By default, the ProxySG appliance uses a randomly assigned source port in a range between 49152 and 65535 for outgoing connections. This is the ephemeral port range suggested by Internet Assigned Numbers Authority (IANA). On a busy appliance, this small range of TCP ports can result in the ProxySG reusing source ports at quick rate, which can cause issues with other devices such as firewalls or intrusion-detection applications. Those devices, upon seeing multiple requests with the same source and destination ports within a short window of time may flag the connection as invalid.
The exception to this is when Reflect Client IP is enabled. In that case, the appliance will use the source port from the client request + 16383 (wrapping at 65535) as it contacts the OCS; even if that port is lower than the configured range of ephemeral ports. This is by design, and is necessary to mirror the details in the client connection to the origin server.