I run a lab at work that is a couple hundred VMs, spread across ~50 VLANs that are all routed by one core router. We have been using a Palo Alto, but last Thursday I setup a spare server as a pfSense box just to have as a backup. At first I setup the box with the firewall turned off since it was only a router, but I quickly discovered that basically nothing gets logged when you do this. I setup the most permissive floating rules possible so that I can log the traffic.
Quick match, any interface, any direction, any protocol, any flag, log traffic.
My environment lives on a secured network with many layers of security long before anything touches this router (and the IPv6 doesn’t have any path out as our corporate overlords are IPv4 only). This is working for the vast majority of the traffic just fine, but some small percentage seems to keep getting blocked by the “default deny rule” with a protocol listed as TCP:A and I can’t for the life of me figure out why.
Netgate’s documentation suggested that it may be an asymmetric routing situation. Troubleshooting — Troubleshooting Asymmetric Routing | pfSense Documentation
It doesn’t seem to apply to me though as I have no static routes defined, nor do my networks have multiple gateways.
Anyway, if anyone knows what weird edge case I have here, I’d appreciate any insight.