This is a dynamic port allocation issue. The port ranges are reversed.
The following output is seen for the 'fw ctl set int fwx_nat_dynamic_port_allocation_print_stats 1' command:
[DATE TIME];[cpu_11];[fw4_0];Free global high ranges for XXX.XXX.XXX.XXX:;
[DATE TIME];[cpu_11];[fw4_0]; Free: 4294940410;
[DATE TIME];[cpu_11];[fw4_0]; range [97567-30211]; -- REVERSED RANGE
[DATE TIME];[cpu_11];[fw4_0]; range [30207-30210];
[DATE TIME];[cpu_11];[fw4_0]; range [30213-30214];
[DATE TIME];[cpu_11];[fw4_0]; range [30213-30213];
[DATE TIME];[cpu_11];[fw4_0]; range [30212-30213];
[DATE TIME];[cpu_11];[fw4_0]; range [30212-30212];
[DATE TIME];[cpu_11];[fw4_0]; range [30216-30216];
[DATE TIME];[cpu_11];[fw4_0]; range [30215-30216];
[DATE TIME];[cpu_11];[fw4_0]; range [30218-30220];
The reversed range, range [97567-30211], is causing Hide NAT to translate the source port to ports greater than 65535.
Another example:
[DATE TIME];[cpu_12];[fw4_12]; range [57607-57607];
[DATE TIME];[cpu_12];[fw4_12]; range [57707-57805];
[DATE TIME];[cpu_12];[fw4_12]; range [65891-65990]; -- RANGE HIGHER THAN 65535
[DATE TIME];[cpu_12];[fw4_12]; range [67291-67390]; -- RANGE HIGHER THAN 65535
The source port ranges higher than 65535 is causing Hide NAT to translate the source port to ports greater than 65535.