HTTP traffic through bridge getting 502 status

jasperdillon

Hi all,

We've got an ongoing 'odd' issue with regards to pfSense (2.6.0) that I'm curious to see if anyone has any input on.

pfSense is front of ship in the network, as a transparent bridge, purely acting as a firewall, no NAT, routing, etc. Most of the traffic coming through it is HTTP/HTTPS traffic to backend webservers.

99.99% of the time, everything is fine.
But there's 2 oddities, related to 502 status on services running behind pfSense.

We are getting v. intermittent (maybe 0 - 0.5% of requests) 502 Bad Gateway responses from end-user browsers visiting the sites running behind pfSense. No real rhyme or reason to it. This ONLY happens on sites running through a proxied WAF service like Cloudflare.
If you route traffic directly from the end browser to the IP our end, everything is fine 100% of the time, so it's not an overloaded host or anything like that.
Running the tests on pfSense WebGUI itself - absolutely fine. As soon as you go a single layer deeper than that, the 502s start... so it's really as if pfSense is dropping the packets.
When routing traffic through a specific WAF, requests from certain geographic locations (some US cities, Australia & a good chunk of Asian locations) get a consistent 502 Bad Gateway. The WAF provider says it's an issue our end...
We're definitely not blocking the IPs in pfSense, our ISP doesn't filter our traffic...
It's only a v. small selection of HTTP services impacted (maybe 2% of them...), and it's not tied to a specific backend webserver or IP address...
Beginning to suspect it's actually an issue in the HTTP application itself, rather than pfSense itself.
Running real short of things to look into on this one though.

Any genius ideas out there from the community?