Issue loading "syntax" generated by the GUO related to limiters
-
I had a working traffic limiter on our Netgate SG-5100 and disabled the limiter a couple of upgrades ago. We had to enable it today because we need it again. Now, whenever we apply changes, we receive this somewhat useless message:
There were error(s) loading the rules: /tmp/rules.debug:294: syntax error - The line in question reads [294]: pass in quick on $VLAN176 inet from $UploadingMachines to any tracker 1554664625 keep state dnpipe ( 1,) label "USER_RULE: Traffic limiter for VMServ01" @ 2021-03-26 17:33:40
This smells like a bug. I am finding the message a difficult to understand. It's reporting a syntax error but I don't see anything that looks like syntax. In that I am using the GUI it would appear the GUI is either doing something incorrectly, or the firewall has a bug.
I recommended this router to management and it's not helping my career. We lost a lot of time fixing IKEv2 site-to-site issues that came with the latest upgrade to 21.02-RELEASE-p1, and now this. We had to roll back one site yesterday and it appears I now need to do that at this site, our hub, as well.
How do we determine the root cause and get this limiter working? At the moment the upload task is stopped due to user complaints about performance.
-
@bigtfromaz After further investigation this appears to be an upgrade issue. The Rule in question was disabled during the upgrade. Apparently there was a breaking change somewhere along the way and the upgrade process did not fix up this rule. I made an innocuous change to the rule and saved it. The syntax errors stopped.
To be sure, quality has suffered recently, especially with IKEv2 tunnels. It's causing us concern.