Question about policy based routing

Started by diekos, April 10, 2022, 08:55:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 10, 2022, 08:55:01 PM
Hello!

I have a question about the Gateway / policy based routing options on the firewall.
When i have for example a LAN and GUEST network, and 2 WAN connections.
WAN1 has a gateway with priority 10, and WAN2 has a gateway with priority 20.
There is a gateway group which has WAN2 as tier 1, and WAN1 as tier 2.
LAN has an allow all rule with gateway set to "default".
GUEST has an allow all rule with gateway set to the gateway group mentioned above, so that GUEST will use WAN2 as default, and fall back to WAN1 when WAN2 is down.

GUEST can't ping LAN despite the allow all rule, but that is because it uses the gateway group, so that is expected.
What I find unexpected is that LAN can ping to the GUEST network and get a ping reply from a device in the GUEST network, despite the GUEST network using the gateway group.
How does the device on the GUEST network know the route back? Is this because there is some kind of connection tracking causing this?

Can someone help me understand how this works?

Thanks in advance!
Print
Go Up Pages1
User actions