Occasionally seeing log of DROP_OUTPUT from firewall to green0 host with Src Port of 222, 444, and 800. I understand the connections from green0 host to the firewall with Dst Port of 222, 444, or 800. I was surprised to see traffic from the firewall using these as Src ports. On these dropped outbound packets, the Dst port to green0 host varies in the high range up near 64K. Should I be concerned about these dropped packets? They don’t seem to be causing any noticeable Issue. Would it be advisable to create rules to allow packets with these Src ports (and any Dst port) to pass to the green0 host?
[Edit 1] Just noticed another with SPT=3128 – transparent web proxy