Hi ,
From your packet captures , we see that only RST and FIN Packets were not getting NATed . These RST and FIN packets were not belonging to any proper sequence .
TCP connections consist of a specific sequence of packets -- the initial "new connection" packet will be a SYN, the first response from the remote server will be a SYN/ACK, and then your computer will send an ACK to complete the connection, and subsequent packets will flow. When the connection is done, one side will send an ACK/FIN, which is ACK'd by the remote side who then closes their connection the same way. If the router sees the ACK/FIN packet, it will clean up the connection and remove the NAT information from the connection tracking table. Once this happens, any more packets on the same connection will be "invalid" (unless a new connection is opened by starting with the SYN again).
So, the core of the problem is that a client inside the router is sending TCP packets on a connection that has already been closed with an ACK/FIN (or the router saw a RST come through -- which should reset that connection, and winds up causing the router to perform the same cleanup as if a FIN had been seen). After the ACK/FIN or RST, the client should be sending a SYN to start a new connection, which will cause the NAT rule to happen.These RST or FIN packets which are not NATed should not cause any issue . It is not issue with Router , It is working as expected
If you are facing slow browsing or latency in network we need to debug further . Could you open a support ticket with us so that we can debug your issue