By the way, i didn’t find how to configure/disable SIP user agents you talk about. Where can i do that?
So i guess to solve this issue, you have to set UDP NAT session timeout to very short time… ?
SIP user agents are the SIP devices you are using through your NAT. It could be your IP-PBX if on premises or your IP phones if your PBX is in cloud.
Reducing UDP NAT sessions timeout to a value lower than SIP register refresh is not a good idea as by doing so incoming requests will often find a closed door. Neither is turning your PBX or phones off until their NAT sessions time out.
I usually flush all NAT sessions: security->firewall->connection tracking->flush.
We use load balancing with balancing rules routing SIP traffic to a preferred gateway. When it fails a new one is chosen, but while UDP NAT sessions are alive on the new gateway, it is used regardless the status of the preferred one.
The only way to switch your gateway back is to let NAT sessions expire (turn SIP user agents off) or manually disable the new gateway. I guess it does not happen with http connections because their lifespan is shorter, while UDP ones could last forever.