[Solved]23.7 latest to 24.1_1 Upgrade broke Firewalls Internet / LAN works!

[martinseener]

Hello,

We did the upgrade on our OPNSense DEC3850 from the latest 23.7.x to 24.1_1 straight. Upgrade itself worked, reboot worked and after the upgrade, LAN users can still surf the internet without any issues. I also see our 2 Gateways (Colt Fiber and Vodafone VDSL fallback) including the GW Groups for it.
We also used Suricata IDS+IPS with Hyperscan on both WAN interfaces.

Again, LAN continued to work normally, surfing was normally possible BUT the Firewall itself was not able to connect to any UDP or TCP services any more. No further 24.1.1 upgrade possible, NTP stopped working and even a "curl heise.de" on the command line immediately failed.

Interestingly, the Firealls Live log showed that even the curl heise.de was allowed (not blocked/was green and allowed with the default "let out everything from firewall (force gw)" rule.
But it failed.

We also tried disabling IDS+IPS entirely (no change) and even enabled "Gateway switching" (was disabled before). Both did not help. Rebooting again, didn't help. All offloadings are disabled too.
NAT Rules also look fine and curious is, The firewall can ping to the internet, e.g. ping heise.de works, but no TCP/UDP conns.

Anyone has an idea? I ran out of them. So again, ALL works except firewall cant reach internet and I can't reach the firewall from WAN (ip whitelisted). Can reach it from LAN though. And we only use IPv4 on WAN/LAN, no IPv6.

[GunterO]

We had the same issue. We fixed it by checking the box "Firewall"-"Settings"-"Advanced"-"Disable force gateway"

[magenta]

Thank you very much GunterO, this fixed the issue that the 24.1.2-1-update presented me.

[martinseener]

Yes can confirm. Found this also myself before I saw your answer but this fixed the issue. Not sure why, but it works again.