We have two hosts inside of our network that makes a connection to a site on a non-standard port (1570). The site then sends traffic back to the host on the same port. Apparently, they couldn't get it to work for the return traffic unless they allowed the traffic back on the outside back in on the same port. This was in a symantec gateway appliance.
I'm doing my conversion, and I think it should work fine without allowing the traffic back in specifically, but if not, I think I'm going to have to have a static assigned for these hosts.
Any other suggestions?