Your problem description is unclear. Load balancing doesn't set bandwidth. However: You can adjust the gateway weights in a load balancing setup. You have a combined upload of 17Mbps with 88% on one circuit and about 12% on the other. Dividing each by 4 brings you to 22 and 3 respectively. Try setting those values on each gateway in the advanced settings as the Weight. This is not perfect as the system has no way of knowing how much bandwidth a given connection is going to use when it is established and the route is chosen. It also has no way of knowing whether the connection will be used to primarily send or receive data. This algorithm will establish 22 states on one circuit and three on the other for every 25 states created. Sticky connections should also override this. Should help at least little. Note that your download is split 60/40 so this might result in under utilization of the 10M download. You might want to skew them toward something between 88/12 and 60/40. Like maybe 70/30 (weights of 7 and 3). See Also: https://portal.pfsense.org/docs/book/multiwan/policy-routing-load-balancing-and-failover-strategies.html#multiwan-unequal-cost If you have known traffic that generates uploads you can make another gateway group that fails over from the 15/15 to the 10/2 instead of load balancing the two. Policy route that specific traffic to that gateway group then policy route everything else to the load balancer group. If the 15/15 happens to go down, that traffic will use the other circuit.

@boulate: My idea was : If "4g Modem (192.168.0.1)" can respond to "Pfsense client (on 192.168.0.100)", and if "Pfsense client (on 10.0.2.1 and 10.0.200.2)" can respond to my "Poste de travail local (10.0.1.1)", the it must be a rooting problem only on the "Pfsense client" no ? It works similar to this. If your PC in 10.0.1.1/24 sends a packet to the 4G modem, the packet has the source address 10.0.1.1 and the destination IP 192.168.0.1 when it arrives at the modem. Since you have a site to site VPN, the VPN tunnel network itself is irrelevant here. The packets are just routed over that subnet. So the 4G modem will send its response to 10.0.1.1, but since this address doesn't fit to any of the subnets on its interfaces and it has no special route for this host, it will send the packet to its upstream gateway. Presumable that's the internet provider. However the modem will response correct to the pfSense clients WAN 192.168.0.100, because this is a subnet connected to its own interface. So let's do NAT to get it work: Go to Firewall > NAT > Outbound, if the rule configuration type is set to Automatic set it to Hybrid or manual and hit save. Then add a new rule with interface = WAN source = 10.0.1.0/24 destination = 192.168.0.0/24 (or any if you also want to access internet hosts over the VPN) translation = interface address Save it. This NAT rule will translate the source address in packets coming from 10.0.1.0/24 to the clients WAN address. So your modem will send responses to that back to the client pfSense and this one will send it back over the VPN to the PC 10.0.1.1.

Thanks Derelict for the response. Yes I think go with first option. I'll enable  pass any rule in the WAN interface. I think I'll not opt for second option as I'll be using captive portal for LAN A users and later I am planning to introduce Traffic Shaping to prioritize VOIP. Thanks Ashima

Can u post screenshots on your configuration? I want to do the same but something is not working.

My mail server sits on an internal lan with a address scheme of 192.168.10.0/24. I have a NAT rule that associates one of my public IP's to the mail servers IP. As an example the NAT rule looks like this 62.62.62.62 -> 192.168.10.62. I then have rules on the WAN interface to open up the FW for the ports i need for my mail server (25, 465, 143, 993, 443) these rules all have a destination of 192.168.10.62. The static IP's for the mail server comes from the WAN connection which is a static IP connection. DNS is setup to point the domain name for my mail server to the public address of 62.62.62.62 My second WAN connection (WAN2) is a DHCP connection which is load balanced with the first WAN connection. The load balance setup works and I'm able to search the internet fine and speed test result in the results i expect. The only issue I have is i cannot connect to my mail server via the internet. On the internal network it is fine. Please let me know if you need additional information. Thanks, Judd

NOPE No solution to this yet. In fact i feel that while PFsense has matured from a codebase standpoint, it has seriously regressed from a reporting and user management standpoint. I have felt that the PFsense team has never really focused on the user facing reporting, monitoring and telemetry aspects of this platform. Even in the latest release this has continued in that they have even gone so far as to remove the ability to email RRD graphs to administrators. I am forced to look elsewhere for a firewall solution so that I can properly do my job as manager of getway services for my clients.

This issue is solved. The problem was in the virtual interface assigned by OpenStack I dropped the interface and added a new one. After configuration in pfSense the interface works fine.

This issue is solved. The problem was in the virtual interface assigned by OpenStack I dropped the interface and added a new one. After configuration in pfSense the interface works fine.

+1 I also tend to receive multiple mails. Known bug: https://redmine.pfsense.org/issues/4031

You can do this without RIP, it's far cleaner and more secure.  After disabling RIP, the trick is to add a return route from the pfsense box, back to the L3 switch.

Sorry for the late response, i did not find a solution, but it doesn't really matter anymore since the school project is at the end. Thanks though for all the input!

thanks for the responces, I'm attaching a drawing of my network. If my question is a dumb question, keep in mind I'm mostly a coder but because I'm the GM of a small software company, I am the defacto network administrator, even though it's not my strength. There is no real good reason to have the VM on network 192.168.1.0, but the test cloud infrastructure does need a seperate network with access to the internet. to the best of my knowled there is also no need to have the PFSense FW on the network 192.168.1.0. Originally the swith had a static route to ip 192.168.3.2, but when the cloud infrastructure did not have access to the internet I added the 2nd LAN to PFSense and VM to make easier to test and trace the traffic. Again thanks for the help!! Carlos [image: network_design.png] [image: network_design.png_thumb]

Yes, update is important.  I am not familiar with Cyberoam devices but I am 100% sure that with a proper load balancing setup you can achieve the combined bandwidth using pfSense.

Okay, then. Post the logs.

I finally realized that it was default LAN Firewall rule that was only allowing packets from a LAN subnet IP address.

Add a Pass rule on your wifi interface to allow access to the printer's IP address on LAN. https://doc.pfsense.org/index.php/Firewall_Rule_Basics https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

post screenshots [image: screencapture-177-159-238-186-8443-system-php-1477333405652.png] [image: screencapture-177-159-238-186-8443-system-php-1477333405652.png_thumb] [image: screencapture-177-159-238-186-8443-firewall_rules-php-1477333444573.png] [image: screencapture-177-159-238-186-8443-firewall_rules-php-1477333444573.png_thumb] [image: screencapture-177-159-238-186-8443-system_gateway_groups-php-1477333344724.png] [image: screencapture-177-159-238-186-8443-system_gateway_groups-php-1477333344724.png_thumb]