Unable to access the Internet from clients behind FVS318G!

We recently upgraded from a fully-operational FVS318 to FVS318G for enhanced throughput and features. Everything on the network was kept the same except the FVS318 was replaced with a FVS318G running the latest firmware (3.1.1-18). Clients were able to connect out to the Internet previously through the FVS318 but are now unable to on the FVS318G!

There is no doubt that the FVS318G device is connected and communicating properly with the WAN as I can connect into the VPN remotely and communicate with hosts on the LAN as well as remotely administer the device either via it's WAN IP or from the VPN by addressing it's LAN IP. Also, a packet trace/packet dump from the Monitoring section shows the packets it sees traversing the WAN such as ARP requests and other broadcasts.

The LAN subnet is 10.10.10.0/24 and the WAN IP is manually/statically set. DHCP is disabled DHCP for the LAN. I can ICMP PING the WAN IP as well as the internal LAN IP (over VPN) and access LAN resources from the VPN connection. Again, the device is properly connected to the WAN and is able to send/receive packets as evidenced by VPN clients being able to communicate over the VPN to the LAN.

It's as if NAT is not working. Below is output from both the FVS318G's telnet CLI interface and a client Linux machine behind the firewall and plugged directly into one of the ports on the FVS318G, trying to connect to remote websites and ICMP PING remote hosts. It can communicate with the LAN and the FVS318G at it's LAN interface IP just fine yet cannot get anything out to the Internet.

NOTE: It is able to resolve DNS hostnames because the DNS server is connected both the LAN and the WAN directly and does not have to go through the FVS318G to get access to the Internet.

EXAMPLE BELOW:

From the FVS318G interface:

Firmware:
FVS318G$ /admin/firmStatus

3.1.1-18 -

Route tables:
FBS318G$ /monitor/diag/routeDisplay

4 204.210.0.129 255.255.255.255 0.0.0.0 0
4 204.210.0.128 255.255.255.224 0.0.0.0 0
2 10.10.10.0 255.255.255.0 0.0.0.0 0
4 default 0.0.0.0 204.210.0.129 0


From the Linux client behind the firewall:

root@server1:~# ip route show dev p1p1
default via 10.10.10.1
10.10.10.0/24 proto kernel scope link src 10.10.10.20
You can see here, the LAN subnet and route is correct as the FVS318G is at 10.10.10.1.

root@server1:~# ping -c 5 www.google.com
PING www.google.com (173.194.200.147) 56(84) bytes of data.

--- www.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4030ms

root@server1:~# nc -vv -w 10 www.google.com 80
nc: connect to www.google.com port 80 (tcp) timed out: Operation now in progress


As you can see, no connections nor ICMP can get out. I talked with the NetGear support and they had no idea.

Does anyone have any idea what could be causing this? I also added OUTBOUND rules to ALLOW ALL to see if that was the cause, but it isn't. There aren't any other firewall rules in place that I'm aware of that would be causing this.

I'm open to any suggestions. Thank you!