I think this is normally defined under Firewall-NAT-Outbound rules.  You can edit the "Auto-created" rules to do what you want as well.  (Assuming you have already created your 192.168 networks and assigned them under Interfaces)

Hello anyone has idea on how to do this?

What is it that isn't working?

Thanks!

Thanks for your responses. Our current setup in a nutshell: • Just running Trunk VLANs from the switches (Dell PowerConnect) all the way up to the pfSense VM. • Each physical ESXi NIC port is tagged so it can carry all the VLANs. • Each VLAN has its own vSphere Port Group and pfSense has a dedicated vNIC “Trunk” with VLAN ID 4095 and then we create other interfaces on top. • Single vSphere vSwitch on each host. The edge router is our upstream provider gateway. The WAN optimization appliance apparently requires 2 x vSwitches (LAN and WAN) however our WAN uplink is just an access port on the switch and then an interface on pfSense VM. It does not run on a separate vSwitch. What is the best method to set this up with the In-line mode?  

Am I allowed to run a command like the following? ip route add default scope global nexthop via 192.168.3.1 dev em0 weight 1 nexthop via 192.168.3.100 dev em0 weight 1 The above command works in the linux version if you first run ip route del default and replace em0 with eth0. How is the same done in pfsense? Alternatively, how about using a pfsense VM to make the one NIC look like two virtual NIC's with different gateways associated, and a second pfsense VM that does standard multiwan?

Hi johnpoz, thank you very much for pointing me in the right direction. I will check out Suricata and Snort inline. I was not aware of such an inline mode (which sounds very promising) and the default configuration of snort in pfsense felt more like adding a clever sniffer on some interface. I will keep you updated - if someone has other ideas for this scenario, please let me know. Cheers, Mario

Let me get this right… You have bunch of isp devices connected to a "dumb" switch?  And now you have that connected to 1 wan interface on pfsense?  And you want to put a bunch of different networks on your 1 wan interface? Get yourself a smart switch and setup vlans for your different ISP connections.. Then setup vlans on your pfsense wan interface..

Initial signs are that unselecting the sticky connections did the trick. Thanks! I'm still learning. I thought the sticky connections enabled the load balancing too… didn't realize it'd still work without it on.

hi guys, I am interested in this topic (link bonding) as well. Are there any news?

This is something like that : [image: images?q=tbn:ANd9GcRlBNI59fr9yDsvkNFxIUpiRi7GAf-5tkEVZAKOlBLCT8eqk3BD] ESXs are both clients and servers for shared Data. It's all about EMC ScaleIO SDN (Software Defined Network). This is a competitor to vmware VSAN. The main advantage is that the client dont need to be an ESX but can be any Linux/Windows/vmare host. Same thing for the servers. Pretty nice scale out SDN. So far the main concern is cost. PS : the config is ok now using linux gateway and pfsense is now located on a ScaleIO SDN Datastore ;)

So they can not just tag the other network range with a vlan ID? Look for a better isp would be my suggestion.. Your switch solution works - but means your running those different layer 3 networks on the layer 2 connection from you to them.. How many other customers have different IPs on this layer 2?  Be interesting to sniff and see how any different IP address via broadcast/arp

Hi V3lcr0! You are absolutely giving me good info. When i connect to vlan 5 i dont reach internet. I get an ip 192.168.5.100 wich is correct. And i can log on to pfsense 192.158.5.1 + unify controller My switch stops traffic to other nets, and in unify controller all ap's are disconnected… When i go back to my normal wlan the router dont change ip, i get the 192.168.5.100 i stead of 192.168.0.100. So then i connect with a cable and get my 192.168.0.100. And then in controller ap's are adopted again except the one i have tagget out from router vlan id5 I have 2 wans, but i only use one due to difficulties to understand this, first i need t get this vlan5 work. I see pacets from the net when capturing vlan and LAN while on vlan5 From "normal" wlan i reach internet easy, but not from the wlan id5 I also got some help from ubnt to controll switch setup and controller setup for VLAN5 and wlan on tag 5 so i think it is OK now. Yes rebooted pfsense also, no change. I really dont know the next step... shit...

Could be anything at this point…to dovetail Wroxc...maybe connect a PC before each switch(starting with your LAN) to narrow down your problem. Did you add rules to VLAN interfaces? Did you add VLAN interfaces? Are you getting leases? Firewall logs? Switches tagged correctly?

@jimp: There are other load balancing and multi-wan options there. And System > Routing has no options page. Though at some point the options will reach a critical mass and warrant a "Settings" tab under System > Routing rather than being lumped under Misc. Also that setting is known to be broken in certain cases (especially with a PPPoE WAN) so we don't want to encourage its use. Hi!, I know this is an old post, but couldn't find information as specific like this. If the gateway switching is not desired, how do you set the alternative gateway for the firewall itself?, I'm running PPPoE as a second uplink