You can do that. Each mifi will have to have a unique private IP subnet on it, other than that no special considerations. Just like any other multi-WAN setup.

I'm far from a Network expert, but after try lot of "FW distros" (from A to Z), we ended deploying our FW & "pseudo SBC" with pfSense (+ siproxd), it do what we need and is easy to config. Thumbs up for the pfSense team, also the community here in the forum is helpfull.

@stephenw10: I've never tried it but maybe you can import the raw nanobsd image into a VM image? Steve I'm not familiar with XEN but with KVM it's as simple as defining the pfSense image as harddisk. No need to convert anything, it's directly usable.

"run direct multiple robocopy jobs between one VM to another - but VM to switch to PFbox to switch to VM" first question:  are the files used for this robocopy test large?  bigger the better i've found for really pushing your gear.  are you sure your disks can do > 88MB/s?  read and write? second question: when you say vm to switch to PF box to switch to vm - is this one vlan to another (so passing through the PF via an acl or some other 'route')? If not, and the VMs are on the same vlan/subnet:  to rule out the PF  how about going from 1 vm (on host A) to another VM on host B - this would be:  host hardware-switch host.  so still exiting your host and going to a physical switch, and back up the network stack in the 2nd host.  This would eliminate the PF from the path. If you are going between subnets/routing, and if your switch supports L3 routing, give it an IP on your vm's subnet.  edit your vm's routing table, set the gateway for the other VM's subnet to use your switch instead of the default gateway (PF) with no acl, just straight open route.  how is that speed?

yeah, you'll need to define 'connections' even failed remote login attempts to the firewall are a connection (ack) if this is more of a "once XYZ interface hits XX Mbps" and if it is safe to assume you have a server/pc on the private side of your network, then fetch the free version of this: http://www.manageengine.com/network-monitoring/  the free version is full featured and does up to 10 devices, defined as IPs, so the single management IP of your device would only count as one device, regardless of the count of interfaces/subinterfaces/vlans.  do snmp polling of your interfaces and set it to email/page/sms/log based on a given interface or vlan hitting X Kbps/Mbps, etc. note, i'm hoping to get opmanager running against pf, haven't yet, but i use it in other sites and against other snmp capable hardware and software firewalls/routers. if you need to know when an IP behind the firewall is having a series of connections being passed, at a more granular level than just interface or subinterface, then flows (netflows/sflows) model will work.  but that's not free with opmanger.  try prtg for that.  http://www.paessler.com/tools  it's limited to "10 sensors" to remain free, but that includes 'each item monitored" like IPmon now solarwinds, so you can blow through that in one device pretty fast. both tools support alerting based on triggers.

There was a similar thread recently, here: http://forum.pfsense.org/index.php/topic,54475.0.html In it a real figure for states per user is given as 120. In that case you'd need MUCH more ram.  ;) Steve

Thanks for the responses. Unfortunately it is a Lenovo desktop and they've locked the BIOS down heavily, so I can't alter most of the ACPI and power settings. I tried to boot with ACPI disabled (An option from PFsense, not the BIOS), but the system will hang during boot then. I guess it isn't going to work :-( Thanks for the help.

so – is this the machine your having problems with your port forwards on?  So you do have more than 1 interface, and your prob forwarding out the wrong one that your .3 box is connected too??

Set HDD cache size to 0. I think this is described below the option if I remember correct. Further you can set the minimum and maximum file size for files to be cached on HDD. So in theory you could increase the minimum file size to lets say 4MB so it will only cache some bigger files on HDD and not the many little 10kb webpage pictures. But I am not an expert on such a big squid cache environment.

@mlrabbitt: Thanks guys.  I looked into doing this through Xen and VirtualBox since both do PCI passthrough without VT-d.  Xen I found way too complicated to use as my linux skills are pretty basic and VirtualBox I found had poor performance and some incompatibility issues.  I ended up just buying a VT-d CPU since my mobo already supported VT-d.  I'm going to use either XCP or ESXi now and pass through the NIC to my BSD vm and pass through the tuner card to my Linux vm. (insert big thumbs-up emoticon here)

Set up an openvpn server at you home/office/datacenter where you have the possibility to open ports. then use you pfsense as a openvpn client to create a tunnel between remote-location & home/office/datacenter

no re occurance since uninstalling ntop previous cycle solution was to uninstall bandwithd so it's something to do with bandwith management packages together with our configuration. hope this helps someone :-) and thank you all for your assistance

Reinstalled pfsense 2.0.1 and retored config from backup and all works again, thanks for the post cmb.

No reason to feel stupid ;) It's not that usual that an access point allows client separation.

I haven't managed to break anything password related yet hence I've not had to look into it!  ::) Sorry. Steve

@frbaratieri: I've tried everything. You are probably overstating the case. Have you checked the server log for an explanation? Have you checked the pfSense log file for relevant events (e.g. LINK DOWN/UP) around the time the file transfer failed? You don't seem to have yet provided strong evidence that pfSense is related to this.

I have found a better solution for this problem, using squid instead of firewall rule. I did get success using firewall rules but I have to include every google and youtube ips I found in arin, not an ideal solution for me. Now I have set squid to use gateway of the vpn and firefox add on foxyproxy only to use the proxy for youtube and it works without a hitch :) Here is how i do it if anyone needs to know add this rule to floating rules interface : vpn interface direction : out protocol : tcp/udp source : any destination : any destination port : squid port gateway : vpn gateway in proxy server general setting interface : lan and loopback custom option : tcp_outgoing_address 127.0.0.1; and you are good to go, set your browser to use the proxy and every traffic to the proxy will go through vpn gateway I didnt make this soution but found it here in this forum, it is the same setting with proxy for multi wan.

I don't have a single box that won't soft shutdown by pressing the power button. So I can verify it does work though I don't run nano anything.