as sir jimp said to my post, for outbound load-balancing it is in the System –> Routing then create gateway groups in the group tabs. pools are not necessary. also try to uncheck default gateway for fast switching. i don't know but for my testing it seems to be effective. :)

ah i see that's why even if i deleted those pools, load balancing is still working fine. :)

Now am still in the process of testing that floating rules so squid will be able to fail-over to another gateway. I cannot get it going following the procedure of sir ermal http://forum.pfsense.org/index.php/topic,15272.0.html. I know you have said that you haven't gone that far yet  but i believe in you and the rest of the pfsense community can achieve it to help more especially newbies like me. :)

hope to read more successful threads about it.

once again thank you for such kind responses.

Yes, I could change the gateways on the Cisco and ASA boxes to specify the L3 upstream switch and do the routing I need on it - but I was hoping it could be accomplished like on the Cisco ASA's by adding an extra route.  It also means using 2 public IP's for the router interfaces on the upstream switch.

I sounds like what you are tryng to do is make the pfsense do something outwith it's control.

in essence the pfsense box is just chucking stuff out it's WAN port. once done the switch is the key and should switch the data to the cisco's. if you want the pfsense box to do this then you need to make it route the traffic via another interface to the ciscos directly and setup static routes there.

what you are doing here is telling the PF box to route all traffic via it's wan interface to the switch. then wondering why the switch isn't routing.

with the static route will get the traffic to the switch, which is what would happens anyway then the switch is sending the traffic to the wan ans not the cisco.

Nope, same issue. But I found a workaround: using opt1 and opt2 interfaces in the failover pool.

Exactly the same as with 2 WANs.
Simply the pools contain more WANs.

Nowadays, almost no-one cares about classful nets anymore, so I wouldn't worry about it.

Firewall –> Virtual IPs.
Create as many additional VIPs as you have IPs.
Then use these VIPs in rules (NAT, firewall, etc)

The default gateway of the WAN.

The loadbalancing/failover doesn't follow the routing table, but the pools you create.
Thus the pfSense itself cannot make use of failover/loadbalance because it only follows the routingtable.

The advantage is that you can use both WANs for outgoing connections, instead of only using one. It would seem faster for most users, since they wouldn't all be sharing a single connection.

Try using google dns or opendns as your monitor and dns servers

In pfSense, you make VLAN interfaces and then assign them however you like. They work like any other interface at that point.

So you could have VLAN tag 01 and VLAN tag 02 setup in pfSense, and assign VLAN 01 as LAN, and VLAN 02 as OPT1.

It's not recommended to mix tagged and untagged traffic on a single interface though, so if your "LAN" interface is plugged into the tagged/trunk port on the switch, it should only use VLAN-tagged interfaces there.

Thanks for the response Jimp, I don't know what exactly you trying to explain to me. However I tried to setup failover to the primary firewall and I follow the procedures here http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x although this procedures the pfsense box acting as a gateway not a router because there is another router setup before the pfsense. Ours are different we don't have router before pfsense, the pfsense acting as router and gateway, so my WAN has the Public Static IP address the same as the WAN2 and it is not working for me.

are you be able to guide me through.

Thanks.

Hi jimp ,
sorry, I just didn't want to add too much noise to the forum…
I'll open a new discussion with more details.
Thanks

Alberto

It's not "that" complicated :)
(In fact it's closer to how the balancer was to be configured in the previous versions… just not with an editor and directly in the config ^^" )
I found an old post of me with a screenshots of such a setup:
http://forum.pfsense.org/index.php/topic,9422.msg53290.html#msg53290

If you're going with VLANs: It doesn't have to be a fullblown manageable switch.
Just 802.1Q support is enough.

So if anyone was wondering, pfsense will not advertise the default route (originate) via RIP.  It doesn't work.  Not even with this hack:

http://www.mail-archive.com/support@pfsense.com/msg11392.html

I added the "-g" and confirmed that it won't advertise to RIP.

Can anyone help me?

@jimp:

You can have multiple PPPoE connections in 2.0, but you still cannot have multiple links with the same gateway.

I have two static DSL connections balancing on a 2D3 box with the same gateway. I realize that if one link goes down I lose both but it does balance.

Adair

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x