Where the PAT (Port Address Translation) can be configured

mipecAG
mipecAG Posts: 2
First Anniversary
edited April 2021 in Security
Hi
We have a strange behaviour that outgoing ports are translated to very low port numbers  (1040) the standard says, the PAT should be   Port+1, how comes we see from dynamic ports 49152 ..65535 are translated to 10xx  , how comes. We do not know if such low numbers could be suppressed any where (as we are having problems) (i'd like to move the to 32769+...)
Is there a statistic of the size of the NAT/PAT table and can it be logged in the syslog and probably the actual value of the translated port?

Regards

Ralph

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @mipecAG

     

    Theoretically, USG will dynamically assign the port which is unoccupied when doing NAPT behavior. And we can’t configure a specific range to dynamic ports.

    According to your situation, there are some points we need to clarify:

    (1). What USG model and firmware version you are using now?

    (2). Does this phenomenon appear often?

    (3). What kind of action of host lead to this phenomenon? 

    (4). If the dynamic port change to 1040 or 10xx for a while, will it change to the higher range 49152 ..65535 again?

     

    You can refer to the following link tutorial use USB to log traffic syslog.

    That will help you to check your dynamic port number of historical traffic.

    https://community.zyxel.com/en/discussion/4134/log-and-backup-to-usb

    select Network category.



    The traffic log will be logged.



    Thanks.
  • PeterUK
    PeterUK Posts: 2,653  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Are you telling about the source port for outgoing connections? The USG will try not to change the source port when sending out the WAN.

    Your ISP might be changing the source port?

    If you do a packet capture in the USG for LAN and WAN load up some pages then compare the source port before and after NAT.


Security Highlight