I have a strange issue on one of our firewalls. i found some nearly similar threads here in the forum, but the solutions their don't work. But it looks like a double-nat asynchronious routing problem, but im'm not the expert here.
On the router of the provider, i had a port forwarding for ipsec and also https and ssh. (no source ip restrictions possible)
On the firewall i have the rule to allow all traffic from the source ip of our office to the wan interface.
But when i try to connect from the office, the "default deny" rule matches and the traffic is dropped.
I tried with the advanced setting of the rule and the state type "sloppy" and "none" but this don't have any effect.
Internet <=> Provider Router, 192.168.1.1 <=> OPNsense Firewall 192.168.1.128
All IP's are fixed. Netstat on the firewall told me the following: (The ip's i x-ed are vpn ipsec networks, which currently also not work, the 192.168.9.0 net is the guest wlan)
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGS igb0
10.x.x.x/24 192.168.1.1 US igb0
127.0.0.1 link#5 UH lo0
172.21.9.0/24 link#2 U igb1
172.21.9.1 link#2 UHS lo0
172.27.x.x/16 192.168.1.1 US igb0
192.168.1.0/24 link#1 U igb0
192.168.1.128 link#1 UHS lo0
192.168.x.0/24 192.168.1.1 US igb0
192.168.9.0/25 link#8 U igb1_vla
192.168.9.1 link#8 UHS lo0
A i was onsite to install the firewall on monday's the connections worked, but now not anymore without a change (until now which i tried with sloppy, and so on).