First off all, thanks a lot for every effort you made to release V18. that's really great.
Apologize for double-posting.
I am using portforwarding (nat rules) to forward SSL traffic from DMZ based mail-proxy or ssl-proxy to other servers in the LAN-Area.
Since updated from 17 to 18 forwarding of incoming https-traffic (443) from DMZ to LAN is not working.
1.) before i deactivated listen port in admin for web-gui from all (default) to lan, every ssl request was returned from web-gui certificate (which was the wrong one :))
2.) i changed the web-gui listen port to LAN to ensure access from internal lan. external forwarding to my mail-proxy or ssl-proxy is now not longer answered from (wrong) web-gui certificate of opnsense, BUT the mail-proxy and ssl-proxy is responding with "ERR_SSL_PROTOCOL_ERROR". Means all firewall-rules and NAT-rules working but the "ERR_SSL_PROTOCOL_ERROR" is somehow (i dont know where) in the communication of the firewall to the DMZ based proxys.