DNAT auto firewall [Register Rule/Pass] fails in multi-gw setups + how to fix it

superpower · January 29, 2026, 05:41:34 PM

On deployments with multiple gateways, opting for automatic firewall rule creation via "Register rule" or "Pass" creates rules that do not include the advanced mode "Reply-to:" configured, so if a query comes via GW1 it will probably return via GW0 and be dropped.
Solution is to set to manual and enter your desired reply-to gateway in the dropdown.
Hope this helps

franco · January 29, 2026, 07:16:56 PM

Can you raise a ticket on GitHub about this? This may require a bit of discussion.

Thanks,
Franco

DNAT auto firewall [Register Rule/Pass] fails in multi-gw setups + how to fix it

superpower

January 29, 2026, 05:41:34 PM

franco

January 29, 2026, 07:16:56 PM #1