2 pfSense 2 Wan 2 locations 1 network

Networking & Firewalls
1

Hello, im here again to get some help with my new network layout. Most of it is working, but im having 1 routing issue.

ive allways had 1 Wan conection in my home, and a wifi bridge to give conectivity to my office and my parents with a UBN Nano Loco (100mts only).

Recently I got a 2nd ISP provider for my office after some issues with my home ISP.

So now i want to push for a 2nd pfsense in my office to have full redundant conections. in case of a ISP issue or just power outage (we are 100mts apart, but we are in 2 power zones, so we usually have only 1 side out)

i made a little diagram to explain my current setup

RedCasaOfi.drawio
RedCasaOfi.drawio721×537 17.3 KB

Backup WAN is working great with Vlans pointing at the other pfsense. And each pfsense is routing ok its local users with its vlan.

But when im using a Vlan (16) that works with pfsense 2, i can access the internet, but i cant acces a NVR that is in the LAN network. I have the same rules in VLAN 16 and 17 (one in each pfsense)
17 can access NVR, 16 cant.

pfsense 1 LAN Rules

pfSense1 LAN Rules
pfSense1 LAN Rules1176×292 24.7 KB

pfsense 1 VLAN 17 Rules

pfSense 1 VLAN17 Rules
pfSense 1 VLAN17 Rules1182×196 23.4 KB

pfsense 2 LAN Rules

pfSense 2 LAN Rules
pfSense 2 LAN Rules1170×247 24.1 KB

pfsense 2 VLAN 16 Rules

pfSense 2 VLAN16 Rules
pfSense 2 VLAN16 Rules1172×282 22 KB

I dont know what else i could try. any ideas?

2

On your VLAN16 rules you need to set the source to the VLAN16 subnet as your source and not *. See if that makes a difference.

Its still best practice to do this any.

3

Ive just set the Source to VLAN16, in VLAN16 firewall rules, still no connection to NVR

4

Do you have any firewall rules on your NVR that blocks inbound from your VLAN16?

5

no, nothing in the NVR side.

I also tested other ips, like a nginx docker, unraid server, Home Assistant VM, all inaccesible from VLAN16.
I deleted those rules to simplify the screenshot

All servers are accesible from LAN or VLAN17 with its rules. Just VLAN 16 that routes trough pfSense 2 is not working.

6

Im coming back trying to make my weird network work

RedCasaOfi.drawioSin2wan
RedCasaOfi.drawioSin2wan721×537 28.8 KB

I tested the network without the “backup” wan for both pfsense boxes. Just 1 WAN each pfsense, but i cant still reach PCS in LAN Address from VLAN16 routing trough pfsense2.

The 2nd WAN interconection is not causing the issue