Certain flows are not considered for recommendation even when marked as unprotected

Symptoms:
-  Certain unprotected flows would not be part  recommendation - 'Ready to publish' list 
-  Recommendation job complete 'Nothing to Recommend' 

SSP 5.x

How We Recommend Network Flows

To ensure you receive the most accurate and secure recommendations, the system filters network flows based on a specific set of rules. A flow will only be recommended if it meets both of the following criteria:

• Application Level Gateway (ALG) Status: The flow must be categorized either as a primary 'control' connection or have 'none' applied to it.
• Connection Status: The TCP connection must be fully established ('complete'). If the connection is 'incomplete', it will only be recommended if the firewall is currently blocking it.

How ALG Works

Think of an ALG service object as a dynamic bouncer for your network. When you configure a rule using it, the firewall closely monitors the main conversation (the control connection). By listening to this control connection, the firewall can intelligently figure out exactly which additional doors (data ports) need to be opened for the rest of the data to flow securely.

What is an "Incomplete" Connection?
When we say a connection is "incomplete," it typically refers to one of two things:

• Embryonic Connections: These are connection attempts that started the handshake process but never actually finished setting up (often called "half-open" connections).
• Unsolicited Connections: This is unexpected traffic arriving at the firewall that wasn't requested by an internal device.