I am totally lost after several tests. If i replace my PfSense by a PC with the same setup IP 192.168.10.99 Gateway 192.168.10.254 DNS 8.8.8.8 I have internet doing well Although the 2 Wans as per first post are OK, the WANGW seems to be not usable. The ckecks I made: WANGW is tier2 of a Group Where WAN2ADSL_DHCP is Tier 1 (failover objective). If I swap Tier1 and Tier2, although WANGW states online, no more access to Internet. I suspect that the Online state of WANGW is wrong so the group does not swap to tier2. If I unplug igb0 which is the WAN plug (associated with WANGW) the state remains Online. I am lost. Help appreciated, many thanks.

@viragomann Thanks I'll have a look

@skoota said in Apple TV - VPN vs. Local Traffic Routing: I am running a Netgate 4200 with pfSense 24.03. ExpressVPN Gives .... Google : pfsense expressvpn. I' uses / played a bit with these instructions a while back, they are pretty accurate. When you are asked to create a Firewall > Aliases, and where the instructions tell you to add a network like 192.168.1.1/24, add just your Apple TV IP, or some IPs that have to use the VPN. More info in the pfSense manual : policy routing.

To answer my own question: The problem is due to TCP packet reordering, which the default TCP stack of freeBSD 15 does not handle very well. The solution would be to activate the RACK TCP stack available in freeBSD. However, pfSense+ has this feature of stock freeBSD disabled. https://freebsdfoundation.org/our-work/journal/browser-based-edition/networking-10th-anniversary/rack-and-alternate-tcp-stacks-for-freebsd/ I created an issue on the PfSense redmine and ask anyone experiencing similar issues to support it: https://redmine.pfsense.org/issues/15813

@McMurphy Both an HAProxy (including a -devel version) and Squid package exist via Package Manager. I could not speak to which would be better for your use case as I have no use for either one.

Any further help here?

@SteveITS I think this 6100 is faulty, this WAN port initially dropped the network in its first year and had to configure WAN2 combo, assumed it was a Spectrum issue but now believe after not able to get it to work on another system, its a faulty interface.

pfSense has no auto updates. If there was an update (upgrade) you have to install that 'manually'. @hebein said in IP Adress blocked, but no idea why: I do not find any hints in suricata blocks, alerts or pfblocker. These can auto update their 'rules'. Was there an such an update recently ? If you have doubts, disable / deactivate them. If the teamviewer connection then works, you know where to look.

@SteveITS Thank you for this idea and comment, I will do this later when I go to the branch and confirm with you if it's working. Thank you

I figured out the isse, the issue was with my UDM pro not with PF sense, the problem was that the interface i was connecting on was set as WAN2 and for some reason is not working, once i set it to wan1 was working fine. Thank you

@frodet All interfaces are treated equally on pf. A wan interface has also gateway configured. While booting you just have a layer 2 switch, with no configured ip anywhere, so it doesn't exist to the ip world. As in all managed l2 switches, you need management process to boot to be able to touch anything. In this case, it is pf itself that must boot up first.

@SteveITS Many thanks for the info about this. Best regards. Gabriel

@planetinse I'm not a vmware expert, but the default route is pointing to vmx0 and 5.45.176.224 pointing to vmx1

@jimeez said in Dual WAN Fail-over Issue - Tier 1 WAN frequently failing upon activation of the second Tier 2 WAN: I also enabled UPnP & NAT-PMP. Whatever happened, everything is back to normal. Better than normal actually. Good deal. Just a guess but I would think that UPnP and/or NAT-PMP would help. Thanks to you and @chpalmer for solving this issue!

@DaHai8 Works! Just had to find the correct client ip address to create a routing exception in ServerB ! Woohoo!