[jamjam]

If you want to avoid using the cluster IP address for some specific protocol, you can do the following:
On the SmartCenter Server (Management module)
1) Type cpstop to stop the firewall services.
2) Backup the $FWDIR/lib/table.def (%FWDIR\lib\table.def) file.
3) Edit the $FWDIR/lib/table.def (%FWDIR%\lib\table.def) file with a text editor.
Note: The procedures to edit the table.def file is for the purpose of preventing the cluster member from hide NATing its own real IP address.
4) Locate the line starting with the string no_hide_services_ports, which looks like the following:
no_hide_services_ports = { <500, 17>, <259, 17>, <1701, 17> };
5) Change to:
no_hide_services_ports = { <500, 17>, <259, 17>, <1701, 17>, <your port number,17 (17 means UDP)> };
6) Save the edited table.def file and exit the editor.
Note: When the version or HFA of the SmartCenter Server (management module) is upgraded, the changes made to table.def file are lost.
7) Type cpstart to start the firewall services.
8) Log in to SmartDashboard.
9) Install the Security Policy.
Worked for me . Hope this helps