Traffic blocked even with any/any rules on both interfaces On Wan Interface
-
Dear All,
We deployed the pfsense in multivlan scenario on Cisco device. Pfsense is working in single vlan to point as default gateway as pfsense LAN ip.
Our problem is pfsense firewall is blocking the Wan interface even though ip given the default route to Pfsense.
Error message i got in the log file "@2 block drop out log all label default deny rule"
Pl help us to solve this issue
 -
By default, any incoming traffic hitting the WAN interface is blocked. Did you add an "allow all" rule for "WAN to any"?
-
I did the allow any rule on the wan interface but still traffic are blocked via the interface.
For your reference i attach the screen shot.
Please guide us to solve this issue and make this scenario as live.
 -
You have asymmetric routing happening somewhere.
pfSense is seeing half a connection, and dropping packets because they don't match the state table.
For example:
Host A sends TCP:SYN …. Some router ... Host B
Host B sends TCP:ACK .... pfSense blocks it because it didn't see the TCP:SYN. -
Here I attach our implementation scenario. Our campus LAN's are separated with Vlan concepts. Each network has own gateway and we enabled the intervlan routing.
Pfsense is working HostA(Pointing default gateway as pfsense LAN ip)–-->Pfsense---->Internet
But traffic's are blocking HostA(Pointing default gateway as Vlan ip) an entered the default route to pfsense--->Cisco--->Pfsense--->internet.
Pl guide me how to solve this issue.
