I also suggest you ask your question in your native lang section… Having a hard time making out what your needing help with. Sorry.

Same layer as your pfsense?  Do you understand the difference between layer 2 and 3?

If you can not put your controller on the same layer 2 as your AP, then use Layer 3 adoption

https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-UniFi-Controllers
UniFi - Device Adoption Methods for Remote UniFi Controllers

If you create a different networkf or your wifi - you have to create rules on this new network you create in pfsense.

No one routing a virtual ip subnet from one LAN to another, eh?

That's a question for the cache/proxy board. There isn't really a great way to make that happen selectively, unfortunately, but IIRC some people there have come up with workarounds for certain cases.

What do you have as the monitor IP for the gateway?

I use 8.8.8.8, 8.8.4.4 etc, once had a load go offline when a supplier changed their gateway IP.

https://forum.pfsense.org/index.php?topic=145990.0;topicseen

Info & fix in here :)

Routing???  There is ZERO routing you would be doing.. If you were adding routes in pfsense you were doing it WRONG!!!

Pfsense automatically like any router if it has a directly attached knows how to get there..

As to firewall rules. Your first rule on your vlan should of been any any until you understand what your doing..

The gateway on a device in a vlan would be pfsense IP address in that vlan - this is auto handed out by the dhcp server.. When you setup a new network in pfsense there would be NO gateway added to pfsense or you just turned it into a wan interface.

No. You want to set up a gateway group for the ones that actually give you internet access.

But it is usually FAR better if they are all on their own interface.

@thompsonm:

Can you elaborate a little bit? You're not being very clear. I just want to know, in a setup with multiple VLANs, WANs, and multiple physical NICs, is there a way to have only instance of snort running?

Run snort on each parent interface, it picks up all the vlan traffic.

That's unfortunate to hear.
Okay. Thanks for the clarification.

Provider equipment may reside on different switches. Probably different rooms, floors or buildings.

thank you again, to finish my explanation…still I have home router (no manage inter-vlan) so long time ago I bought switch Layer 3 to create different
subnet for each department in my office.
In few days I want to replace my router with the firewall and I thought to keep the same configuration for switch (it's a pity downgrade to L2)
and the setup properly the firewall but I see nosense...

bye

Thanks alot. It was a firewall issue. One of the devices i tried to ping was a NAS which had the firewall enabled eventhough it said "off".

why dont you use LAGG on lan interfaces?