I’m having the same issue. I’m using a TP-Link ER605 router to deploy VLANs on the ipFire Green network. I am writing this from a PC connected to the ER605. Internet access works fine. I can ping other devices on the Green network. I can access the ipFire GUI on its Green ip address. I cannot access the Windows file server, nor the intranet on Green. The firewall log shows lots of DROP_CTINVALID and DROP_NEWNOTSYN messages. ipFire appears to be blocking legitimate traffic on Green. IPS is not running on Green. Creating a rule to Allow All from the Green IP of the ER605 to the Windows file server, for example, does not fix the problem. Traffic is still blocked by ipFire.