Hello,
I've already searched and while a few people have had similar issues, the threads all seem to trail off without a fix. Hoping someone can help.
I have a fairly simple setup with 2 1G fiber lines into separate WAN interfaces and a 10G LAN interface. I am trying to configure the firewall to route all https traffic out of WAN-2 and all other traffic out of WAN-1.
- Both WANs are set up as single gateways and no groups for failover or load balance.
- Each WAN has an independent NAT rule
- I've created a firewall rule on LAN-In to use the WAN-2 gateway for all DEST https
- The first connection to an outside https dest will use the correct WAN-2 outbound interface
- Subsequent connections from the same source to the same dest will use the incorrect WAN-1 outbound interface
- To elaborate on the above, visiting whatismyip.com will show the correct IP address of WAN-2
- Refreshing the page will update the IP address to show that of WAN-1
- but SHIFT + Refresh (clearing cache) will show WAN-2 again.
Is this a NAT problem with an established session or a firewall rule problem? I feel like it has to be NAT due to the shift+refresh cache clear showing the correct IP, right? I'm just having a hard time grokking the logic flow to find the fault right now.
Alright, found the gremlin after a few hours sleep: My firewall rule was TCP:443 instead of TCP/UDP:443 here I was thinking that all HTTPS connections to web servers would be TCP. Enabling UDP in the firewall LAN-In rule sorted everything.