Let's say we have a firewall rule that allows 18.104.22.168 to 22.214.171.124 on tcp/443 and we have an active session between the two hosts and we remove the rule that allows that trafic.The session will still be active.
I was surprised to see the session no to be purged by the MX. The MX will not be blocking the trafic as long as the session is active OR the MX reboots...
In our case it took more than 24 hours for the MX to stop logging hits to the ''ghost'' rule.
That doesn't seem to secure to me. Any other firewalls that are doing that behavior ? I would expect the sessions concerned to be purged the second that the trafic is no longer permitted.
Meraki TAC have confirmed that this is the expected behavior.