Thanks for the responses. It is appreciated.
Can you define Dynamic Ports in context to Inspection Settings? The meaning from my experience with the term in networking/firewalling is services which accept connections but then create new data and control channel listen ports to different dynamic ranges like RPC, FTP, NFS, etc. I am not aware of SMB/CIFS doing secondary connections on dynamic ports. It always uses UDP 137, 138, or TCP 139 and 445 at least in my experience looking at the traffic over the years. I am doubting myself about what Checkpoint defines as Dynamic Ports for Inspection Settings if CIFS/SMB is also considered Dynamic Ports.
Also what would be the behavior for DROP, ACCEPT, and INACTIVE for this specific Inspection Setting be? I assume DROP would drop dynamic ports that are not within some definition of what Checkpoint thinks a Dynamic Port should look like for a specific service, ACCEPT would accept any dynamic port bad behavior that is flagged and maybe log it, and INACTIVE would not look for the bad behavior but still allow dynamic ports for services that use them(like FTP).