Last Thursday afternoon I upgraded about 30 pops from 2.9.51 to 3.10.
Each of our pops has a PPPoE server and a local firewall. Every customer facing firewall in our network has about fifteen IP filter rules that prevent DHCP, certain multicast traffic, and traffic originated from addresses which are not on our network from entering our network.
Every single firewall stopped filtering traffic. The rules showed that they were still present (in winbox) but when I cleared the counters it was apparent that the rules were no longer matching any packets. This was further confirmed by the presence of traffic which should have been filtered at the customer facing firewall on our backbone.
Our backbone firewall, the one that protects our SQL server, AAA server, and other critical infrastructure stopped filtering the traffic it was set up to filter as well.
I suggest that you go clear your firewall rules (if you also upgraded from 2.9.xx to 3.xx and make sure that they are indeed still filtering traffic.
When I brought the issue up with the engineers and managers… I got a less than supporting response. Is anyone else seeing this problem? If you are seeing it, what did you do to fix it? We downgraded back to 2.9.51. That fixed the firewall problems, we think, but did not fix the PPPoE issues which are addressed in my next post.
Thanks in advance.
-m-