@askon The company's firewall. But I suspect, this is not an option for you. So you would have to go with a static route on the WAN device which you want to access the IoT subnet from.

So I think the thing I'm missing is that I shouldn't route the prefix from the PoP's to pfSense and instead setup BGP on pfSense and announce the route that way... Does that make sense ? edit: don't think that makes any difference since it will still route the same prefix over both interfaces, I just can't get my head around it. Maybe it doesn't matter if the same prefix is routed via both interfaces and I can just do static IPv6 configuration on another interface ?

@anyn12 Delete the setup and start the setup again, I mean the LoadBalance setup, have u try this? Regards!!!

@chitchat Do u have a FailOver setup as Default gw? Regards!!!

@mcury I see. Thanks.

You have two gateways. Try to check states and firewall logs on them, Check exactly on which interface the traffic appears.

@insmod Try to use computer. Connect to first switch and change swtich port to vlan 200. Next configure pppoe on your computer. Install wireshark and watch packets. you have mishmash with vlan correct configuration modem0 vlan 100 access mode modem1 vlan 200 access mode igb0 switch port connect hybrid or general mode non tagged 100, tagged 200 interface on pfsense igb0 non tagged (for 100 vlan), igb0 tagged 200 (for vlan 200) or igb0 switch port connect trunk mode tagged 100,200 interface on pfsense igb0 tagged 100, igb0 tagged 200

@johnpoz I agree port forwarding use a weird port number for it, but set it so only approved WAN IP address that can access and get to it too if they are known already. Don't just leave it open to any and all WAN. What about a VPN in ?

@jake-mia said in How to setup static ips on OPT1: extra rule needed on WAN with source * going to OPT the only rules need on wan would be rules to allow what you want.. if you don't want to allow any unsolicited inbound traffic to this network, then you wouldn't need or want any rules on your wan for that netblock.

@netblues said in Setting up fibre internet connection does not work: Since everything looks ok, and assuming there are no errors in copying credentials, try vlan 7 on the pppoe interface, as a last resort. This was the solution. Unfortunately, this was not evident from the FritzBox config file. Now it works. Thank you all for your suggestions!

@cubits we did, too many threads, sorry. It’s an uncommon situation to be sure.

@michmoor , thanks for the response. We don't have any VPN between the firewall and the downstream device between which the BGP is flapping. The firewall is directly connected to the downstream switch.

@johnpoz said in An HTTP_REFERER was detected other than what is defined in System | Disabled in System > Advanced > Admin Access.: did you not see my image No, sorry, my eyes, and my tempo. Thanks!

OK, just realised I didn't set policy routing. I assumed that if the balanced gateway group was set and internal networks where using default gateway then it would load balance.