@ervin23 I would guess you would divide those groups by vlans but if you don't want to, it should be doable like you have described it, not done it like that myself though. You should beginn with something like this and get it working. Also see this.

@nikim Did you by any change nat the outbound of pfSense to the CARP VIP? Show the outbound NAT rules please, if unsure. Did you state an alternative monitoring IP?

@johnpoz I wouldnt. Sorry. I misunderstood you :)

@robh-0 What happens if you restart the dpinger service instead? There are situations where the pings are responding properly (do you have a monitoring IP configured?) and a dpinger bounce will help that. Are all your shared gateway rules switched to the new gateway group or did you simply update your original failover group to reflect the change? Lastly is it a case of some but not all of the traffic is routing out WAN1 after fail-back? If so that's a states issue and they will reset when the states clear out for the WAN2 connection.

@jemadsen Thank you Steve for the recommendations. I will look into reflection and it sound like it will help. I have been doing traceroutes, tcpdumps, netcats. I setup a dual setup, where the VM FW handles the mail, VoIP and Web traffic. The Proctectli handles the rest of the traffic thru Starlink. I scanned some of the troubleshooting document and tried the recommendations. I initially started with the VM configuration, but when it didn't work, I reset and manually configured the Proctectli. The VM was my learning environment with more "STUFF" to take into account to troubleshoot. I have built up several pfSense FWs over the years and I know most of my mestakes, unfortunately, I am also good making new ones. Having the VM FW to use as reference. I searched for some example similar to mine, but all were failover/load balancing. I need to get my servers back online so I am using both FWs one that works for the CLWAN and the other for the SLWAN. It working now. Next I will build up a test setup on my VM Server and trouble with that. I will continue to look for an example or recipe. It is my birthday this weekend.

@robh-0 Hi , but i dont have another option. i have a server with 256 GB ram and i will use 128 GB for Pfsense and other for creating more virtual machns. i have similar setup on esxi with 8GB ram and 2 ISP links with morethan 400-600 users connection and i never faced any issues.

@cool_corona blocking bogon on a lan side interface is normally never a good idea.. That rule is not a destination rule that is a source rule. How would you have source traffic coming into your interface with a bogon source? And if your rules limit to the net your on, say lan net then the default deny would stop anything with a bogon source anyway.

Does anyone have any idea on the implementation of this please?^

@bygiuse Short answer is Yes to all questions.

@chuck1968 Talk to the ISP, you can’t do much with 2 overlapping IP addresses. Maybe the WISP can provide another SSID with a diffferent subnet.

Nobody has an explanation or a clue ? Do i need to fill a bug request ?

@justconfused I can marked it solved for you. So your currently working? While as I said I really don't think this is a pfsense issue - want to help in anyway we can to get you working.

@hugoeyng Use a DynDNS service and connect to the hostname associated.

Guys, I just started over on this. I know I should troubleshoot these types of issues instead of starting over. But I did start over and I have a working Pfsense firewall. Something I've been working on for a long time. Now the hard part will be for me to build and configure my pentesting lab behind that firewall.