Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Policy Based Routing Not Working After Upgrade to 21.02-RELEASE-p1 on SG-5100

    Routing and Multi WAN
    1
    1
    161
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BEVietnam
      last edited by

      So I'm a bit perplexed by this one.....

      I have two ISPs, one with static IPs I use for some webservers. I have them setup in a failover group with the primary being the ISP with NO statics and use PBRs to send the webserver traffic out the other.

      After doing an upgrade to 21.02-RELEASE-p1, my PBRs that involve NATed traffic have stopped working. If I log into one of the webservers and do an outgoing trace, the traffic is correctly routed following the PBR. However, if I try to connect to the webserver from outside the network I see entries in the firewall log that say the outgoing TCP:SA traffic is being blocked by the default deny rule. Even odder, the block is on the static IP ISP interface.

      It's like it's trying to route out the correct interface but failing somewhere?

      I've tried making a new firewall rule that should in theory bypass the default deny rule but that didn't work either.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.