Firewall Rules w/ Advanced Options: Gateway slows traffic

    I have a pfSense firewall with 2 WAN ports.  Our main WAN is a slow but reliable bonded T1.  Our other WAN is a fast but unreliable cable service.  Our default route using our main WAN as does all of our inbound traffic (SMTP, HTTPS, DNS, etc.). I use pfSense 2.4.2-RELEASE-p1 (amd64) running on Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz.  I'm using firewall rules with gateway groups to route standard user traffic (HTTP, HTTPS, and misc. others) to the faster WAN.

    A recent cable update gives us 200Mbps (download) network.  Typical (Speakeasy) speed test over the firewall shows 50-75Mbit download speeds while the same test connected directly to the cable modem shows 200Mbit download speeds.

    I found that if I have a firewall rule with "advanced options: gateway" set, the throughput speeds are significantly different.  The following tests were done with two machines and one firewall, and had only 1 rule changed.  The tests were run multiple times to be sure that the results were reproducible.

    With a rule allowing traffic with no gateway specified, the test download/upload speeds were 960/820 Mbps.
    With the same rule modified to specify a gateway (the same gateway that was used anyway, so this was redundant), the download/upload speeds changed to 390/40 Mbps.

    Can anyone suggest why this happens or what I'm doing wrong that could be causing this discrepancy?
    ![gateway rule.png_thumb](/public/imported_attachments/1/gateway rule.png_thumb)
    ![gateway rule.png](/public/imported_attachments/1/gateway rule.png)
    ![basic rule.png_thumb](/public/imported_attachments/1/basic rule.png_thumb)
    ![basic rule.png](/public/imported_attachments/1/basic rule.png)

Log in to reply