Am I misunderstanding "static port" (port randomization) wrongly?

[alh]

I have the following setup:

Internet -> Speedport Router -> OPNsense -> Server

The Speedport cannot do static routes so this is a double NAT scenario. I port forward TCP 8443 from Internet to OPNsense in the Speedport and from WAN-Network to Server in the OPNsense.

The reply of a request to the server is by default subject to source port randomization and the Speedport would drop it.

I now added a rule to Outbound NAT setting static port for the traffic originating from the server (and the forwarded port) (1).

However, the source port was still subject to randomization.

I had to set the source address to the WAN address of the OPNsense (2).

Is this normal behaviour? I really would have expected it to work with the first rule and not the second.

Because my next question would be on how to disable port randomization for a whole VLAN (for SIP to work in double NAT environment) if the first rule does not work? Or is this just a specific behaviour if port forwarding is involved?

Thanks for enlightening me.