There is no way to do what you describe. If you post the link, we can offer further info.

Had to change the baud rate for my serial console in my BIOS if anybody else is having this issue.

So I have added multiple nics both physical and virtual to my esxi host and to the pfsense vm. So depending on what vswitches you connect your physical too and then how you assign them in pfsense doesn't really matter.  You can assign whatever nic you want to the lan, or opt, etc. So when I first brought up pfsense virtual it had em0 and em1 – I then added 2 more virtual nics in esxi.  em2, em3 -- see how assigned in screenshot attached. The you can assign them to whatever vswitches you want in esxi, does not matter if physical nic on this switch or not - for example my dmz vswitch does not connect to the physical world.  But pfsense sees it as interface on my lan, etc. When you add new virtual nics to the vm, reboot pfsense and it will see them - then you can assign them however you want in pfsense. [image: assign.png] [image: assign.png_thumb]

@elgaup0: Thanks guy's problem solved. I have deleted the failover rule, added general pass rule, then failover rule. now i can ping hosts. Your "general pass rule" needs to not be too general - it should be like suggested by Johnpoz and myself - just for destination "local LAN subnets". If it is very general and matches destination any, then that rule will pass everything, and no packets will get processed by the next rule into the Failover gateway group. Just suggesting you check how "general" that rule is and that your Failover actually works when 1 WAN goes down.

@stephenw10: Yep. Though I fully understand why you might be hesitant to try it in the middle of a work day when the box has an undiagnosed issue.  ;) Steve Sure, but if the thing is really breaking every single day anyway, I'm honestly confused as to why he hasn't just turned it off at a failure point.  Either the backup box will work or it won't.  Better to find out now than later when the first box flakes out permanently.

Thanks for your help and clearing this up :)

@johnpoz: No in your host over rides in in the dns forwarder on pfsense. Much obliged, I'll try and report back. /Jim

For doing anything on a timed schedule, simply install the Cron package. Then you can use the GUI to add Cron jobs/commands to do whatever (reboot…) at the times you want. Of course, if it is another device that you want to reboot then it has to have some way to trigger a remote reboot rom a FreeBSD script running on pfSense. I suppose it would be quite possible to enhance the gateway advanced parameters so that custom actions could be invoked when a gateway alarm went off (apinger alarm). That would be a feature request - describe in more detail what things you would want to be able to do and if there are enough people who would use something similar then someone might take it on.

Not quite sure what gateway you are referring to here. The normal situation is: a) Each WAN will have a gateway, which is the upstream IP address of the ISP router (either set statically on the WAN interface settings or received from the ISP via DHCP on WAN interface). b) Each LAN will have an IP address on pfSense in a different private subnet. That IP address will be given out as the client gateway by DHCP server on the LAN to DHCP client systems that ask, and any clients on the LAN that set their IP address statically will (shoudl) also statically set the pfSense LAN IP as their gateway. A LAN on pfSense will NOT have a gateway specified on its interface configuration page.

^ exactly!!!  Right on the button perfect answer, couldn't of said it better myself ;)

A general yes, this is doable.. You will probably spend some time setting this up. So if you are easily frustrated… brace yourself :-) But after setup -  you will have a robust system. Both stabil and very secure.. Not exposing any ports etc to they outside world :-) I'm using Alix 2D13 with pfSense 2.1 myself. ... I'm digging abit for you here.. You can block web sites. Se here; http://forum.pfsense.org/index.php?topic=43837.0 DHCP with assigned MAC locking IPs is possible. Address reservation - or better, use a DHCP with IP-pool. (i.e. 192.168.1.200 - 192.168.1.240) Then use the other IPs for permanent IP-MAC reservation. Content filtering are some tips here; http://forum.pfsense.org/index.php?topic=64432.0 Hope this helps :-)

Could anyone explain why the process wasn't working via the webGUI or if I was incorrectly configuring the bridges in the webGUI ?

Can you confirm that this only affects the 'wifi' subnet and not the main subnet? If so, you might have to screenshot the floating rules, outbound NAT and interface rules for us to look at. Seems like something isn't going right somewhere.

Close the question. I AM SO NEWB. I had an old pfsense who kept rebooting by itself due to hardware issue. So I changed it but left the old one there but close. After a electricity breakdown, it went back by itself. So what I was hearing was the old one rebooting. Had to switch from nanobsd to full to realized that. While the new pfsense was shutdown, I hear the startup sound. DAH!!! Thanks for your help guys…. sorry

You sure??  I don't see your 223.134 in the trace?? 17  212.73.252.6  131.313 ms  127.157 ms  131.363 ms 18  93.176.93.105  132.265 ms  132.466 ms  130.824 ms 19  62.116.200.129  140.069 ms  139.443 ms  139.987 ms

Thanks for the replies / guidance on this.  I think it was ultimately a matter of questioning myself on a better way of doing it, although I suppose there is some pride to be taken in a well-defined ruleset.  ;)

Is the clock on your system OK? If the GUI and SSH both break the most common shared cause would be a broken clock on the system that causes cryptographic operations to break.