10.0.0.0 10.10.10.2 UGS 230404981 1500 bge1 10.10.10.0/29 link#2 U 10388774 1500 bge1 pfSense link#2 UHS 0 16384 lo0 localhost link#5 UH 178 16384 lo0 That is how the routing table looks.  What does Link# correspond to?

Just make sure to assign the gateway group to the rule!

Not currently. You can create a parallel tunnel on the second wan and disable it for manual failover.

I think the problem is you need to switch your netgear  to route mode instead of Nat mode or disable Nat as it implies a firewall and will not route!  Like the other said you need to disable firewall on netgear.  You are better off using a separate interface and assigning that interface on the pfSense.  Switch the netgear ap mode then you have more granular control of your other subnet and don't have to worry about double Nat

Action: pass Interface: LAN Source: 192.168.100.100 Gateway: wan2 with doing it this way and also having Destination port range set to default (other) with nothing inputted. it wont open all ports to that computer correct?

knight, I too ran into the same issue, but am having some trouble. Currently all traffic is sent over OpenVPN to PIA. I am very new to pfSense (had it a whole 2 days now) and it is not clear to me exactly how to implement this rule. Any help you can offer is greatly appreciated. In the rules i see the following: Action: Pass Disabled: unchecked Interface: LAN TCP/IP Version: IPv4 Source:  Not sure what I should put here Destination: again, not sure what i should put here Advanced Features: many options here Thanks, -Edit Got if figured out and working! The key was to remove the two default rules pertaining to LAN traffic and adding one for the streaming services, and one for everything else. both rules required selected the appropriate gateway in advanced options.  Included are my rules for anyone else trying to figure this out. [image: 0seQZ5v.png]

From the description of your config, it sounds correct, but without screenshots of the gateway config, gateway group config, and rules it's difficult to say what it might be. Also be aware that packages like squid that intercept traffic will only leave via the default gateway since that traffic originates from the firewall and cannot be balanced.

I would consider tagging the internet traffic across the bridges and putting the management of the units on a VLAN interface. I would tag them both but the ubiquiti gear seems to prefer untagged management. Internet source switch: Modem: Untagged VLAN 100 Ubiquiti: bridge Untagged VLAN 200 Tagged VLAN 100 Bridges SSID on Tagged VLAN 100 Management: untagged Remote switch: pfSense: Tagged 100 & 200 Ubiquiti: bridge Untagged VLAN 200 Tagged VLAN 100 pfSense: WAN: VLAN 100 on eth0 BRIDGE_MGMT: VLAN 200 on eth0 10.100.X.X

@mkaliyannan: we have a setup like this :  ISP router with unmanged ports  –-- > managed switch--------------> Single NIC (emo)  WAN.  <–-Pfsense router --->  2nd NIC( em1) ----------> Internal LAN Subnets. I want to know is it possible to configure multiple WAN using VLAN from the switch to pfsense using single NIC ? Like this: https://www.youtube.com/watch?v=zrBr0N0WrTY (single ISP with multiple static IPs)

And dealing with the same thing and I am looking at having a script developed that would monitor the 2 interfaces and kill all states in a specific subnet or vlan to force the to re-register when the main gateway comes back up.

@Derelict: Use an outside switch and two pfSense interfaces. One on 90.182.100.240 / 29  GW 90.182.100.241 and one on  90.182.101.240 / 29  GW 90.182.101.241 I need to add that even this is ugly and really should be two different broadcast domains to two different ISP interfaces. But it will probably work as long as there is not traffic going out and back in the same interface. If there is traffic between the two /29s you will probably have problems.

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing