come up again.
It seems to be a virtual UDP session in the state table of the fw.
This UDP connection will never reach the timeout and will never be removed from the state table.

Troubleshooting

In the RADIUS service object "NEW-RADIUS" set "Keep connections open after the policy has been installed" but this does not help.

Problem is described here: https://www.cpug.org/forums/showthread.php/22042-ClusterXL-connection-drop-when-Policy-Push

Workaround

Disable the RADIUS server for 2 minutes and the Connections do work again.

Solution

Solution is described here:
Dropped UDP Server to Client packets refresh the connection timeout (sk121933)

Fixed in Hotfix for current installed release or future Jumbo Hotfix from CP.