Messages

1

General Discussion / Changing firewall gateway rule to failover group prevents SSH or WebGui access?

« on: February 23, 2024, 08:34:43 am »

Title calls out about as much as I know thus far-I've had dual WANs setup for some time, but realized today that my firewall rules enabling internet access for LAN and for my various VLANs had "default" set for their Gateway. I changed them to my gateway group, and after a few seconds, I'm no longer able to access the WebGUI, nor am I able to access the console via SSH. I went in, restored a backup, everything came back no problem. Made the same change again, with the same result.I've verified that both WebGUI and Secure Shell are listening on all interfaces in System > Administration. Anything else I should check?

UPDATE: It looks like it breaks routing. I can get to the internet, but getting to resources in other VLANs no longer works after making the gateway change.

UPDATE: As a test, I changed the gateway of VLAN2 which contains laptop2 to be the gateway group. From another laptop1 on VLAN1 with gateway set to default, I viewed the firewall logs as I tried to access a NAS in VLAN1 from laptop2-- I didn't see any traffic. However, when I changed the gateway setting back to default on VLAN2 and tried to access the NAS in VLAN1 from laptop2, I could immediately see the traffic hit my firewall.

Am I misunderstanding what the gateway setting does? Does it force all traffic to go to the Gateway WAN group, even if it's internal?