Hi
This has been an issue that was noticed from a couple of years ago. Whenever a firewall update happens which requires a reboot after the update, there seems to be some issues with State tables when Dual WAN is configured and there is PBR configuration which requires some traffic routed to a specific Circuit rather than the one with the highest priority or default. This results in stuff like VPNs to fail till the state table is reset manually. Steps to reproduce the issue
There should be multiple WANs configured
Some traffic should be always routed to the secondary WAN via a PBR
The secondary traffic should have something like a VOIP or VPN configured
Now when the firewall is upgraded and goes for a reboot, the VPN stops working. Doing a packet capture on the firewall it seems that after the reboot the traffic is placed on the wrong interface. But when the firewall state tables are cleared manually after the firewall has rebooted everything works fine again
The route-to interface wasn't replicated historically. It is perhaps fixed in FreeBSD 15. I'm not sure.
Cheers,
Franco