Firewall Rules w/ Advanced Options: Gateway slows traffic
cpk last edited by
I have a pfSense firewall with 2 WAN ports. Our main WAN is a slow but reliable bonded T1. Our other WAN is a fast but unreliable cable service. Our default route using our main WAN as does all of our inbound traffic (SMTP, HTTPS, DNS, etc.). I use pfSense 2.4.2-RELEASE-p1 (amd64) running on Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz. I'm using firewall rules with gateway groups to route standard user traffic (HTTP, HTTPS, and misc. others) to the faster WAN.
A recent cable update gives us 200Mbps (download) network. Typical (Speakeasy) speed test over the firewall shows 50-75Mbit download speeds while the same test connected directly to the cable modem shows 200Mbit download speeds.
I found that if I have a firewall rule with "advanced options: gateway" set, the throughput speeds are significantly different. The following tests were done with two machines and one firewall, and had only 1 rule changed. The tests were run multiple times to be sure that the results were reproducible.
With a rule allowing traffic with no gateway specified, the test download/upload speeds were 960/820 Mbps.
With the same rule modified to specify a gateway (the same gateway that was used anyway, so this was redundant), the download/upload speeds changed to 390/40 Mbps.
Can anyone suggest why this happens or what I'm doing wrong that could be causing this discrepancy?
![gateway rule.png_thumb](/public/imported_attachments/1/gateway rule.png_thumb)
![gateway rule.png](/public/imported_attachments/1/gateway rule.png)
![basic rule.png_thumb](/public/imported_attachments/1/basic rule.png_thumb)
![basic rule.png](/public/imported_attachments/1/basic rule.png)