pfSense

Not sure if this is a bug, but seems to be.

Steps to replicate:

Multi tier system. Cisco ASA at the top with separate links to the NET, DMZLink Network, LANLink Network.
Lan pfsense has static route to DMZ network via DMZ firewall connected to DMZLink Network. DG is set to LANLink network.
DMZ pfsense has static route to LAN network via DMZLink Network. DG is also set to DMZLink Network.

Symptoms:
DMZ machine is able to hit the LAN machine via port 80 and return a webpage.
LAN machine is NOT able to hit DMZ machine via port 80. Instead the SYN ACK packet hits the DG of the DMZ firewall (the ASA)
It appears that it is quite happy to following the routing for the SYN packet from the DMZ machine to the LAN.
But when it responds to a LAN SYN packet, the SYN ACK appears to ignore the static routes and just follows the DG.

Steps to overcome:

Created new network on both firewall's, removed existing routing/gateways for the LAN/DMZ networks to go via this new network. Key difference, the network it is now routing over is not a DG for either firewall.

This was replicated on 2 other systems in a similar way. And fixed accordingly.

Attached is a diagram describing the setup.