If the latter you are going to need a third router. One that has both WAN subnets on interfaces and freely routes between them. It would be taking the place of "The Internet."

Hi Derelict,

Thank you so much. It works.
Cheers

when either 1 or 2 of the 3 wan is/are down, still the remaining wan should work

Will do  Derelict, thanx very much for your Expert Help…....  :)

Do you have any 1to1 nat setup?  If you assign that gateway to a pc and do a whatismyip which gateway shows up.  You really need to provide a detailed representation of your setup if you want someone to help.  People are not going to waste their time playing 20 questions.

It will be even the best method to ask one thing and then the next one, that all things would be able to be clear
as possible to all users here in the forum. To ask all questions in one thread would be nice to in some situations
but often it makes things more complicated for everybody that is involved except your self. Only my 2 cents.

If you have three WAN interfaces and one LAN interface and you would not lead the LAN clients over specific
WAN gateways, auth. by their MAC addresses, this will be two different things in my eyes, but able to realize
for sure, but what I not understood is the following, why you want to filter at the WAN interface the MAC
addresses coming from outside? As I was understanding it you will be identifying your LAN clients by
their MAC addresses and route them then over a specific WAN interface or gateway. Can you please tell
something more about that.

In normal you will be setting up pfSense as the following for that actions in my eyes;

create three WAN interfaces and gateways chose a proper load balancing method for that
– Policy based routing
-- service based routing
-- session based routing Install Squid with user auth. and create for each user an account and set up there the MAC address.
(alternatively you will be able to deal with internal static IP addresses, thats also able to do) set up the failover rules
(please note, if both other WAN connections will be stopping their work all your traffic will be running over
the last one and also the Apple TV over the SAT connection if this will be last working one)

I would try out policy based routing in your case and then over MAC auth. and then if one or more WAN
connections are failing all the clients would be able to route over the last one, that will be not able to do
if the MAC address is bounded to one specific WAN interface as I know it.

sample rules for load balancing and fail over (over the forum search function)
nice HowTo for a multi WAN setup (little bit old but good explained with many pictures)

Of course.

You can get around this by doing an outbound NAT on the 10.0.14.1 (VLAN1) interface so traffic to 10.0.14.6 appears to come from 10.0.14.1 which eliminates the need for the return traffic to be routed.

@chocoboss:

But don't know why I can not unset default route, is that normal ?
Every time I unstick default getway boom it automaticly reset as default.

There is no such thing as having "no default route" using the GUI in pfSense AFAIK.  The default gw would only affect traffic originating from the firewall itself as long as you are using Gateway groups (Policy-based Routing). So if you uncheck your default gw it will assign another gw as your default.  This is expected and normal behavior.

Have your ISP route a subnet to one of your WAN addresses.

You can then assign that subnet to the DMZ interface and firewall on WAN as desired.

Hmm.  I wonder if gateway switching would resolve my issue of not getting syslog notifications when my primary wan goes down at one client.

10.0.0.0 10.10.10.2 UGS 230404981 1500 bge1
10.10.10.0/29 link#2 U 10388774 1500 bge1
pfSense link#2 UHS 0 16384 lo0
localhost link#5 UH 178 16384 lo0

That is how the routing table looks.  What does Link# correspond to?

Just make sure to assign the gateway group to the rule!

Not currently. You can create a parallel tunnel on the second wan and disable it for manual failover.

I think the problem is you need to switch your netgear  to route mode instead of Nat mode or disable Nat as it implies a firewall and will not route!  Like the other said you need to disable firewall on netgear.  You are better off using a separate interface and assigning that interface on the pfSense.  Switch the netgear ap mode then you have more granular control of your other subnet and don't have to worry about double Nat