Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Interface Groups and Multi WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 523 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stebbo
      last edited by

      Hi All,
      I have a question about using firewall rules on interface groups in a multi wan setting.
      I understand the reasoning with regards the "reply-to" in a multi wan situation.
      However, I am wondering if it's ok to have a firewall rule on an interface group on the "inside" of the network.
      I have multiple VLANs which come together at the pfsense, and then they exit one of two WAN links.
      If I collect all my VLANs into an interface group, then apply a firewall rule to that interface group to prevent outgoing traffic, I suspect that this will be ok.
      Can anyone confirm if this is ok?
      Thanks
      Chris.

      p.s. we are a school and are required to restrict internet access hence the requirement for filters on outgoing traffic from our student vlans.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Yes, you can do that.
        The reply-to only affects incoming traffic on interfaces with a gateway, so presumably only your WANs.

        1 Reply Last reply Reply Quote 0
        • noplanN
          noplan
          last edited by

          interface group for WAN
          and multi WAN is not recomended
          i run into that problem some time ago and failed big

          solution not usin interface groups and multi WAN worked perfect

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @noplan
            last edited by

            @noplan
            We're talking about grouping internal networks here, not WANs. That will be no problem for directing the traffic to the desired gateway.

            noplanN 1 Reply Last reply Reply Quote 0
            • S
              stebbo
              last edited by

              Thanks for the responses folks. Much appreciated.

              1 Reply Last reply Reply Quote 0
              • noplanN
                noplan @viragomann
                last edited by

                @viragomann

                group of internal networks no problem
                directing traffic to a different gateway than default
                brNP

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.