You can do this without RIP, it's far cleaner and more secure.  After disabling RIP, the trick is to add a return route from the pfsense box, back to the L3 switch.

Sorry for the late response, i did not find a solution, but it doesn't really matter anymore since the school project is at the end. Thanks though for all the input!

thanks for the responces, I'm attaching a drawing of my network. If my question is a dumb question, keep in mind I'm mostly a coder but because I'm the GM of a small software company, I am the defacto network administrator, even though it's not my strength. There is no real good reason to have the VM on network 192.168.1.0, but the test cloud infrastructure does need a seperate network with access to the internet. to the best of my knowled there is also no need to have the PFSense FW on the network 192.168.1.0. Originally the swith had a static route to ip 192.168.3.2, but when the cloud infrastructure did not have access to the internet I added the 2nd LAN to PFSense and VM to make easier to test and trace the traffic. Again thanks for the help!! Carlos [image: network_design.png] [image: network_design.png_thumb]

Yes, update is important.  I am not familiar with Cyberoam devices but I am 100% sure that with a proper load balancing setup you can achieve the combined bandwidth using pfSense.

Okay, then. Post the logs.

I finally realized that it was default LAN Firewall rule that was only allowing packets from a LAN subnet IP address.

Add a Pass rule on your wifi interface to allow access to the printer's IP address on LAN. https://doc.pfsense.org/index.php/Firewall_Rule_Basics https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

post screenshots [image: screencapture-177-159-238-186-8443-system-php-1477333405652.png] [image: screencapture-177-159-238-186-8443-system-php-1477333405652.png_thumb] [image: screencapture-177-159-238-186-8443-firewall_rules-php-1477333444573.png] [image: screencapture-177-159-238-186-8443-firewall_rules-php-1477333444573.png_thumb] [image: screencapture-177-159-238-186-8443-system_gateway_groups-php-1477333344724.png] [image: screencapture-177-159-238-186-8443-system_gateway_groups-php-1477333344724.png_thumb]  

First of all, you do not need to setup separate gateway groups for failover as well as firewall rules for the same. pFsense automatically uses the gateway currently online. Secondly, you did not select 'LAN net' in Source in LAN rules. Still need help ? Just give a quick reply.

xinetd is not switching anything to do with WANs. It's only handling the local TFTP proxy. That message doesn't indicate anything to do with which wan is preferred or default.

No that is not how it would be done.. Even if you wanted to use multiple pfsense, that is NOT how it would be done.. Completely agree with Derelict, this would be much easier with just 1 pfsense and multiple segments.  If have spare hardware setup a carp, etc.

Yes. Put it on an available OPTX interface. The point is to NOT perform NAT for those addresses, Not to add a NAT rule.

NAT on router #2. Don't on router #1. There isn't going to be anything resembling "seamless" failover. All existing firewall states on Router #1 will be useless. No inbound connections will be possible into router 2.

Why would the number of users matter??  It matters how much bandwidth their sessions are pushing..  While yes at some point the number of sessions could come into play.  That is not going to be your issue.  Your isp limits you to 1 gig.. Connecting multiple devices because they gave you a switch is not going to get you above 1 gig..  If you think that is the case give it a try connect multiple devices and all load them up do you get 2gig, 3gig, 4gig all the way up to the number of your ports?

@rogeriosilva: We tried to use 2.3.2-p1 version on Windows Server 2008 R2 Hyper-V, but this PFSense version does not recognize this virtualizer IDE virtual controller. We also tried some previous versions, but we also had some problems on PFSense installation. What do you mean by "not recognize"? Could you provide a screenshot? And by the way, with 2008 server you should use only fixed size .VHD, not dynamic one.

Added the rules, works now. Thanks!

I have a simular question, I just want to use both at the same time and have both access each others LAN (both have the same multiple VLAN interfaces)