Nobody has an idea to do this?

Yes, you can. Setup a DynDNS hostname for each unit, and then use that hostname in an alias. The hostname is resolved periodically and updated in the background.

I found a problem..my dlink layer3 switch is not properly configure to route inter vlan. i already set the logical interfaces as posted in the previous post. and a route 0.0.0.0  0.0.0.0 192.168.3.254 <–-- pfsense. I tried remove the pfsense patch in the switch and expecting to recieve a dhcp lease from vlan2, i am connected to vlan3 but it can't recieve IP address from dhcp server located in vlan2. do i have to enable routing protocols on this layer3 switch? I don't know how.

Actually, it (pfSense 2.1) DynDNS works as a failover  in this respect, properly updating to tier 2 if tier 1 is off. And than back to Tier 1 if it is back again

I have a similar setup and went through the same exercise.  However, I migrated over all of my inbound connections to the static IPs on the business side.  If you want to do all of this balancing and round robin, you have some work ahead of you. First, create an Interface Group for both WAN connections.  Interfaces->(assign)->Interface Groups.  This will help you when you create one set of rules for both WAN interfaces.  No need to create the same list twice. Now create a Gateway group for both interfaces, and each should be set to the same tier (Tier 1 is set by default, I think).  When you set them at the same tier they load balance as well as acting as a failover.  System->Routing->Gateway Groups. You should now be able to go into your firewall and all the rules to the newly created Interface Group.  Open a rule, change the interface to the group and that should take care of it. (http://doc.pfsense.org/index.php/Firewall_Rule_Basics) I opted to segment out my LAN into two separate networks–10.0.1.x/24 and 10.0.2.x/24.  The former is for the residential stuff and the latter for the business stuff.  All LAN connections, receive a residential DHCP lease and route through that gateway and the business network is all static IPs with no DHCP.  The reason I did it this way is because my ISP (cable company) will allow you to watch TV on an iPad but only through the residential IP address.  I didn't need TV/Phones for the business, so I don't have that feature. That should give you at least the basics to get you started in your multi-WAN adventure.

@bandrulle: @unguzov: Maybe my post will help you: http://forum.pfsense.org/index.php/topic,57512.msg307951.html#msg307951 Yes, testing VIP and outbound nat now. seams to be just what i want to do :) Just remember to add your VPN networks to Outbound NAT or you will have no internet when make VPN to pfSense.

Hmm, hard piece to solve. I must say, that i don't have a glue

Thanks.  The Policy Routing worked.  I essentially created a rule under the firewall tab, choose the Lan tab, and designated my DVR to use a specific gateway of my chose. Thanks and blessings, Steve

Now, the AP with bridge can ping to pfSense  ;D The OPT1 and LAN must be in the same subnets. PfSense works like a switch and the problem comes when many interfaces with different subnets getting into the same switch. There is another problem comes when I connected client to the AP (OPT1), the client has received DHCP from WAN. How to make the client received DHCP from OPT1?

Thanks Dhatz, That's what I was thinking too. I guess it's off to the test lab!

@nefkho: hi, i have redo everything VLAN 5 > pfSense with 172.16.6.14 Trunk 172.16.6.0/28 GW 172.16.6.1 Tagged - change it to untagged GE1 VLAN 10 > AP's Trunk - change it to Access 172.16.0.0/22 GW 172.16.0.1 Tagged - change it to untagged GE2 to GE12 VLAN 20 > PC's Access 172.16.4.0/24 GW 172.16.4.1 Tagged - change it to untagged GE13 to GE19 VLAN 30 > PC's Access 172.16.5.0/24 GW 172.16.5.1 Tagged - change it to untagged GE20 to GE24 in pfsense > System > Routing > Routes, i have added 172.16.0.0/22, 172.16.4.0/24, 172.16.5.0/24 with gateway of 172.16.0.1 i can access the pfsense web gui and i can ping vlan gateways and pc from pfsense but my pc can not ping the pfsense and i can not ping google.com? thanks, Workstation should have DNS pointed to the ip address of your pfsense  :)

tcp md5sig support isn't available at this time, that's why it fails on those config lines.

No problem! It was my pleasure! I love Pfsense! Always will!

Okay, well does anybody know where I can find step by step instructions on setting up a virtual internal only network. I'm trying to use Virtualbox, pfsense, and windows. Any help would be greatly appreciated as I have been unsuccessful on making any sort of progress on this build. As it is right now I can still arp -a and see all machines, but the only device any of them can ping is the pfsense router (i.e. they can't ping eachother). Eventhough they can ping the pfsense router they can't get internet connectivity through the router. Pfsense is set with Bridged and Internal. All other devices have internal only. Just so you know, I do not have any network certifications only a couple of microsoft certifications, so please don't assume that this should be straight forward because it isn't.

Hello, no suggestions about how to configure rules pointed out above? Thanks, Luigi

Hate to bump threads, but [image: relevant6pzer.png] So, are there any updates on this?  :-X

Abdsalem , thank you very much for your reply! I meanwhile foudn the error: On Firewall: NAT: Outbound the manual rule creation was enabled (needed e.g. if one wants static ports, useful for VoIP). There I only had rules for the normal WAN interface, duplicating those rules and replacing the WAN interface with the failover interface made everything work :-) Also one doesn't need the gateway group and WAN_FAILOVER group as gateway in the firewall rules when having only 2 WAN interfaces. I guess those options are for more advanced things, e.g. 3 WAN interfaces where it isn't clear which one shall be used when the primary one fails.

solved. my fault was that 8.8.8.8 was the monitor IP for 2 WANs. The monitoring IPs have to be different, because a static route is added for each monitoring IP. When the same IP is used twice, the static route that is generated first is overwritten by the second generated static rule for that IP. Edit: Not sure why this is a problem - shouldn't that accidently always show both interfaces/WANs up? In my case one is always shown down…