Right now both links are from the same ISP, fibre + WiMax. In the near future the secondary link will be switched to another ISP.

We'll be doing some tests with DNS failover (not load balancing), we'll see how it goes…

The vlan interface names on 1.2.3 (vlan1, vlan2, etc) have no correlation to the vlan tag. If you have four VLAN tags setup, you'll have vlan0..vlan3.

On pfSense 2.0 the interfaces are renamed to reflect the proper tag and parent interface. For example if you have vlan tag 20 set on bge0, it gets named bge0_vlan20.

Maybe i'll travel around a globe someday, but not today. there is no way that personal budget can stand that kind of investment.
Good that it was solved. Can you tag first post subject field with [solved] or similar

ok will try. thank you!

It seems that the latest fix was the real one

You are posting in the "English" section of the forum ( not spanish )

Which version of pfSense are using you ?

Have you checked / readed the Docs ?  http://doc.pfsense.org/index.php/Main_Page

Have you used the "search" option before post ?

estas posteando en la seccion en ingles, utiliza ese idioma

con que version de pfSense estas trabajando ?

Consultaste la documentacion ? usaste el buscador antes de postear ?

Saludos

All you did is ok.
The rules are applied from top to down.

So if there ist traffic with destination port 80 and 443 your rules for GW1 will be applied. All other traffic will use you GW2

update !

atleast to a stable 1.2.3 release , but i'd suggest you try the 2.0 latest rc3

You don't have to have nat on servers, but if you do it would be easier to access those servers in same subnet. create a virtual pfsense machine to see what it's capable of or try to read documentation. then you see that this product can do almost everything except brew coffee or shave my beard

with filtering bridge you should use 3 interfaces for management. filtering bridge is transparent in network means, so it has no ip-address to show to clients ok as usual using search helps a lot and ofcourse documentation wiki helps with how-to's and tutorials. you can block websites with transparent squid+squidguard

that subnet from where you want to ftp trafic to go out, usually lan.
but if you have like opt3 from where you want to trafic to go out then you should change the rule to opt3 interface and any other concerning things also

you should not use ap in modem, you should have wireless nic in pfsense or other ap device after pfsense to get that desired protection

I repair it whit LAGG ;)

INTERFACES -> LAG

yeee!  Thanks
;)

Read here of Maximum Transmission Unit

great then

@stramato:

@Nachtfalke:

Or just use Captive Portal.

+1

Then authenticate your Captive Portal using RADIUS.

Step 2 would be to setup NPS in your Windows 2008 R2 machine and add the pfSense machine as a RADIUS client.

Step 3 would be to create an Active Directory group, call it something like "pfSense Users" then use that in your NPS Policy.

There are a bunch of steps really, you can get this thread moved to the Captive Portal section of the forum

I apologize for the late response. I really need to check this more often :-X. I've looked at that option before, and its not that were simply trying to give control user access. We need to be able to have different ACL's for different users. E.G. an account for students, teachers, and administration. With each account having different access rights, kids are denied access to youtube, teachers allowed access to youtube, but denied spyware, etc. Currently i've got NPS setup on the Server 2008 machine and squid is authenticating against that. I'd like to be able to "pass" the username and password from the captive portal to the squid server. Or, if their is a way to authenticate squid with a web page that'd work to. The problem is our teachers aren't all "tech savvy or even tech comfortable, its terrible". The proxy authentication window in windows xp throws them off. If it can't be setup like this, thats fine, they'll live. I'm just looking for something that's a bit more streamlined and easy for them.