Thanks for getting back to me.
That is correct, l have UniFi AP (192.168.14.126) behind RUT240 that is suppose to establish a connection to my AWS server on the TCP-8080.
Once the session established, AP sends keepalive messages. This way you can always manage it via the controller.
Occasionally, maybe 3-4 times a day connection drops. While the connection was in the broken state, l took tcpdump from the RUT240.
As you can see all packets have TTL of 64, means they are local (initiated locally, as default TTL for Linux is 64) and were not router.