Messages

Thank you, that makes a lot of sense.

I have disabled the floating rules and added an any/any on the PP1 and TC_PSS interfaces to confirm routing. I am no longer hitting the default deny but I am still not getting a response. I have also tried PP1-PP2 interfaces and it fails to get a reply. Could this be a routing issue? If so is there some best practise to get traffic flow between interfaces?

What would you say about my implementation is wrong specifically? I know floating rules are processed first, but the default deny is set to last match. All my rules are set to first match. Should that not override the default deny? Have I misunderstood something here? I'm relatively new to opnsense.

Thanks, I will do that. However the floating rules appear to be working. The issue is it isn't hitting my allow rules, why is it hitting default deny before my allows?

I have a setup with the below interfaces:

WAN
TC_PSS - 172.16.200.1
PP1 - 172.16.201.1
PP2 - 172.16.202.1
PP3 - 172.16.203.1

Rules are set to allow traffic between the PP interfaces to TC_PSS, but to block traffic between PP interfaces. The issue I have is any traffic between the PP and TC_PSS interfaces is ignoring my allow rules and is hitting the floating Default deny rule first. What am I doing wrong?

Additionally, pings from devices on PP1 to TC_PSS do not hit any deny rules, but never get replies. Am I getting asymmetric routing?

I have attached the rules I have configured. Any help would be greatly appreciated.