User quotas conflict with static routes
I have a cluster of 2 M400 running software version 12.4.B592447.
I created quota action to try to limit the time our users spend on YouTube, it never worked as expected so I set a limit for how much they can download from YouTube per day, did some testing (having YouTube running all day) and found the magic number, 450MB/day which means they could be on YouTube around 3 hours/day. First I created a packet filter policy using ports 80 and 443 when the traffic was going to YouTube related domains (based on what I saw on Dimension *.googlevideo.com is the main one, along with *.youtube.com). I started noticing an issue where after reaching the quota llimit, the firewall started blocking traffic that was not related to the quota action and the policy at all, including traffic going to static routes (in this case we have a couple of Cisco ASAs for 2 different IPsec tunnels, so we have static routs for those). I escalated the issue to the company that provides local support for WG, and they recommended to change from packet filtering policies to proxy policies, so I did the same thing but this time using proxys (created 3 as they recommended, 1 for http, 1 for https and 1 for dns for traffic going to YouTube related domains) but the same thing is happening, once the quota limit is reached, it starts blocking traffic that is not related to the policies, including static routes.