On two separate firewalls I have "deny unknown clients" enabled for all subnets. This has been working fine for a long time. With this new update after rebooting, firewall clients are connected for about 45 minutes then all are denied. Reboot and I get another roughly 45 minutes then denied. I have been forced to disable the setting.
Edit: The network still goes down but much less and seems to be related to using the site to site wireguard tunnel. When I hammer that network it tends to hang and need a reboot. It renamed the Wireguard firewall rules section to "Wireguard(group)", oddly.
edit: screw this, I'm reverting to previous version. Maybe don't push out updates over thanksgiving that break things.