Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Changing Interface appears to break related firewall rules (Moving from one LAGG to another)

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 135 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      Hass
      last edited by

      We were moving three VLAN Interfaces from one LAGG to a new LAGG on a new Network Card (X550-T2) this was a HA pfSense Cluster but I don't think that is related. We built the new LAGG, configured with the correct VLAN and cabled it!

      When then moved each interface from one LAGG to the other. One VLAN at a time on both firewalls.

      What we found was that the firewall rules related to that interface would block (DENY) all traffic bar the anti-lockout rule and in order to get them working again we just needed to open the firewall rule and hit "SAVE" (no changes).

      I'm guessing this is related to something about the actual underlying interface making up part of the rule and the SAVE action enables an update.

      This was more a heads up as I couldn't find a similar post.

      Regards

      Hass

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.