Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Odd blocked traffic on Pfsense Azure appliance

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Endosavian
      last edited by

      Hello,

      We are running the netgate pfsense azure appliance at work (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/netgate.netgate-pfsense-appliance)

      For this to work we have 2 NICs (WAN, LAN) in our azure VM.

      Out networks are,
      LAN: 10.0.60.0/24, ip: 10.0.60.10, gateway: None
      WAN: 10.0.50.0/24, ip: 10.0.50.10, gateway: 10.0.50.1 (Azure controls the gateway)

      This works good but periodically i get firewall block entries with info,
      @53(1000001570) block drop in log on ! hn0 inet from 10.0.50.0/24 to any
      @58(1000002620) block drop in log on ! hn1 inet from 10.0.60.0/24 to any

      
Apr 12 08:56:38	LAN	  10.0.50.10:65001	  10.0.60.10:65000	TCP:SA
Apr 12 08:56:38	LAN	  10.0.50.10:65001	  10.0.60.10:65000	TCP:SA
Apr 12 08:54:07	WAN	  10.0.60.10:65001	  10.0.50.10:65000	TCP:SA
Apr 12 08:54:07	WAN	  10.0.60.10:65001	  10.0.50.10:65000	TCP:SA

      As far as i can tell this does not affect the stability and service of the firewall.

      Do any one know why i get these connections from the pfsense WAN <-> LAN interfaces?
      Or if i somehow can simply not show them in my firewall log. I tried adding Easy rules but they are never triggered.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • B
        bmartin13
        last edited by

        I'm seeing the same thing… did you figure anything out?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          The rule it's hitting implies you have traffic coming in on the wrong interface. Like traffic from 10.0.60.0/24 hitting the WAN which should never happen.

          Either that traffic it routed past pfSense somehow or maybe that subnet is in use somewhere else on the WAN side.

          However since you're seeing that on both interfaces with seemingly identical traffic I suspect something in the infrastructure. Those port numbers appear to be used by the Azure load-balancer.

          Steve

          1 Reply Last reply Reply Quote 0
          • M
            mho
            last edited by

            Hi,

            had the same problem yesterday. It´s gone now, i have changed the topology a little bit.

            New topology:

            VNET: 10.17.0.0/22 (3 subnets)
pfsense wan interface: 10.17.0.4/24
pfsense lan interface: 10.17.1.4/24
pfsense default gateway (azure): 10.17.0.1
pfsense lan gateway (azure): 10.17.1.1

client subnet: 10.17.2.0/24
pfsense static route: 10.17.2.0./24 --> 10.17.1.1

azure user defined routing (udr) bound to client subnet 10.17.2.0/24: 
0.0.0.0/0 --> 10.17.1.4
10.17.0.0/22 --> 10.17.1.4

            Regards,
            Martin

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.