IPSEC Site to Site Between pfSense and Meraki MX Odd Behavior
I have a cloud hosted environment I am running a pfSense VM in that I have connected to two sites via VPN.
The environments will at odd intervals stop passing traffic from certain ports (RPC SMB and LDAP are blocked) but passing others (ICMP and RDP), but only for a single host, the other systems in the environment behave normally.
If I change the IP address assigned to the host traffic will resume flowing normally again, until it doesn't. I have confirmed it is the pfSense firewall blocking these packets, with its log. The firewall has a rule to allow all traffic from and to any port on the IPSec interfaces.
What should I be looking at to resolve this issue?
do you have snort active?
For me things like this are always realted to IDS