why can't access internet after the AR is configured with NAT or firewall

The aging time of session table is shorter than the aging time of the service. The session table is aged out, while the service is not. The service packets that are sent after session table aging are discarded, so the service is interrupted. Run the firewall-nat session aging-time command to increase the TCP/UDP timeout interval.

Scroll to top