Error message in the Tracker : NAT Hide failure – there are currently no available ports for hide operation

Can happen when the fwx_alloc  table is full :

#fw tab -t fwx_alloc   -s
HOST                  NAME                               ID        #VALS    #PEAK     #SLINKS
localhost             fwx_alloc                        8187    150000 150000 0

#fw tab -t fwx_alloc
localhost:
——– fwx_alloc ——–
dynamic, id 8187, attributes: keep, sync, expires never, limit 150000, hashsize 131072

[...]

You can flush the table with the following command:

#fw tab -t fwx_alloc -x

FYI:

The fwx_cache table was introduced in VPN-1/ FireWall-1 NG FP3 and VPN-1/ FireWall-1 NG AI. The table is used as a cache for the NAT rule matched entries. If a specific connection (i.e. specific source IP address -> specific destination IP address) matches a NAT rule, the result of the rule match will be kept in this table. When the next such connection opens, the NAT rule match will not be performed, since that information is already in the cache table. The NAT cache table is intentionally smaller than the Connections table, since it is assumed that it will contain most of the common / frequent connections, therefore enabling NAT performance optimization.