I will run the commands and log the session later today.
I am quite sure there is UDP traffic, though rarely. These are excerpts from the SSG5 log (there are more, just picked two at random):
| 2018-07-27 00:21:38 | crit | Src IP session limit! From 192.168.2.37:52165 to 8.8.8.8:53, proto UDP (zone Hot zone, int bgroup1). Occurred 1 times. |
| 2018-07-22 20:54:53 | crit | Src IP session limit! From 192.168.2.37:51516 to 239.255.255.250:1900, proto UDP (zone Hot zone, int bgroup1). Occurred 1 times. |
EDIT: I ran the commands. Since the server is connected to by multiple clients (of which I do not have a set IP), I used just "src-ip" and "dst-ip" filters. No UDP traffic in the logs, but as shown above there is traffic sometimes, plus NMap shows open|filtered.
Hope you can shed some light on this.