Mikrotik strange problem, drop connections

Hello.
My mikrotik is hAP ax3.
I’m connected via cable rj45
A problem has appeared which manifests itself as follows:
I just open my laptop in the morning, try to open any website, the connection just drops in a millisecond, chrome browser writes ERR_CONNECTION_REFUSED error
I try to do the same thing with curl and I see the same error, it’s just instant, there’s no timeout or anything, I get it instantly.

admin@MacBook-Pro-Admin ~ % curl forexample.com
curl: (7) Failed to connect to forexample.com port 80 after 25 ms: Couldn’t connect to server
admin@MacBook-Pro-Admin ~ % curl forexample.com
curl: (7) Failed to connect to forexample.com port 80 after 21 ms: Couldn’t connect to server
admin@MacBook-Pro-Admin ~ % curl forexample.com
curl: (7) Failed to connect to forexample.com port 80 after 22 ms: Couldn’t connect to server
admin@MacBook-Pro-Admin ~ % curl forexample.com

What did I check?
I upgraded to 7.12,
I used a different browser
I specified other DNS in mikrotik and laptop separately
it didn’t help

Why do I think the problem is with mikrotik?
I have a router that gives internet to mikrotik via cable, no problems when working through it.
When I’m connected to mikrotik, I only have the problem for the first 2-3 minutes of operation after rebooting it or for example in the morning when I haven’t used the internet for a long time.
If I connect to some wireguard server from my laptop, everything works fine, as soon as I disconnect it, the connections reset again.
That said, I can safely ping the site’s domain and get a response at the time of the problem.

It turns out that the problem does not exist for a long time and not all the time, only after a reboot or idle time.
It resolves itself in 2-3 minutes or I can connect via vpn and the problem will also be solved.
The problem occurs from any device, be it iphone, macbook or windows device

What could it be and what else can I check?

Post config (clean up sensitive info)

If the pings and DNS were not working, I would assume it would be caused by some ARP cache expiring and being updated only by received IP packets rather by responses to ARP requests. But since DNS and ping work during the strange period, the only thing I can think of is some strange firewall setting.

Determine the IP address of the server you’ll use for the test in advance; then, as the first thing to do in the morning, log in to the Mikrotik, open a command line window as wide as your screen allows, and run /tool sniffer quick ip-address=ip.of.the.server in that window. Next, try accessing the server. This should show you whether the SYN packet from your device to port 80 of the server IP reaches the LAN interface of the Mikrotik, whether Mikrotik forwards it via the WAN port, whether a response comes, and whether Mikrotik forwards it to the device via LAN. To see the packets in more detail, you’d use /tool sniffer packet print detail after stopping the sniffer (Ctrl-C); to see them in even more detail, you’d use /tool sniffer save file=somename.pcap, download the file, and use Wireshark to open it.

Alternatively, you may configure the sniffer to sniff into a file, set the filter-ip-address to ip.of.the.server, and create a scheduler item start-time=startup on-event={/tool sniffer start; :delay 150s; /tool sniffer stop} that will ensure that the traffic matching the sniffer filter condition will be recorded the first 2m30s after boot; you have to try to open the web during that time. Then, you would again download the file created by the sniffer and open it using Wireshark.

Further steps depend on what exactly you find this way.

I may have jumped to a bit of a conclusion.
Thank you for trying.
The problem was in the upstream router