Hey all,

I am rather new to the checkpoint platform so I am learning slowly. I am familiar with FTD and ASA so basically I have halfway decent firewall knowledge so now I am just trying to understand a new platform. We are having some intermittent connectivity issues to the point where users are experiencing websites that work sometimes and at other times they don't. Basically all users are going through a proxy server and that proxy server hands off to our checkpoint VSX. The VSX has a NAT setup and the outside world perceives http/https coming from a single source.

What I am seeing in the logs is that occasionally I will see a Xlate NAT Source port with a value higher than 65535 and it seems to correlate to web requests that are having issues. I am seeing values on the xlate Nat Source port of numbers like 65892 and 65734. These don't seem to make sense to me as ports higher than 65535 wouldn't be valid on a standard source port.

Does anyone have any thoughts on this behavior?