I have my default firewall behaviors set to Blocked. Things seem to be working fine but logs like the following show up occasionally/infrequently. Note the source port on these logs are either 444 or 800. Would this be normally expected behavior … related to connection session termination or some other normal network behavior? The Web Proxy seems to be working fine and there is no issue accessing the WebGUI. Would there be any value (or risk) in adding firewall rule(s) specifically allowing traffic from the firewall on these source ports to the local green net?
DROP_OUTPUT IN= OUT=green0 SRC=192.168.2.1 DST=192.168.2.xxx LEN=296 TOS=0x00 PREC=0x00 TTL=64 ID=17545 DF PROTO=TCP SPT=444 DPT=57814 WINDOW=94 RES=0x00 ACK PSH FIN URGP=0
DROP_OUTPUT IN= OUT=green0 SRC=192.168.2.1 DST=192.168.2.xxx LEN=296 TOS=0x00 PREC=0x00 TTL=64 ID=17546 DF PROTO=TCP SPT=444 DPT=57814 WINDOW=94 RES=0x00 ACK PSH FIN URGP=0
...
DROP_OUTPUT IN= OUT=green0 SRC=192.168.2.1 DST=192.168.2.xxx LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=61363 DF PROTO=TCP SPT=800 DPT=62520 WINDOW=83 RES=0x00 ACK URGP=0
DROP_OUTPUT IN= OUT=green0 SRC=192.168.2.1 DST=192.168.2.xxx LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=61364 DF PROTO=TCP SPT=800 DPT=62520 WINDOW=83 RES=0x00 ACK URGP=0