<![CDATA[Firewall Rules gateway settings ignored, when failover gateway group set as default gateway]]>Hi All,
Sorry if this is a stupid question but I'm new to this and don't know if this is a bug or is working as per design as I could not found answer anywhere.

So the scenario is multiple WANs:
WAN1
WAN2
each of them have one GW, both configured as a failover group GW-GROUP. with WAN1 as preferred Tier1 and WAN2 as Tier2.
To simplify it we have only one rule on LAN which is allow all/any.

Scenarios:
Default gateway is set to Automatic and LAN rule GW Default it uses only WAN1 GW which is normal.
When you set Default gateway to GW-GROUP and LAN rule GW Default - it uses failover group which is logical as uses system default.
When you set Default gateway to Automatic or GW1 or GW2 and LAN rule GW as GW-GROUP - it uses failover group which is fine and expected that is using the Rule GW setting.

But when you set Default gateway to GW-GROUP , regardless of the settings on the LAN FW rule GW (GW1,GW2,Default) it still uses the failover group GW-GROUP, and I can't seems to make it use any of the specific GW for that traffic.

Is this expected? As logically thinking and quoting the documentation which is, only not matched traffic should be using default gateway settings it should not behave like this and should use Rule GW settings.
Or maybe I am interpreting this wrong and this is expected.
I appreciate your opinion help.

BTW this is on the latest 2.5.0 release

]]>https://forum.netgate.com/topic/161337/firewall-rules-gateway-settings-ignored-when-failover-gateway-group-set-as-default-gatewayRSS for NodeFri, 15 May 2026 10:36:35 GMTWed, 24 Feb 2021 00:02:01 GMT60<![CDATA[Reply to Firewall Rules gateway settings ignored, when failover gateway group set as default gateway on Thu, 04 Mar 2021 22:40:43 GMT]]>@alefe thank you for your offer, but I don't want to waste to much of your time trying to schedule a remote session.
Let me try explain what is the problem on home lab example:

We have following gateways config with default gateway set to failover group preferring GW1
be01e3f0-9d6c-49a0-ad07-52bd239ca1f6-image.png
d0ab0bb3-ffef-42af-bbd7-678094b0e21b-image.png
And LAN rules are set to use only GW1 172.16.0.1/24 only, do not use failover.
1d84f43e-ca38-4e1b-bc89-272b36ec45dd-image.png
and when you have GW1 down
40b81554-6f93-42b5-936b-a27aa3a2be3b-image.png
FW makes a failover to WAN2 regardless of the rules setting to use only GW1
7e980426-2fb3-4609-85a4-c77e96dd657c-image.png

Only if I set default GW to something different than GW group like automatic or ether GW
10ea2306-6833-429b-b52e-65a91ea0a868-image.png
Then the GW settings on FW rules are followed/respected:
dd811aca-a9ee-412d-8d42-a70493c06ffe-image.png

Hope I explained my query clearer now.
And my question is: Is this is expected behaviour?

Best regards,
Piotr Marchewka

]]>https://forum.netgate.com/post/970338https://forum.netgate.com/post/970338Thu, 04 Mar 2021 22:40:43 GMT<![CDATA[Reply to Firewall Rules gateway settings ignored, when failover gateway group set as default gateway on Thu, 25 Feb 2021 15:25:31 GMT]]>@linkinpio if you use the gw group all the rules used the defined group, however if in the rule point to the specific Gw the traffic will be forwarded to Gw specified in the rule exactly how you want it to work i don't speak english but could remotely try to help you with the settings

]]>https://forum.netgate.com/post/967996https://forum.netgate.com/post/967996Thu, 25 Feb 2021 15:25:31 GMT<![CDATA[Reply to Firewall Rules gateway settings ignored, when failover gateway group set as default gateway on Wed, 24 Feb 2021 21:18:20 GMT]]>@alefe said in Firewall Rules gateway settings ignored, when failover gateway group set as default gateway:

this works yes tested in 2.5, I have this same environment mentioned in production

Hi alefe, thanks for replying, but I'm not sure if I get you right, so is this normal that it's behaving as expected, meaning if we set default gateway to gateway group all rules will use that gateway group?
Or it's something wrong with my setup?

]]>https://forum.netgate.com/post/967738https://forum.netgate.com/post/967738Wed, 24 Feb 2021 21:18:20 GMT<![CDATA[Reply to Firewall Rules gateway settings ignored, when failover gateway group set as default gateway on Wed, 24 Feb 2021 18:40:48 GMT]]>this works yes tested in 2.5, I have this same environment mentioned in production

]]>https://forum.netgate.com/post/967694https://forum.netgate.com/post/967694Wed, 24 Feb 2021 18:40:48 GMT