Page 1 of 1

Firewall Messed Up after Upgrade

Posted: Fri Mar 07, 2014 12:40 am
by shane3673
I work for a WISP and we have recently upgraded all of our network to 6.7-6.9. On some of the devices the Firewall is messed up. We first noticed it when trying to see how many connections a customer is creating when they were having some issues. When I go into IP - Firewall - Connections, it is completely blank. I also noticed that on the Service Ports tab, everything there is red which I believe means invalid. The one I am currently looking at was upgraded to 6.7 and is a RB493AH. It was upgraded with the standard upgrade .npk file, reboot and then doing firmware upgrade with system routerboard upgrade, reboot. Steps we have tried so far are:
Upgrading to 6.10
Doing a complete reset and setting up again from scratch

Also, the router I am currently looking at is completely routed. It is the main router for one of our towers. There are no firewall filters or NAT rules because we generally do that on our boarder unless there is a specific need. Everything else seems to work fine. Routing is done with OSPF. I would be glad to provide any other information on this issue. I would really like to have a way of fixing it without swapping out the router as this would force us to go to quite a bit of tower sites because this is not the only router that is like this after upgrading. It has not however effected all of the routers we upgraded and there does not seem to be a pattern of routeros version (6.7, 6.9, 6.10) or Model.

Re: Firewall Messed Up after Upgrade

Posted: Wed Mar 12, 2014 6:04 pm
by shane3673
Just wanted to update. Most of them seem to be RB493AH. They work fine after downgrading to 5.26.

Re: Firewall Messed Up after Upgrade

Posted: Tue Mar 18, 2014 6:30 pm
by shane3673
If anyone else had this issue. All it is, is that tracking gets turned to auto on 6.x which doesn't seem to work. You just hit tracking and change it to yes. Just a stupid little setting that screwed me up for 2 weeks.

Auto only works if you have rules in your firewall.

Re: Firewall Messed Up after Upgrade

Posted: Mon Nov 09, 2015 3:12 pm
by michaeln416
If anyone else had this issue. All it is, is that tracking gets turned to auto on 6.x which doesn't seem to work. You just hit tracking and change it to yes. Just a stupid little setting that screwed me up for 2 weeks.

Auto only works if you have rules in your firewall.
This post of yours just solved a problem that I was having on an RB2011 running v6.32.2

It was a similar situation, using it as a tower router with static routes - no firewall rules. The only symptom was that all entries in the Firewall Service Ports tab were listed in red. I followed your recommendation and turned connection tracking from Auto to Yes and then it instantly started to work again. Thanks!