I have a very strange, minimal login page when I open URL from other subnet (the firewall roule is ok, the state established):
Can anyone tell me what the problem is?
Gertjan last edited by
Use another device ...
For your actual device, clean the browser cache.
Or use another browser ^^
Looks like it can't load the CSS or all of the necessary assets to render the GUI.
Make sure you do not have any ad blockers or script blockers active for the firewall address as well.
I have tried several browsers and devices. If the device is on another subnet, this webGui will always load. I can only manage webGUI from the pfSense subnet (regardless of the device).
Gertjan last edited by
Your browser has the possibility to show you the source of the page. Visit the GUI,, look at the source, pure html, and check for any file load errors. There are, probably as @jimp mentioned, probably at the top, the style sheet files.
Also, activate this in the Status > System Logs > Settings :
so you can see if pfSense's web server nginx has problems sending these requested files.
The system time of pfSense is is ok ?
Btw : on pfSense, there is only one GUI web server instance.
It's set up like this :
listen 443 ssl http2; listen [::]:443 ssl http2;
which means it's listening to all available interfaces. I'm using https only = port 443.
Firewall rules on these interfaces can block incoming traffic, coming from devices on LANS, WANS and other interfaces.
So it can't be some firewall thing that blocks only parts of the GUI traffic.
The system time is OK.
I don't see any errors in the web server log.
About my config: I have only one interface (WAN) in my pfSense, and I use this roule for access the webGUI:
The IP address of WAN interface: 192.168.1.100
webGUI access works only 192.168.1.0/24 network.
If I come from another subnet (eg.: 192.168.2.0/24) I get the "strage" webGUI.
I have only one interface (WAN) in my pfSense
That's probably your issue there. If these other networks are routed through other routers on your WAN, then it may be that
reply-toon the WAN rules is causing something akin to asymmetric routing.
Go to System > Advanced, Firewall & NAT tab, then check Disable reply-to on WAN rules. For good measure, go to Status > Filter Reload and click the Reload Filter button there to reload the rules. Then try a fresh session from the other subnet and see what happens.
I tried what you suggested, but unfortunately nothing changed. Webgui is not available from other subnets.