How to bypass Asymmetric Routing on Pfsense?
-
Hi All,
Might I know if I can bypass Asymmetric Routing on Pfsense.
Assume I have multiple gateways on one subnet and the final default route of all gateways is to Pfsense.
Thanks
-
Can you please draw up what you are working with.. Its impossible to help you with this lack of information.
-
-
Great drawing... But yeah that is going to be asymmetrical as F ;)
Why do you have the 2 firewalls (pfsense I assume).. with the .1 and .2 address in the 192.168.1/24 network?
-
Not going to F it
This is a Lab and just for my Pfsense network concept and system study
Of course, this is not a production network like
-
so your downstream router at .3 should be on its own transit network connected off one of your routers.
But don't get the point of the 2 routers at all in the same network.. That confuses a host you would have to do host routing to which .1 or .2 to talk to to get to networks off of those routers. Better to just have 1 router and then you can hang downstream routers off of that 1, you could set them up in an HA pair if you wanted to, etc.
-
It is easy if you just change network design.
But I am looking for a command if any to bypass this type of traffic.
In some cases, the network might not able to change at all.
For example, Fortigate can use a command to bypass it like:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/Interfaces/VLANs/Asymmetric%20routing.htm
Of course, it is expensive also....
-
Generally static route filtering in System > Advanced, Firewall & NAT.
But proper network design wins every time.
Chattanooga, Tennessee, USA
A comprehensive network diagram is worth 10,000 words and 15 conference calls.
DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
Do Not Chat For Help! NO_WAN_EGRESS(TM) -
There is no command that fixes it... You can do things to work around it... But as stated already - the FIX is to not do it!
If your doing something that requires something to be asymmetrical - your doing it wrong.. Example, your drawing would not be something you would ever actually setup..
-
Well done and thanks.
