Hi vitafit, The solution that jimp provided works for me for multi-wan with a single GW for all of the WAN IPs. Here is the link that helped me get it setup. To the ISP, they will see the same MAC for all of the WAN IPs. https://forum.pfsense.org/index.php?topic=64682.msg381403#msg381403

Hey Follow this article http://forum.ovh.co.uk/showthread.php?6507-ESXi-pfSense-and-failover-IP Tested by me, works perfectly, and if you want to block internet for LAN users, just add necessary rule on your firewall.

did you found solution about this? I'm also trying to configure a policy based routing with NAT but seems that if you apply a route-to to a flow, the NAT is not applied. Solutions?

Ok, many thanks KOM! I can't perform an upgrade of pfSense to current version since the hardware machine is very old, and the next month all datacenter will be renewed  :). So, I don't want to risk an upgrade now  :-\ and simply I want to maintain the situation as it is…

Glad to hear you got it working.

:)Thanks a lot. Really appreciated your comment!

This happened on two different companies, but with the same scenario, my advice is  configure a static route on RDP server to route through the MPLS directly, or use site-to-site VPN.

OK, adding each VLAN subnet in the Static Routes section is doing the trick.  I had to add a rule to allow ICMP on my LAN side, so now I can ping both ways. Woot! Now to play with content filtering.  pfSense is sooo much better than Endian.

As they say, if it ain't broke, don't fix it.

What is this WAN DHCP Address versus the WAN Internet Address?  Your modem should only have one WAN address, no?