    The internal network is separated into 3 different subnets, physically connected to 3 gigabit switches and to a physical ESXi server which is hosting, among the other servers, the pfSense vmware appliance. The ESXi server is physically connected to all the 3 switches and to 2 WAN.


    The situation is the following:

    This is the routing table:

    This is the interfaces group:

    These are the firewall rules:

    The problem arises here though.

    If I try to ping any IP on another subnet, let's say trying to ping (on LAN3) from the LAN1, here it is what happens:

    BUT if I try to ping from the LAN3 the same IP, the connection is succesful:

    It's so basic configuration, yet it doesn't work :( What I'm doing wrong? :(

  • I don't have an interface group, but I just checked the same sort of thing, and yes, a ping sourced from LAN1address to a client on LANn works fine on 2.1.1-RELEASE.
    Do you have any block rules on LAN1 that might be getting in the way before the Interface Group rules?
    (now I have forgotten which order those rules get applied - better check the pfSense book or the code :)
    Is the client a Windows system that might be answering to its local subnet, but not to LAN1 (because of a client firewall restriction, or it does not have a default gateway set)?

  • A worrying doubt just raised….

    I'm planning to do the full replacement during the weekend to not impact too much the office network, so I'm still using the Draytek gateway AND I'm setting up the pfSense configuration. So the gateway on the PC I'm trying to ping is still the Draytek one, not pfSense.

    That might be the issue?

  • Shame on me, THAT was the issue  :-X

    the gateway on the destination IP was yet the Draytek one, thus the ICMP packet was being lost during the path.

    You just made my day! Many thanks Phil!!  :D

