Help with Multi WAN and port based routing, please.

[TUCUadam]

Hello,

I've already searched and while a few people have had similar issues, the threads all seem to trail off without a fix. Hoping someone can help.

I have a fairly simple setup with 2 1G fiber lines into separate WAN interfaces and a 10G LAN interface. I am trying to configure the firewall to route all https traffic out of WAN-2 and all other traffic out of WAN-1.

   
• Both WANs are set up as single gateways and no groups for failover or load balance.
• Each WAN has an independent NAT rule
• I've created a firewall rule on LAN-In to use the WAN-2 gateway for all DEST https
• The first connection to an outside https dest will use the correct WAN-2 outbound interface
• Subsequent connections from the same source to the same dest will use the incorrect WAN-1 outbound interface

   
• To elaborate on the above, visiting whatismyip.com will show the correct IP address of WAN-2
• Refreshing the page will update the IP address to show that of WAN-1
• but SHIFT + Refresh (clearing cache) will show WAN-2 again.

Is this a NAT problem with an established session or a firewall rule problem? I feel like it has to be NAT due to the shift+refresh cache clear showing the correct IP, right? I'm just having a hard time grokking the logic flow to find the fault right now.

[TUCUadam]

Alright, found the gremlin after a few hours sleep: My firewall rule was TCP:443 instead of TCP/UDP:443 here I was thinking that all HTTPS connections to web servers would be TCP. Enabling UDP in the firewall LAN-In rule sorted everything.