I SNMP walk (udp 161) to an AS/400 from one server behind a PIX515E and the return udp packet picks a random port between 5000 and 6000 and the PIX lets it back in OK w/o an ACL specifically allowing it.
I SNMP walk (udp 161) to an AS/400 from another server behind a FWSM and the return udp packet picks a random port between 5000 and 6000 and the FWSM denies it back in logging a message that ACL "outside" is blocking.
If I allow the entire udp range the FWSM allows it.
How can this be? What's the difference between the PIX 7.1(2) and the FWSM 3.1(4) and how it handles returning SNMP walks on random udp ports?
Might a fixup or inspect help on the FWSM? I don't want to open a 1000-port range if I can help it.