port forward fails from on external subnet, but works elsewhere

[spollock]

Net: External iface, 10.80.150.11/24 with upstream GW set to 10.80.150.1

Firewall:
rule permits 443 to the forward host 10.0.1.40 from anywhere
port fwd rule permits 443 from anywhere to 443 on 10.0.1.40

From a device directly on the 10.80.150.0/24 network, I CANNOT establish the connection to 10.0.1.40 port 443

From ANY (other) subnet I CAN establish the connection to 10.0.1.40 port 443, for example from another routed subnet upstream like 10.80.100.0/24 it works great.

Is there something I need to set on the FW that will allow connections to be established from other devices that are directly connected on the external interface?

I verified this on more than one OPNsense box and they all behave the same.

Many thanks!