VeloCloud Edges uses the NAT port range from 5001-65535 to breakout the Internet traffic Direct via the WN interfaces.

All supported VMware VeloCloud SD-WAN edge versions in 5.x

In some specific countries, some ports might be blocked by ISP. The traffic would get dropped, causing production impact. Customer may observe traffic freezes for 1-10 seconds and get back to normal. It is because some NAT ports are dropped and then a new flow is generated and the new NAT port is allowed by ISP.

For example, port 5556 is blocked by China Telecom, if customer is browsing website and the flow is accidently being NATed to port 5556, customer observes web page freezes, until a new TCP session creating a new flow being NATed to a new port.

Please contact VeloCloud support if you want the default port selection to be modified. The workaround can be performed in Edge level. 

Please note that the Workaround will not persist after Edge upgrade, and needs to be re-applied.