@serbus Yeah, I thought about something involving different src IPs. I wouldn't even need something with RDP, could just set up a proxy and bounce the traffic off of that... but that's still a work-around. It's a better work-around than fiddling with the firewall rules though, and I already have a Raspberry Pi running my Unifi controller that would be perfectly fine to run nginx as a reverse proxy in front of one of the modems.
IMO, this should be something that's possible on a competent router/firewall, without involving any other equipment.
My first suggestion would be to upgrade to 2.4.4-p2, but I don't think that alone would solve your problem.
I would set this up with a default gateway group using the 1Gbit gateway as tier 1 and the 10Mbit gateway as tier 2. This would ensure new connections use the prioritized 1Gbit gateway if it's up.
As pfSense is stateful it won't drop connections unless it has to, so existing connections won't jump over to the faster line as soon as it's back up by default.
If this is your wish, you should enable the setting on System->Advanced->Networking named Reset all states I guess. I have never tried that setting myself.
**Reset All States**
Reset all states if WAN IP Address changes This option resets all states when a WAN IP Address changes instead of only states associated with the previous IP Address.
You should look at System->Routing->Gateways to see if the default gateway does switch back to tier 1 when the 1Gbit gateway comes back up.