Hi PacketLoss
I guess so far my biggest issue seems to be the return route.
The router is effectively hosting the core of the network, an SVI for each vlan etc. I can either set the default route to the be the IP of the LAN interface of the pfSense or I can use PBR to point vlans to the LAN interface of the pfSense box. That works fine and traffic goes out. However, my issue arrises when it comes back in, the router because its directly connected to every VLAN can just pass the packet back to the host completely bypassing the pfSense WAN port thus creating an asymmetric route which pfSense then goes on to block further traffic. How do you get around the return route issue for packets coming back in. Currently in my design im only using 1 internet connection which is sitting in the mgmt vlan.
The current configuration is:
pfSense WAN is in vlan 102
pfSense LAN is in vlan 101
I am using a 3650 as my router, the internet connection is in vlan 100.
I am using ip route 0.0.0.0 0.0.0.0 10.59.219.10 (pfSense LAN) and then the pfSense WAN has a router IP (10.59.219.2 vlan 100).
Going from LAN -> Internet or LAN <-> LAN is fine, its when the packet comes back in from the router interface in vlan 100, it bypasses the pfSense box and sends it directly to the client vlan (21,22,23 etc) thus thats where the asymmetric routing shows up. How do I force the packets to go back via the WAN interface of the pfSense?
Thanks
