@johnpoz thank you. first part is done. I have the second wan port up, now just have to get the fail over.

So seems the problem was the triple NAT. I changed the topology in a way that clients after authentication will be placed into a VLAN directly connected to pfSense, with pfSense acting as DHCP server. Now clients don't experience timeouts or interruptions anymore, at least not when there is a low network load.

Issues with WAN routers going fairly quickly remain, however, even though they withstand the load for a bit longer than before.

Maybe try pfBlocker and use it to create an alias using Microsofts ASN numbers, then policy route all the traffic through the secondary gateway.

Why do you need a router in your esxi?

Your latest drawing doesn't make much sense to be honest. Now you just have 2 vlans off a router behind a double nat?

If you have both networks directly connected to the same router, there is no transit network.. Only when 2 routers are connected and you have a network on router A, and a different network on router B and you want them to talk to each other. Then the network that connects A and B together is a transit network - you do not put hosts on it..

The top of your drawing there makes no sense.. So you have 3 routers? You have a 0/29 and a 8/29 for why??

@michaeljones32 said in Strange routing issue:

I never realised Windows had this limitation.

You can allow access from outside its subnet by adding a rule to the Windows firewall.

@Bob-Dig That confused me too.... until I realized that white dot is only the focus indicator. It's the blue dot that indicates what is set/selected.

@teamits its a different sotry where I cannot ping the gateway itself from my opt wan2 interface but i ca. ping it from diagnostics ping. the workaround I made is change monitor IP to google DNS.

@viragomann said in Multi WAN, TO VM NAS with seperate Firewall:

Did you exchange external and internal IPs now deliberately?
Suspect saying to have no access to Saveserver as Saveserver was before 172.16.0.3 and now it's 172.16.0.2 (forwarded from 144.76.93.234)

yes it was deliberately, but it isnt working and i dont now why. im wondering, because the projectserver is always reachable.

Just get an AP and put your whole network behind pfsense.. Real networking cost a few bucks - but you can do it on the cheap..

So you are just skipping parts when showing us your layout?
Yeah ICMP working but not TCP for example sounds like asymmetrical routing, hard to tell with only knowing a few small pieces of your network and configuration.

-Rico

So, nothing did Help that I searched yet...
Well... seems like something within the System was corrupted...
I reinstalled everything from ISO and did the config from ground up. Now its working.

No. We had some issues at this client in 2.4.4 with the fail-back not working and ended up running a cron script to load the gateway page. That didn't work in our case, a few days after upgrading. We poked and prodded for a while (over an hour) and eventually found saving that group (without any changes) changed the default gateway back.

Given there's two of us that might imply something with 2.4.5. Since the router's at a client I can't do much troubleshooting but if you can replicate you might open a support ticket or a bug report at redmine.pfsense.org.

@serbus said in Load Balancing stopped working:

Hello!

Check weights...

https://redmine.pfsense.org/issues/6025

John

I checked, the weights are both set to 1.

@Rico said in Load Balancing stopped working:

Use unique subnets for any of your Interfaces.

-Rico

Can you give me a general idea on how to check / set that up?

yes, I have only one server inside that network so I didn't care to set a /32 but you can do that