Security Gateway, by default has 200 'high' ports and 20 'low' ports for Hide NAT (these numbers (200 and 20) are two parameters that are used by internal logic for static port allocation calculation).
The whole range of ports is around 50 000, and Hide NAT is done per IP address.
Hide NAT port exhaustion might be caused by the following on Security Gateway:
- High number of CoreXL FW instances.
When CoreXL is enabled on Security Gateway, in order to share the range of available ports between all CoreXL FW instances, in case of of static port allocation (not dynamic port allocation), this number of ports is divided by the number of CoreXL FW instances, thus each CoreXL FW instance has its own range.
For example, on a Security Gateway with 10 CoreXL FW instances, each CoreXL FW instance will get 20 'high' ports and 2 'low' ports for Hide NAT.
- 'HTTP/HTTPS Proxy' feature (introduced in R75.40 version).
'HTTP/HTTPS Proxy' feature uses Hide NAT when opening the connection from the Security Gateway to the Destination.