Good afternoon sirs.
After a scheduled maintenance, the firewall was restarted.
From this point the firewall started to generate many DROP logs on port 8116 (range_udp_1024-65535).
Source IP addresses start with 0.0.0.x toward the corporate network.
When opening one of the logs I saw that the reason was EARLY DROP (SK111643).
The rule that made the drop was the CPEarlyDrop.
Analyzing SK111643 I saw that the firewall can discard packets based on a unified policy column, but I do not understand why this behavior with packets coming from these strange addresses (0.0.0.x) towards the corporate network and that port 8116 is used by Check Point to cluster.
Anyone have an idea?