Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ping is working over vlan after deny rule

    L2/Switching/VLANs
    4
    8
    248
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oren1031
      last edited by

      I have 2 vlan on same the interface.
      I have a rule deny traffic between them, and rdp isnt working..
      but ping is always working.
      i have pfsense and tplink SG108E
      getting correct ip according to the vlan but ping is always working even when deny all..
      pc1 192.168.100.50
      pc2 192.168.200.1
      deny all from vlan100 net to vlan200 net..but ping is working...rdp not
      why ping keep working and not blocked..?

      V S 2 Replies Last reply Reply Quote 0
      • V
        viragomann @oren1031
        last edited by

        @oren1031
        I suspect, you have an L2 leak.
        Configure your VLANs properly so that both directions have to pass pfSense.

        O 1 Reply Last reply Reply Quote 0
        • O
          oren1031 @viragomann
          last edited by

          @viragomann thank you for the answer, L2 you mean at the switch level? Or configure again on pfsense?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @oren1031
            last edited by

            @oren1031
            Yes. probably the failure is on the switch.
            Your issue case seems to be asymmetric routing.

            O 1 Reply Last reply Reply Quote 0
            • O
              oren1031 @viragomann
              last edited by

              @viragomann thank you ill check the settings on the switch and updat.

              1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @oren1031
                last edited by

                @oren1031 if you are actively pinging and add the block, the state is still open:
                https://docs.netgate.com/pfsense/en/latest/troubleshooting/firewall.html#check-the-state-table

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                O 1 Reply Last reply Reply Quote 0
                • O
                  oren1031 @SteveITS
                  last edited by

                  @steveits reset stats diesnt help...

                  1 Reply Last reply Reply Quote 0
                  • H
                    heper
                    last edited by

                    @oren1031 might be good to show screenshots of 'everything'

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.