<![CDATA[Subnet Firewall Rule Issue]]>Hi all,

Im having an issue where devices cannot communicate to each other across Subnets when certain Firewall Rules are applied.

I have no issues when I have the default Any Any rules enabled and at the top of the priority lists for all my LAN interfaces and their subnets.

However my new rules, which are identical to the default Any Any rules, with the exception of an advance rule that specifies a WAN Gateway device (a Load Balance gateway group), will not allow device to communicate between subnets anymore.

Enabling/disabling these rules in any combination doesnt seem to fix the issue.

I dont want to use the default Any Any rules as it will use the single default WAN Gateway device.

Screenshot is of the new rule

DeepinScreenshot_select-area_20220428120021.png

DeepinScreenshot_select-area_20220428120108.png

]]>https://forum.netgate.com/topic/171806/subnet-firewall-rule-issueRSS for NodeThu, 14 May 2026 13:08:03 GMTThu, 28 Apr 2022 02:01:52 GMT60<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 13:02:49 GMT]]>When you add policy routing by setting a gatewau (or gateway group) on the rules you force all traffic to use that route.
But here you want traffic between local subnets to use the system routing not go out the WAN.
So you need to add a rule above the policy routing rule to pass local traffic only.

Create an alias Local_Subnets and put in it all your locally connected subnets.

Then add a rule at the top of the list to pass from LANnet to Local_Subnets without a gateway set.

See: https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

Steve

]]>https://forum.netgate.com/post/1039936https://forum.netgate.com/post/1039936Thu, 28 Apr 2022 13:02:49 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 07:52:05 GMT]]>@bigtimmyc I have finally figured this out. I will attempt to make a guide as a separate post as I have found there isnt a straight forward guide to get this working.

]]>https://forum.netgate.com/post/1039896https://forum.netgate.com/post/1039896Thu, 28 Apr 2022 07:52:05 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 05:00:26 GMT]]>@nollipfsense It doesnt make sense with rules that are identical that one randomly refuses subnet traffic but then the other one ignores the default gateway and does excepts all subnet traffic

]]>https://forum.netgate.com/post/1039889https://forum.netgate.com/post/1039889Thu, 28 Apr 2022 05:00:26 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 04:48:23 GMT]]>@nollipfsense I cant see anything in this article that helps unfortunately. This honestly looks like Im experiencing a bug?

]]>https://forum.netgate.com/post/1039888https://forum.netgate.com/post/1039888Thu, 28 Apr 2022 04:48:23 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 03:05:12 GMT]]>@bigtimmyc Please read here: https://docs.netgate.com/pfsense/en/latest/firewall/configure.html

]]>https://forum.netgate.com/post/1039874https://forum.netgate.com/post/1039874Thu, 28 Apr 2022 03:05:12 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 02:53:42 GMT]]>@nollipfsense So I found I can set my default gateways to be the loadbalancing gateway groups I created but I dont think the default LAN "any any" rules are respecting the defaults as its only using one connection during speedtests etc.

]]>https://forum.netgate.com/post/1039872https://forum.netgate.com/post/1039872Thu, 28 Apr 2022 02:53:42 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 02:45:30 GMT]]>@bigtimmyc Any means just that whereas LAN Net means just from LAN Net, nothing else.

]]>https://forum.netgate.com/post/1039870https://forum.netgate.com/post/1039870Thu, 28 Apr 2022 02:45:30 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 02:35:22 GMT]]>@nollipfsense What difference would this make compared to any?

]]>https://forum.netgate.com/post/1039868https://forum.netgate.com/post/1039868Thu, 28 Apr 2022 02:35:22 GMT<![CDATA[Reply to Subnet Firewall Rule Issue on Thu, 28 Apr 2022 02:18:03 GMT]]>@bigtimmyc Pass any from LAN Net...

]]>https://forum.netgate.com/post/1039867https://forum.netgate.com/post/1039867Thu, 28 Apr 2022 02:18:03 GMT