Sunday morning, after no recent changes, my shield no longer allowed any device to reach the internet. (but the update script should have ran)
I powered it off and on, and we had internet for about 10 minutes, before it was completely blocked again.
I went under system-> startup and disabled scripts until I had internet back. Then I restated and retried with just one script off. Through this trial and error, I found that if I disabled only snort, that worked.
I also tried turning snort back in the startup scripts and going to Services -> Intrusion Prevention -> Basic and turning it off, but I still had no internet. I had to go back to turning that script off.
Anyone have any idea what happened and what I should do to fix it?
I reverted back to the previous upgrade script through WinSCP. Through the GUI I started a manual update. After that I rebooted the Shield. Same problem as before, I had to turn off the snort script to have internet access.
It probably didn't run because you need internet access first. In your WinSCP go to /etc/snort/rules/snort.rules and open the file. Click on select all, then delete, then save. This will erase your rules. Restart snort either via CLI /etc/init.d/snort restart or in the GUI: system>startup>initscripts>snort restart. You'll get your internet back in a few minutes. You can then run the fw_upgrade to reinstall your ruleset.
Well I did all that. I could see after the upgrade that snort.rules went from 0 to 1683KB.
Then for good measure I rebooted the Shield. Back to the same issue. No internet until I ended the snort script.
I checked snort.rules after that and verified only one 2405000 rule after the update.
I see snort last restarted at 7:53 but there are no errors in the syslog. Your kernal log may show something though, you can upload that if you want. When snort restarts it's normal to loose connection for a few minutes. Did it restart on it's own or did you do it?
So right now I am restarting the shield at 10:23. After I could log into the Shied again at 10:24, I verified I couldn't get to Google. I went ahead and left it until 10:30, and then it all worked right.
DOH, guess I was too impatient. I had assumed (incorrectly) that If I could log into the Shield, that it was ready for internet traffic.