NAT on router #2. Don't on router #1. There isn't going to be anything resembling "seamless" failover. All existing firewall states on Router #1 will be useless.

No inbound connections will be possible into router 2.

Why would the number of users matter??  It matters how much bandwidth their sessions are pushing..  While yes at some point the number of sessions could come into play.  That is not going to be your issue.  Your isp limits you to 1 gig.. Connecting multiple devices because they gave you a switch is not going to get you above 1 gig..  If you think that is the case give it a try connect multiple devices and all load them up do you get 2gig, 3gig, 4gig all the way up to the number of your ports?

@rogeriosilva:

We tried to use 2.3.2-p1 version on Windows Server 2008 R2 Hyper-V, but this PFSense version does not recognize this virtualizer IDE virtual controller. We also tried some previous versions, but we also had some problems on PFSense installation.

What do you mean by "not recognize"?
Could you provide a screenshot?

And by the way, with 2008 server you should use only fixed size .VHD, not dynamic one.

Added the rules, works now. Thanks!

I have a simular question, I just want to use both at the same time and have both access each others LAN (both have the same multiple VLAN interfaces)

Well i wanted to get around double NAT (some of my server do not like this) and have only servers and such that are on that server to route on there, everything else goes to the main.

Main reason i want a router there is that it would be done on the CPU

I think I've gotten a bit closer… added a virtual interface for the OpenVPN tunnel in question, which should open the door to doing failover in the usual way. The OpenVPN connection would always be up (as opposed to started when needed), but I can live with that. Will see if I can feel my way through it.

I'd still appreciate hearing from anyone who's done this before, though!

Anyone ?

Better use Squid and Squid Guard for the purpose.

This much of information regarding your issue is not adequate to give a solution.
Post your firewall rules for LAN and WAN (both), 'General Setup', 'Routing' ('Gateway' and 'Gateway Group').

Hi Johnpoz,

Forgot to mention that this pfsense is a VM on a xenserver host.

Regards. Thanks.

Thanks for the suggestion - tried it.  As soon as I assign the WAN (DHCP, or anything else) interface to the PPP group, it flips the WAN interface back to PPPoE and all the credentials are back in there.  Checking the logs, 4 logins again.

No Joy.

I have changed that and I think that the problem come from the wan interface or the router config.

This logs can be helpful?

Oct 3 15:06:42 dpinger WAN_PPPOE 192.168.144.1: Alarm latency 0us stddev 0us loss 100%
Oct 12 09:50:42 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 192.168.144.1 bind_addr 88.12.18.122 identifier "WAN_PPPOE "
Oct 12 09:50:44 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 192.168.144.1 bind_addr 88.12.18.122 identifier "WAN_PPPOE "
Oct 12 09:50:47 dpinger WAN_PPPOE 192.168.144.1: Alarm latency 0us stddev 0us loss 100%
Oct 12 10:36:49 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 192.168.144.1 bind_addr 88.12.18.122 identifier "WAN_PPPOE "
Oct 12 10:36:52 dpinger WAN_PPPOE 192.168.144.1: Alarm latency 0us stddev 0us loss 100%
Oct 12 10:37:07 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 192.168.144.1 bind_addr 88.12.18.122 identifier "WAN_PPPOE "

Whay do you think?
Oct 12 10:37:10 dpinger WAN_PPPOE 192.168.144.1: Alarm latency 0us stddev 0us loss 100%

lan gateway firewall rules was all i had to change

[root@pfsense]/root: netstat -r Routing tables Internet: Destination        Gateway            Flags      Netif Expire default            d5101.static.t.org UGS        em0 ... ...

Seems like something at layer 2 such as RSTP might be more appropriate in that case. You are changing layer 1/2 - not 3.

There are HA and failover capabilities included. That they do not fit your particular use case/ISP method is secondary.

This thread is woefully short on details from the ISP regarding what is really going on.

Hi Team,

I have done dual wan connection in pfsense using load balancing but i cant use both network at a time.If wan1 is down after that only i am able to access 2nd wan. Is any idea for this to resolve.