Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic blocked even with any/any rules on both interfaces On Wan Interface

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pazhamalai
      last edited by

      Dear All,

      We deployed the pfsense in multivlan scenario on Cisco device. Pfsense is working in single vlan to point as default gateway as pfsense LAN ip.

      Our problem is pfsense firewall is blocking the Wan interface even though ip given the default route to Pfsense.

      Error message i got in the log file "@2 block drop out log all label default deny rule"

      Pl help us to solve this issue

      ![Pfsense firewall log.JPG](/public/imported_attachments/1/Pfsense firewall log.JPG)
      ![Pfsense firewall log.JPG_thumb](/public/imported_attachments/1/Pfsense firewall log.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • K
        Klaws
        last edited by

        By default, any incoming traffic hitting the WAN interface is blocked. Did you add an "allow all" rule for "WAN to any"?

        1 Reply Last reply Reply Quote 0
        • P
          pazhamalai
          last edited by

          I did the allow any rule on the wan interface but still traffic are blocked via the interface.

          For your reference i attach the screen shot.

          Please guide us to solve this issue and make this scenario as live.

          ![WAN interface deny.JPG](/public/imported_attachments/1/WAN interface deny.JPG)
          ![WAN interface deny.JPG_thumb](/public/imported_attachments/1/WAN interface deny.JPG_thumb)
          ![wan -allow rule.JPG](/public/imported_attachments/1/wan -allow rule.JPG)
          ![wan -allow rule.JPG_thumb](/public/imported_attachments/1/wan -allow rule.JPG_thumb)

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You have asymmetric routing happening somewhere.

            pfSense is seeing half a connection, and dropping packets because they don't match the state table.

            For example:

            Host A sends TCP:SYN …. Some router ... Host B
            Host B sends TCP:ACK .... pfSense blocks it because it didn't see the TCP:SYN.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              pazhamalai
              last edited by

              Here I attach our implementation scenario. Our campus LAN's are separated with Vlan concepts. Each network has own gateway and we enabled the intervlan routing.

              Pfsense is working HostA(Pointing default gateway as pfsense LAN ip)–-->Pfsense---->Internet

              But traffic's are blocking HostA(Pointing default gateway as Vlan ip) an entered the default route to pfsense--->Cisco--->Pfsense--->internet.

              Pl guide me how to solve this issue.

              ![Pfsense Scenario.JPG](/public/imported_attachments/1/Pfsense Scenario.JPG)
              ![Pfsense Scenario.JPG_thumb](/public/imported_attachments/1/Pfsense Scenario.JPG_thumb)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.