I've recently installed a Netscreen 25 and have created a VIP to forward ports to an internal IP on our LAN. Because I run an OS X Server, I have enabled port forwarding on TCP ports 8800 and 8443 for iCal and Address Book Sharing along with some other TCP ports. These work correctly.
What doesn't work correctly are the UDP ports I am trying to forward. I would like to use the server as a VPN as well, so I forwarded UDP ports 1701, 500, and 4500 -- but they don't work. I've also tried to use the Netscreen's predefined services for those ports, but still no luck. The ports are still closed. Is there a difference between how the Netscreen treats UDP vs. TCP ports, or does the Netscreen make it difficult to enable those ports because they're VPN ports?