what should i do to connect my pfsense to my switch ? (just from modem to WAN and from LAN to my switch) Internet –- Modem --- WAN Port pfSense --- LAN port pfSense --- LAN Switch --- WLAN APs and/or other equipment such PCs or whatever. should i give my PCs in VLAN: LAN static ip dresses or will dhcp do that for me ? About how many device we will talk here? Up to 20 devices I would give all of them static IP addresses and let only for the WLAN and/or VPN service run the dhcp server then. should i allow wlan to access in lan if i want that people can print through my access point ? You will be able to st up a VLAN onl for the printer and let them then connect to only that VLAN too and not to the other VLANs with your private stuff inside. Work with radius and certificates for the private wifi and st up the captive portal with voucher system for all your guests. how can i set up my firewall to do the routing and not the modem ? A pure modem is not able to do a routing job. Only a router will be able to do so. You could try out to bridge that router into the so called bridged mode and let the pfSense then routing tha entire WAN and LAN (VLAN) part. (Would be my way do realize it) only if you own a Layer3 switch in your network, then that switch will be better for the entire internal LAN and VLAN routing it is mostly able to route it with wire speed and this too over all VLANs.

@JKnott: Does your ADSL modem include a router?  If so, have you placed it in bridge mode, to bypass that router? thanks for answer, but router have disabled this option, any other option? [image: Captura.PNG] [image: Captura.PNG_thumb]

OK, great! Sounds like it might work! Thanks.

Solved: Well, now I feel silly.  The printer still had 192.168.1.1 for a gateway rather than 192.168.10.1.

All VLANs are working fine as expected. It is all about the firewall rules setting.

the address 192.168.0.196 is the one that gives me when putting virtual machine a bridge adapter

To solve the adding user problem, I just deleted the user and will use admin for now until PFSense fixed

If I'm understanding your question correctly, the way to do this is to connect via the external IP instead of the internal IP that presumably routes thru the tunnel.  But then you'd have to allow ssh connections thru the WAN interface, which seems like a bad idea.  Why don't you want ssh connections to go thru the tunnel?

Then they are broken or improperly-configured if they are passing broadcasts between VLANs. And proper configuration should not require anything such as "port isolation."

I did this with 8 modems each with 250 Mbps down and 10 and 20 Mbps up and I was able to achieve about 960 Mbps download speed and 120 Mbps upload speed. The reason I didn't see a greater speed increase was two issues, first my computer and router only have gigabit ports on them. I also I was using two cable nodes and that was the physical limitation of their downstream and upstream channels. While this works great on bandwidth speed test sites in real-world scenarios like VoIP and TLS connections it is better to using one WAN which I believe there is a setting for. One of the issues that I had was I had to manually increment the MAC address on each interface as I was using a switch as a wan aggregator using VLANs and the ISP (My Job) that I was testing this on assigns IPs to customers by MAC addresses. I later took the modems out of bridge mode and just used the ISP provided modems in gateway mode and just added my PfSense box to the DMZ of each gateway. In the end like others have mentioned it is probably best to use policy based routing and give each over your subnets it's own WAN. On a side note I was seeing near perfect scaling. I believe I posted about this I will try to find that post. If I find it I will add the link below. https://forum.pfsense.org/index.php?topic=126468.msg698424#msg698424