pfSense can do 1:1 (Firewall > NAT, 1:1 tab) and depending on what you mean by static NAT, that can probably be done also. If you meant 1:1, as I said that is possible. If you meant static port, you can do that too, under Firewall > NAT, Outbound tab. You can switch to manual outbound NAT and define rules to use static port so outgoing traffic matching those rules won't have its ports altered.

Well in 2.0 this would be doable but is not yet exported to the GUI :(

Anyone have advice yet?  Here's the current setup: WAN: 5.5.5.2/24 gw: 5.5.5.1 OPT1: bridge with WAN OPT2: 5.5.6.2/24 gw: 5.5.5.1 Other ip's in 5.5.5.0/24 network don't work reliably.  If I restart the firewall I can ping 5.5.5.2.  As soon as I restart the server it breaks again although I don't see any traffic being blocked on firewall.  Which leads me to believe something gets messed up in the firewall's routing tables or something and it gets reset when I restart the firewall.  the 5.5.6.0/24 network works fine. It has to be a common configuration where you have a large block of IPs and you want the first ip to be the firewall and the rest to be filtered through the firewall.  The only sollution I can think of now is to have ISP give me another /30 ip so I have a different external ip from the two class c's but there has to be a way to get it to work.

This is me too, I have the same problem

This is me too, I have the same problem

as sir jimp said to my post, for outbound load-balancing it is in the System –> Routing then create gateway groups in the group tabs. pools are not necessary. also try to uncheck default gateway for fast switching. i don't know but for my testing it seems to be effective. :)

ah i see that's why even if i deleted those pools, load balancing is still working fine. :) Now am still in the process of testing that floating rules so squid will be able to fail-over to another gateway. I cannot get it going following the procedure of sir ermal http://forum.pfsense.org/index.php/topic,15272.0.html. I know you have said that you haven't gone that far yet  but i believe in you and the rest of the pfsense community can achieve it to help more especially newbies like me. :) hope to read more successful threads about it. once again thank you for such kind responses.

Yes, I could change the gateways on the Cisco and ASA boxes to specify the L3 upstream switch and do the routing I need on it - but I was hoping it could be accomplished like on the Cisco ASA's by adding an extra route.  It also means using 2 public IP's for the router interfaces on the upstream switch. I sounds like what you are tryng to do is make the pfsense do something outwith it's control. in essence the pfsense box is just chucking stuff out it's WAN port. once done the switch is the key and should switch the data to the cisco's. if you want the pfsense box to do this then you need to make it route the traffic via another interface to the ciscos directly and setup static routes there. what you are doing here is telling the PF box to route all traffic via it's wan interface to the switch. then wondering why the switch isn't routing. with the static route will get the traffic to the switch, which is what would happens anyway then the switch is sending the traffic to the wan ans not the cisco.

Nope, same issue. But I found a workaround: using opt1 and opt2 interfaces in the failover pool.

Exactly the same as with 2 WANs. Simply the pools contain more WANs.

Nowadays, almost no-one cares about classful nets anymore, so I wouldn't worry about it.

Firewall –> Virtual IPs. Create as many additional VIPs as you have IPs. Then use these VIPs in rules (NAT, firewall, etc)

The default gateway of the WAN. The loadbalancing/failover doesn't follow the routing table, but the pools you create. Thus the pfSense itself cannot make use of failover/loadbalance because it only follows the routingtable.

The advantage is that you can use both WANs for outgoing connections, instead of only using one. It would seem faster for most users, since they wouldn't all be sharing a single connection.

Try using google dns or opendns as your monitor and dns servers

In pfSense, you make VLAN interfaces and then assign them however you like. They work like any other interface at that point. So you could have VLAN tag 01 and VLAN tag 02 setup in pfSense, and assign VLAN 01 as LAN, and VLAN 02 as OPT1. It's not recommended to mix tagged and untagged traffic on a single interface though, so if your "LAN" interface is plugged into the tagged/trunk port on the switch, it should only use VLAN-tagged interfaces there.

Thanks for the response Jimp, I don't know what exactly you trying to explain to me. However I tried to setup failover to the primary firewall and I follow the procedures here http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x although this procedures the pfsense box acting as a gateway not a router because there is another router setup before the pfsense. Ours are different we don't have router before pfsense, the pfsense acting as router and gateway, so my WAN has the Public Static IP address the same as the WAN2 and it is not working for me. are you be able to guide me through. Thanks.