Sometimes it is required to delete all the connections in connection tracking, for example because of a default-gateway failover or scripted routing change, and some connections have a very long timeout (24h) and don’t get cleared and don’t work on the new routing or gateway until they are deleted.
So, those connections won’t work until they eventually timeout, or they are deleted from the connections.
In the past, Mikrotik has recommended turning connection tracking off and then back on to empty the connections. However, that no longer works. When you turn connection tracking off, the existing connections are still remembered and when you turn connection tracking back on, those old connections that haven’t yet timed out are still there.
Also, Mikrotik has recommended using “/ip firewall connection {remove [find]}”. That command often works… but SOMETIMES it leaves some connections in there.
We need an actual script command that completely deletes all existing connections. I have found that the ONLY 100% way to currently do this is either to run the {remove [find]} command multiple times, or to reboot the router.
I have fail-over in several key positions in the network - i never had to do anything with connection tracking.
In case NAT is used and it jumps to different Gateway, NAT will port-up or port-down connection and no problem.
In case of routing fail-over, connection tracking doesn’t really change at all.
So what is your problem exactly? Why are you deleting entries?
Search around the forum, this has been discussed by many people. There are many types of connections that take a long time to time out… during which time the network “appears” to not be working properly. Delete all connections… immediately fixed.