Enterasys Secure Router XSR3150 "Deny Massage"

Hi All,

I am currently working on a enterasys xsr-3150 device with a firewall
module installed. i am seeing the following massage...which I believe
is causing serious reliabilty issues from a client point of view.

just would like to know if anyone have seen the following deny massage
before ...and genrally what does it mean?.

3, 184, FW_Address, 11/22/2006, 8:02:14 AM, Nov 22 08:03:40 SAC_XSR7
FW: Nov 22 08:03:40 2006 Deny: TCP ACK packet, session not open
Source_Address(110)->Desitination Address(4626)

First thought was someone from the internet was trying to packet sniif
the addresses etc...but we are getting thousands of these from trusted
clients that have been set up with firwall rules etc
so current thinking is linked to a bug on the enterasys 3150 firewall
device.
finally the funny thing is that the firewall denys packets from a
source with the above massage then allows it in after a period of time
?

thanks for any help offered !