Absolutely no clue. But everytime it happens ntopng dies because it can't connect to Redis.

@viragomann can you explain this setup a bit more starting from the azure console. The additional IP's would need to be binded to the pFsense WAN interface using powershell first correct?

And due to different reasons.. let say that site-to-to is 10.35.0.0/16. And openvpn clients need to be 192.168.xxx.xxx Due to restrictions of already used networks.. And since it is IPSec site to site, they are not local networks, but routes into a local network. From 172.16.20.0/24 to 10.35.0.0/24 local.

https://docs.netgate.com/pfsense/en/latest/book/bridging/index.html

It seems that it works, I heard your review on the windows FTP client that does not handle the passive mode. So I retested with FileZilla forcing the passive mode and it works. I certainly had a rule that jammed before that. Thank you for your help.

What we are here for - any other questions just ask.. When you have your rules adjusted - post them and we can discuss.

Does your alias actually populate? Lets see your rules. Do a traceroute for some IP that is in your alias. edit: Here I just forced traffic going to 8.8.8.8 out a vpn.. [image: 1570101405511-outvpn.png] Here is normal [image: 1570101416250-normal.png] Did you setup your outbound nat? Did you change your vpn to not be default, ie don't pull routes or let it set routes? keep in mind if you had existing states they would have to be flushed..

I would wager that by now google, etc have a whole ICMP infrastructure set up and the DNS servers are not actually the ones responding to pings.

You do realise a speed test will only use 1 of the 3 WAN connections.

@Elrick75 said in Does pfsense generate internet traffic on the second connection if first connexion is operational?: Thanks for your answer, it doesn't seems simple to recover this information from 4G supplier... So much person who are not technical, like many hedlpdesk in this case, too lame... Why not try it for a few days and see what happens, it will be cheaper in the long run. I can't see them charging for a ping to the gateway as its non internet traffic.

@skullnobrains said in gateway group : ending up with no default route after a network restart while the gateways where ok: any way to instruct pfsense to keep the first gateway active at all times ? errata : i mean stick in the first gateway whenever pfsense detects none are working

looks like it does https://wiki.freepbx.org/display/FPG/Firewall Did you enable that module?