is it a proxy that requiers authentification ?

Question not clear.  pfSense is a multi-function firewall device, so it does not create a connection to the internet.  It only filters an existing connection to the internet. If your laptop does not have a wired ethernet NIC then you can use a USB CAT5 adapter, and then connect a CAT5 ethernet cable from that adapter to the pfSense box.  You could also connect to the pfSense box via wifi if your pfSense box has the proper wifi cards installed and configured.  The pfSense box cannot run on a USB flash drive; it needs to be installed on an actual computer. As far as internet, normally a pfSense box is plugged into the network right behind your cable/DSL modem or fiber ONT. It sounds like this isn't the solution you're looking for, and you may need an IT person to help you with this because it's easy to mess up and end up with no internet access.

I don't know but I can give a hint in the right direction: You have to use the "Services > Dynamic DNS" page in pfSense (https://pfsense/services_dyndns_edit.php) and select "Custom" as the Service Type. This page has lots of examples that may help you figure out exactly what values to put in pfSense: http://dyndns.it/guide/

What do you mean by "full backup"? Just a copy of config.xml? Or did you attempt some sort of full-disk image or archive? From the little output you have shown, it is missing a kernel package somehow. You can reinstall one easily. If it is a normal installation (VGA console), run: pkg install pfSense-kernel-pfSense If that doesn't help, post the output of this command and we can see what else is missing: pkg info

No, that is not possible. You have to use CARP for preemptive failover. You cannot trigger a firewall to fail because a WAN failed in the way you describe without using CARP. And even then, that only covers a physical failure not a gateway failure. You need to setup a proper HA cluster with the same WAN(s) connected to both units. It doesn't matter if the brands of the firewall don't match, you can still use HA on there with CARP, the only limit might be that you can't use pfsync for state synchronization.

@remlei: vlans wont work, since im not using vlan on wan interface. its a untagged traffic. and all wan interface connect to same untagged traffic. Well, that is completely broken idea as noted above, plus frankly, if those 3 PPPoE WANs are using the same gateway, you will just get an unsupported setup broken in various more or less cryptic ways, VLANs or not.

There is currently no API or method for central management. XMLRPC from High Avail. Sync is as close as you'll get with what is built-in currently. We are working on one, however, but it's not yet available.

Create a new LAGG with only em2. Create VLAN tags on that LAGG. Then reassign all interfaces to the new VLANs on the LAGG. Once nothing is assigned that uses em1, delete the VLAN tags from em1 and then add em1 to the LAGG. You'll probably have to adjust the switch at various points along the way if it isn't smart enough to know when the port should/should not be used in the LAGG/LACP group.

Darn it I found the problem! I had entered a VIP on the interface with a netmask of /24! Doh! I've removed that and am now somewhere nearer getting it all working. Thanks for the help. Bails

Somebody know how fix this error?

So does the router have to be on its own port or will it work off my current switch?

@johnpoz: "VLANs are not for isolation or security" "just use the firewall rules to block attempts to communicate within the network" Huh??  Vlans are very much so for isolation and security ;)  When your route the vlans through a firewall like pfsense, or via a L3 switch with ACL's applied.. How exactly is the firewall (pfsense) going to stop devices in the same network/vlan from talking amongst themselves? Hah :) Wow, that'll learn me for drive-by commenting. No idea what I was thinking in regards to those two statements! Disregard..! But the inability to scale well for this scenario still applies.

In my example, I was pulling the cable from WAN2 port which is not the default gateway. When this occurs, I can't log into the GUI so I am actually establishing a new connection to the GUI. My WAN2 connection is a satellite link which has high latency to very high latency. I have attempted to change the monitoring settings to compensate. Nevertheless, the alternate WAN2 gateway can get marked down multiple times a day and sometimes multiple times an hour. But again, this is not the default gateway. Perhaps I should attempt to adjust it more. Currently have WAN2 removed and just running a day or so without it in the mix and see what happens. Thanks for the information, this certainly gives me something else to check. At the end of the day I hope to have the DSL on WAN1 and the Satellite link on WAN2. The only time WAN2 gets used would be if WAN2 goes down. I know it's not ideal setup but we are out in the middle of nowhere and that is all we have for Internet. No Cable anywhere in the area. Mark