Occasionally seeing log of DROP_OUTPUT from firewall to green0 host with Src Port of 222, 444, and 800. I understand the connections from green0 host to the firewall with Dst Port of 222, 444, or 800. I was surprised to see traffic from the firewall using these as Src ports. On these dropped outbound packets, the Dst port to green0 host varies in the high range up near 64K. Should I be concerned about these dropped packets? They don’t seem to be causing any noticeable Issue. Would it be advisable to create rules to allow packets with these Src ports (and any Dst port) to pass to the green0 host?
[Edit 1] Just noticed another with SPT=3128 – transparent web proxy
I was hoping someone would toss out a short explanation as to why it would be okay to see TCP traffic from the firewall – using the known service source ports on the firewall and random destination ports – going to my green host.
Thanks @jon,
Default firewall behaviour for both Forward and Outgoing is set to Blocked.
Here’s a sample log – where 192.168.x.x is the firewall and 192.168.y.y is the green host: