So, I just realized that if i use my WAN IP in my browser from within my network, it brings me to my pfsense login page…
At first I panicked thinking this was also accessible externally, but luckily it is not.
I have rules in place to prevent devices from accessing the GUI unless they’re part of an alias, however if I access it in this way, it bypasses the check.
Why is my WAN IP resolving to my pfsense login?
Edit: As just about everyone has mentioned, this seems like NAT Reflection, however I have this disabled everywhere I’ve found. Here is the setting in System>>Advanced>>Firewall & NAT as well as in the individual NAT rules as seen here
Hm, currently I have PFsense and my other network equipment on it’s own “management” VLAN, and I don’t allow my other VLANs access to it (except for a couple devices I whitelist). None of those can reach PFsense via the LAN IP as I expect, only by the WAN IP.