Gateway Monitor IP Doesn't Seem To Work - What am I missing? [Solved]

[rkubes]

I have two gateways configured on my instance of OPNsense. The primary is connected directly to my primary ISP's equipment and will pull a public IP. This gateway works as expected.

I have a secondary gateway configured for "failover" so that if my primary Internet drops, I can run off this secondary equipment. For reasons beyond my control, there is another router between the OPNsense interface for this gateway, and the actual Internet. So, the DHCP on this interface will pull a private IP in the 10.x.x.x range.

My challenge is I don't keep this secondary Internet up all the time, but the router is up all the time. (It's easier for me to remotely manage the upstream device to make it available when backup is needed). So, if I leave the gateway monitoring on the default, it assumes this gateway is always up, since it can ping that router all day.

However, if I change the Monitor IP of that gateway to 8.8.8.8; it will assume the gateway is down. I can even SSH into the OPNsense instance, and I can run the ping command to hit 8.8.8.8 using that Interface's IP as the source, and it will get responses with no issue. However, OPNsense UI still shows that the interface is "down." All other devices that are connected to that router (I've done this for testing) are able to get out to the Internet without issue and can ping 8.8.8.8.

I've tried both with "Disable Host Route" and without it enabled, and the result is the same. I'm not sure what else I could try.

I don't think it's a firewall rule issue, since this is outbound and I have rules to allow all outbound traffic from my LANs through the Failover gateway group. Moreover, I assume the "ping" is coming from the interface itself, so my LAN firewall rules probably don't even come into play.

As mentioned, all other devices are able to connect just fine through that router. Running ping from the OPNsense SSH shell to 8.8.8.8 is successful. And also if I do something to "force" the gateway up - like disabling monitoring or allowing it to monitor the gateway IP itself (default) - then all connectivity works as expected. It just seems like I must be doing something wrong or not understanding enough how to properly configure to use a "public" monitor IP to track when that interface truly has Internet access.

Any assistance will be appreciated!

Edit:
I apologize I was able to solve this on my own right after posting this. I figured I'd leave this here for reference in case anyone else comes across this same issue.

I noticed the one difference was the "ping" command was sending something like 50+ bytes by default, but under the "advanced" settings for the gateway there was a configuration for the "Data Length" that defaults to just "1". I tried the "ping" command with a packet size of just "1" and then 8.8.8.8 would no longer respond.

I tried then with a packet size of "10" - just picking an arbitrarily larger number and 8.8.8.8 started responding again. I didn't dive deeper to find "what is the minimum data length for a ping that 8.8.8.8 will respond to." However, 10 seems to work. Since I put 10 in for the Data Length, everything is working exactly as expected.