On Wed, 2017-09-27 at 00:12 +0200, dayer wrote: > Hi everyone, > > > I'm getting this behavior and I can't find the reason. I've test the > same > scenario with pfSense 2.3.4 and 2.4.0-RC and I've posted in the > forums > without reply[1]. > I'm not sure if it's a configuration error or a bug, and I would > prefer > confirm with someone expert. > > Briefly, when there're established connections through a not default > gateway (e.g. GW2 configured according to a firewall rule) and I > change the > master unit (e.g. disabling CARP in Pfsense1, master previously), > these > connections are broken. > Pfsense2, now master unit, try to routes these traffic through GW1 > (instead > of GW2) and using the WAN2 HA IP for outbound NAT. That is not right. > Although I if close and retry the connections (like a SSH client), > the new > connections are routed according to the rule, through GW2, like > Pfsense1 > has done when it was the master unit. > > I know pfSense can't filter traffic from the firewall itself, and > it's like > the established connections would be traffic from the firewall itself > also > in those states. > > Does anyone know this behavior? There is no solution? > > > Regards, > > > > [1]: > https://forum.pfsense.org/index.php?topic=136739.msg749477#msg749477
If I had to guess: Are you using a CARP address for outbound NAT? If not then the connections *will* break on failover. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold