We have recently upgraded our Management and Log servers and primary gateways to r80.20 and have been seeing odd behavior since then, just wondering if anyone else is.
1. We have had two instances where we have a firewall rule allowing a server to go out and get updates. The rule has been working for years. In the last week traffic has attempted to go out as normal but for a period of many hours the firewall could not match the normal rule and dropped it on the clean up rule. Both times this occurred in the evening when no one would have been attempting any changes or publishes of the rule. It just stops and drops, same source, same destination, same port.
2. We had another instance where traffic was being dropped and the log shows it on one rule number, but the rule number does not match the rule. If you click the rule number it goes to the correct rule. At the time the traffic was being dropped we were doing a test, no one was publishing anything that would have changed the rule number, it was just wrong. This was actually us trying to ping some devices inside our network from the gateway and we can suddenly no longer do that. It is dropping as unknown internal traffic.
3. We have two instances where people are trying to get to websites using https and their traffic is completely bypassing our access policy and going out a different port (so their websites never open). I can find no other object in the firewall for their workstations or the websites. All their other traffic works fine.
There have been other odd things that I just sort of wrote off when they occurred which I wish I documented now, but in general, r80.20 just seems quirky, which is not good for a firewall. Is anyone else experiencing this type of behavior? I am getting ready to document everything I can and send it to support, but I'm not sure they can help with this type of inconsistent stuff.
Any input is greatly appreciated.