"
I think I have just found the reason for this problem and other similar ones rising on the forum from time to time.
I can reproduce the alleged bug and its solution, at least on my systems.
If in "Firewall: Aliases" you have exhausted the available table entries, than your firewall will refuse to let network clients browse the Internet. Clients will ping the firewall LAN address, but will not go through WAN connection(s). This is true with single and multiple WAN, load balance or failover mode does not make any differece.
Solution is tricky because simply increasing the value of "Firewall Maximum Table Entries" in "Firewall, Settings, Advanced", will leave the firewall non operational.
You have to restore a working firewall backup, even if it is showing that available entries are exhausted, then delete rules using aliases starting from big ones (hint: geoip aliases often contain many records), than delete aliases to reduce table entries under the predefined limit. At this point, the limit can be increased, so aliases and rules can be recreated.
While the alleged bug is being investigated I would suggest to increase the default "Firewall Maximum Table Entries" value of an order of magnitude (10X) BEFORE this capability is exhausted. In my experience this does not slow down even the least powerful systems.
I can reproduce the alleged bug and its solution, at least on my systems.
If in "Firewall: Aliases" you have exhausted the available table entries, than your firewall will refuse to let network clients browse the Internet. Clients will ping the firewall LAN address, but will not go through WAN connection(s). This is true with single and multiple WAN, load balance or failover mode does not make any differece.
Solution is tricky because simply increasing the value of "Firewall Maximum Table Entries" in "Firewall, Settings, Advanced", will leave the firewall non operational.
You have to restore a working firewall backup, even if it is showing that available entries are exhausted, then delete rules using aliases starting from big ones (hint: geoip aliases often contain many records), than delete aliases to reduce table entries under the predefined limit. At this point, the limit can be increased, so aliases and rules can be recreated.
While the alleged bug is being investigated I would suggest to increase the default "Firewall Maximum Table Entries" value of an order of magnitude (10X) BEFORE this capability is exhausted. In my experience this does not slow down even the least powerful systems.
