diff --git a/src/transport/SecureSessionMgr.cpp b/src/transport/SecureSessionMgr.cpp
index 021169b554df41..0cf9e159c9ac76 100644
--- a/src/transport/SecureSessionMgr.cpp
+++ b/src/transport/SecureSessionMgr.cpp
@@ -334,24 +334,13 @@ void SecureSessionMgr::MessageDispatch(const PacketHeader & packetHeader, const
         isDuplicate = SecureSessionMgrDelegate::DuplicateMessage::Yes;
         err         = CHIP_NO_ERROR;
     }
-    if (err != CHIP_NO_ERROR)
-    {
-        ChipLogError(Inet, "Message counter verify failed, err = %" CHIP_ERROR_FORMAT, err.Format());
-        return;
-    }
+    VerifyOrDie(err == CHIP_NO_ERROR);
 
     mUnauthenticatedSessions.MarkSessionActive(*session);
 
     PayloadHeader payloadHeader;
     ReturnOnFailure(payloadHeader.DecodeAndConsume(msg));
 
-    if (isDuplicate == SecureSessionMgrDelegate::DuplicateMessage::Yes && !payloadHeader.NeedsAck())
-    {
-        // If it's a duplicate message, but doesn't require an ack, let's drop it right here to save CPU
-        // cycles on further message processing.
-        return;
-    }
-
     session->GetPeerMessageCounter().Commit(packetHeader.GetMessageId());
 
     if (mCB != nullptr)
diff --git a/src/transport/UnauthenticatedSessionTable.h b/src/transport/UnauthenticatedSessionTable.h
index 46efc56bd8cc59..48d721fb9ff096 100644
--- a/src/transport/UnauthenticatedSessionTable.h
+++ b/src/transport/UnauthenticatedSessionTable.h
@@ -41,9 +41,6 @@ class UnauthenticatedSessionDeleter
 /**
  * @brief
  *   An UnauthenticatedSession stores the binding of TransportAddress, and message counters.
- *
- *   The entries are rotated using LRU, but entry can be hold by using UnauthenticatedSessionHandle, which increase the reference
- * count by 1. If the reference count is not 0, the entry won't be pruned.
  */
 class UnauthenticatedSession : public ReferenceCounted<UnauthenticatedSession, UnauthenticatedSessionDeleter>
 {
@@ -71,6 +68,14 @@ class UnauthenticatedSession : public ReferenceCounted<UnauthenticatedSession, U
     PeerMessageCounter mPeerMessageCounter;
 };
 
+/*
+ * @brief
+ *   An table which manages UnauthenticatedSessions
+ *
+ *   The UnauthenticatedSession entries are rotated using LRU, but entry can be
+ *   hold by using UnauthenticatedSessionHandle, which increase the reference
+ *   count by 1. If the reference count is not 0, the entry won't be pruned.
+ */
 template <size_t kMaxConnectionCount, Time::Source kTimeSource = Time::Source::kSystem>
 class UnauthenticatedSessionTable
 {
@@ -94,14 +99,6 @@ class UnauthenticatedSessionTable
             return CHIP_ERROR_NO_MEMORY;
         }
 
-        const uint64_t currentTime = mTimeSource.GetCurrentMonotonicTimeMs();
-        if (currentTime - entry->GetLastActivityTimeMs() < kMinimalActivityTimeMs)
-        {
-            // Protect the entry for a short period to prevent from rotating too fast.
-            entry = nullptr;
-            return CHIP_ERROR_NO_MEMORY;
-        }
-
         mEntries.ResetObject(entry, address);
         return CHIP_NO_ERROR;
     }
@@ -185,8 +182,8 @@ class UnauthenticatedSessionTable
         case Transport::Type::kUdp:
         case Transport::Type::kTcp:
             return a1.GetIPAddress() == a2.GetIPAddress() && a1.GetPort() == a2.GetPort() &&
-                (a1.GetInterface() == INET_NULL_INTERFACEID || a2.GetInterface() == INET_NULL_INTERFACEID ||
-                 a1.GetInterface() == a2.GetInterface());
+                // Enforce interface equal-ness if the address is link-local, otherwise ignore interface
+                (a1.GetIPAddress().IsIPv6LinkLocal() ? a1.GetInterface() == a2.GetInterface() : true);
         case Transport::Type::kBle:
             // TODO: complete BLE address comparation
             return true;
@@ -195,7 +192,6 @@ class UnauthenticatedSessionTable
         return false;
     }
 
-    static constexpr uint64_t kMinimalActivityTimeMs = 30000;
     Time::TimeSource<Time::Source::kSystem> mTimeSource;
     BitMapObjectPool<UnauthenticatedSession, kMaxConnectionCount> mEntries;
 };