pfSense

I can't replicate this here. I create a host route and it's there both before and after applying settings?

We'll need a lot more information to go on, such as how the host routes were added, if they overlap with anything like gateway monitoring IP addresses, DNS server entries, etc. However, this site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum .

See Reporting Issues with pfSense Software for more information.

If a bug can be reproduced, this can be reopened with more detail about how to replicate it and the circumstances involved.

Hello,

Sorry for the late response...
tThe problem is definitely reproducible. I also discussed it with the PFSense+ team, who recommended reporting it as an issue.

May about the special installation. We use the PFSense as an HA cluster. The side to the Internet is realized via BGP and two own paths to the Internet. The internal side is to the DMZ and has CARP activated.

It is interesting to note that host routes, but not network routes, are deleted. The monitoring for the gateway (in this case the virus scanner) is deactivated.
We only use routing, HA with CARP, FRR (BGP only), Zabbix, SNMP (as server) and firewall rules on the PFSense devices. DNS, DHCP, DHRELAY and so on are deactivated. Also, only static addresses are used on the firewall (ipv4 and ipv6).

It is also interesting to note that the change is not transferred to the secondary PFSense node in ha cluster - the host route is retained there.

The addresses differ in that they are in the same network as the PFSense and the CARP address. As already written, the point is that the host route sends the traffic back to the virus scanner.

I would like to support it, as I also see this error as a risk for companies that use PFSense. Host routes are supposed to secure special scenarios.

VG from Germany
Robert