Cross-posting this from the Netgate Forums (link to original):
Here’s an interesting one. I’ve got one of my 2 WAN interfaces currently marked as “Mark Gateway Down” under System->Routing->Gateways. I ran a packet capture on the interface and I’m seeing a bunch of ARP traffic (expected), but I’m also seeing ICMP traffic to the ISP router, and a bunch of DNS over TLS traffic going with Cloudflare and Google IPs.
I can only use the “Mark Gateway Down” option, and not the “Disable this Gateway” option, because the interface is part of a Gateway Group. Can anyone explain why this traffic would still be flowing?
I’m guessing that it’s related to the threshold levels you can see under the advanced section in Gateways. Perhaps a combination of latency and packet loss triggers a gateway down.
Thanks for the response. In this case, I forced the GW down, so all traffic would go out WAN1. If I look at Status->Gateways, I can see WAN2 as Offline (forced), which is what I want for testing. However, I still see traffic going out WAN2, which is what confuses me.
I’ve got a UDM SE running Talk, sitting behind the pfSense. I’m trying to force all VoIP traffic out WAN1, but for some reason, Talk keeps picking up the WAN IP from WAN2. Whenever that happens Talk starts throwing fits and I have all sorts of issues with calling.