Hello, This has been fixed by Steve Beaver. I have tested the changes on my firewalls and this solves the issue for me. Many thanks. https://redmine.pfsense.org/projects/pfsense/repository/revisions/dac4cd09699bdafa5bcf1cf7b699438e5f669b26 (check the diff file)

Yes, it is. But I've figured it out :) What was happening is that when I made the failover gateway group, I also added a firewall rule to route all LAN traffic through this gateway group. Since WAN-1 is healthy, all traffic (as per this rule) is routed to WAN-1. But inserting a new rule whereby I allow traffic to the single host that I want to connect to and only on the protocol that I want to use (http) solved the issue! Thanks for the rapid fire back and forth, much appreciated!

@dbinoj I'll try that as soon as I get home. Thanks :)

This is to have all possible combinations just in place if you need them. I can recommend the Multi WAN Hangout: https://www.youtube.com/watch?v=svZ6PKqGdtg Very good walk through and explanation as always done by @jimp :-) -Rico

Probably going to need a diagram of the pertinent pieces. Also sounds like that customer needs to beat that vendor with a wrench.

@jimp I created this rule on the WAN (attachment) but I do not know if it is enough. Port 161 was released in the output table and deletes it. [image: 1537387029627-snmp-blocking-resized.png]

I'm aware of sharing MACs being the expected behavior, and they were separate subnets. However the reason for all of this is because the WAN comes in via one fiber pair and eventually we wanted to do HA and have a segment of the switch be the WAN. I had the two interfaces separated in pfSense into two PVID ports on the internal switch, and they were plugged into the same PVID marked ports on the main switch in the rack, and I saw that MAC bouncing between two of the ports in that VLAN on the main switch. If that's tough to follow I can sketch out how it was configured since it's good now, but we're using a really convoluted solution for now.

Thanks, i found solutions