Suricata action behind AWS gateway balancer

Please include the following information with your help request:

  • Suricata version
  • Operating system and/or Linux distribution
  • How you installed Suricata (from source, packages, something else)

Hi team

We are running Suricata 6 on Amazon EC2 ( Ubuntu) and it’s placed behind AWS gateway load balancer. While playing with it we want to confirm the reject rule action.
According to the doc, while running IDP mode it should send tcp rst to clients if the request hits the denied rules(reject), however Suricata drops the traffic and client waits until timeout. Is this the expected behaviour? Or we misconfigured something ?