Upgraded to newer version of Zen Armor, policy behavior changed

[kwo1]

Hi,

Since December of last year, I've been troubleshooting what I originally thought was an OPNsense upgrade issue, but I have now instead determined to be a Zen Armor-specific upgrade issue. 

My current OPNsense setup:

• Multiple interfaces - LAN, MGMT, WAN
• Zen Armor has been installed since late summer 2025
• The MGMT network has its own Zen Armor policy assigned to it named MGMT_Policy, which has "Block all internet access" turned ON.
• I manage OPNsense through it's MGMT interface IP - https://192.168.2.251/

I was on Zen Armor version 2.1.1.  If I upgrade to the newest version available, currently 2.3.2, I can no longer reach the OPNsense web URL https://192.168.2.251.  I've included screenshots below which shows the live sessions page, before and after the upgrade.  Before the upgrade, you can see my workstation (192.168.2.99) is able to reach the web URL of .251.  After the upgrade, the workstation is blocked from accessing the same .251 IP.  Besides upgrading Zen Armor, nothing else changed.  I did not make any changes to the policy, the IPs, firewall rules, nothing at all. 
You cannot view this attachment.
You cannot view this attachment.

I don't think this is specific to the latest version of Zen Armor.  I only know that it began with a version after 2.1.1. 

Post-upgrade, if I turn off "Block all internet access" on my MGMT_Policy, my workstation (192.168.2.99) can once again access https://192.168.2.251. 

Can someone provide insight as to why an upgrade to Zen Armor would change the behavior of the policy? 

Thank you