Several Services Cannot Connect after Upgrade beyond 9.404-5 (First Release)

Question

A month or so ago, I tried to upgrade from the first release of 9.404-5 to 9.405005 and random things started having issues, such as not being able to connect to Minecraft servers (clients behind UTM connecting outbound, not hosting behind UTM). A few other things didn't work either. No firewall logs showed anything being blocked, so I reinstalled from a lower version and restored the back up I made before upgrading. Everything worked fine again for a month on 9.404-5. 
 A couple new versions have been released and I really do not like running something like a firewall too far behind, so I tried to upgrade to 9.407003 and now clients behind UTM can no longer connect to any minecraft servers. I also cannot do any whois lookups from my mac now either (also worked fine before). I am not sure what else is not working at this point. I have looked at the firewall logs (nothing is blocked, it is ALL allowed), looked at web protection logs (nothing), bounced the firewall (nothing), I have tried deleting and recreating the rule for Minecraft (no change) and I have even tried allowing all traffic out from my mac and still cannot connect to Minecraft servers or whois look ups. Most things work fine, like general browsing, youtube, netflix, etc. Any ideas at what to try? 
 I am pretty much at the end with this, and even though I really like UTM, I am going to have to jump ship to untangle or pfsense if I cannot get this going as it is just sucking up too much of my personal time. Any help would be greatly appreciated as I really want to stay on UTM! Thanks!

Emile Belcourt · Accepted Answer

Hi Kyle, 
 Ahah, that is most likely to be the culprit! If the MTU is set too low it can sometimes break packet communications and lucky for you this is a known bug that there are workarounds for until it is properly resolved. 
 Take a look at this thread here to force your UTM to ignore your isps MTU allocation: 
 
 Just to test first see if you can set the MTU for the WAN interface from interfaces & routing > interfaces and if that successfully overrides then reboot. If it doesn't allow you to or doesn't persist after a reboot then try the resolution in the above thread :) 
 What's your isp by the way? 
 Looking forward to hearing if you can resolve it! 
 Emile

KyleGustaftson · Answer

You pointed me the right direction Emile! Reading that thread, I found a link to another thread regarding 9-407-3: 
 https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/80641/sophos-utm-9-407-3-released 
 I followed these instructions from the thread link above to set the MTU to be adjustable: 
 cc RAW lock_override OBJS interface ethernet (or cable, or other type) REF_ (Tap TAB two times - then you can see the interface list. Mine is called "REF_IntCabExternaWan[WAN,interface,ethernet]" (You will get a look like this:) 
 'additional_addresses' => [], 'bandwidth' => 0, 'comment' => 'Added by installation wizard', 'inbandwidth' => 100000000, 'itfhw' => 'REF_ItfEthEth1', 'link' => 1, 'mtu' => 576, 'mtu_auto_discovery' => 1, 'name' => 'WAN', 'outbandwidth' => 20000000, 'primary_address' => 'REF_ItfPri000024', 'proxyarp' => 0, 'proxyndp' => 0, 'status' => 1 } 
 Then write: 
 mtu_auto_discovery=0 w (write the changes) 
 Now go into Webadmin and find the WAN link, change the MTU under Advanced to 1500 and voila! :-) 
 I am working now! I can connect to Minecraft servers without issue, I can run whois lookups. I had even had problems getting email from gmail/yahoo. All is working! I am definitely making a note to always check the MTU following an upgrade! Now to cleaning up all the troubleshooting rules I made along the way! Also, I forgot to mention previously, but my ISP is Charter, like several of the others having the MTU issue

Several Services Cannot Connect after Upgrade beyond 9.404-5 (First Release)

Submitted a Tech Support Case lately from the Support Portal?