Hell I have been getting the same problem, and I have to restart the pfsense computer dew to 504 gateway fail. I do not use  Sync and CARP like you, I have pfsense PC quad core 3.2 gig 6gig ram 120 HDD it has 1 WAN in and 2 Lan out with load balancing to a dual wan router that also has load balancing as well for my internal network, but primary Lan1 on pfsense PC drops out and then I have to reset pfsense computer to get it back. If I was a business running servers I would find this a big problem.

The logo was created by hoba back then, IIRC. There was talk about it in this forum so try a search. Participants might have been hoba, cmb and sullrich.

Cool! Would I be right in concluding that Wolf666’s suggestion may not bear fruit because.. That document seems to only deal with inbound towards a PBX server. If you end up with issues such as one way audio or phone calls going to VM immediately, keep in mind that if you need to make inbound firewall rules to point them at your "WAN address".. (SIProxd) or client LAN address (no SIProxd). I personally like SIProxd when I have more than one SIP device on a given network.  Makes less work for me.  But should be possible without it. With "normal" voip there should Never be a reason to port forward to the client device(s).  Although firewall rules might be needed you can make inbound rules on the WAN interface that points to each device(without SIProxd)(or a small subnet of devices if you choose) which will allow the SIP server to reach your device at will.  (source- SIP Server  destination- your sip client or device(s)).  (with SIProxd-  source- SIP server  destination- WAN address.)

I can ping the gateway from pfSense, but not the client. It doesn't matter if pfSense is on a different port on the switch. I tried to find posts from other people with similar problems or "problems separating traffic"  with the TL-SG108E and there are none. My configuration is identical to that used by others. This switch appears to work fine with pfSense with very little configuration. To check if the long-frame BFE VLAN interface (Broadcom BCM4401) is the problem I tried a new pfSense install on a different computer with a hardware-VLAN ALC interface and had the same issue (along with many other issues I didn't look into). People are using the BFE interface for VLAN on BSD and pfSense successfully, but I still have suspicions on the BFE / TL-SG108E combo. I monitored everything in var/log but no error messages appear at all when the WAN is connected/disconnected other than a DHCPREQUEST in dhcpd.log. Is it possible to get BSD to more finely log ethernet and networking errors?

Settle on LAN subnet that's not 192.168.0.0/24 or 192.168.1.0/24. Replace the Linksys with PFsense, assign the first available IP in your new range to the LAN interface and enable DHCP Assuming you want to reuse the Linksys for wireless, give the Linksys a static IP in your new LAN subnet that's outside of your new DHCP range, disable the DHCP server on the Linksys, attach the Linksys to your switch via the LAN port on your Linksys (Not the WAN port) That is a basic setup and will look like this: Modem -> PFsense -> Switch -> LAN                                       |                                       |–---> Linksys -> Wireless Anything more complicated will involve managed switches, VLANs and/or extra NICs.

here is a neat thing that fios does not tell you…. :'( :o :o so if for some reason your account is disabled (non-payment, changes made, or something on their end..which is what my case was..the card on file name was changed) you can actually still access https and other secured connections, but you can not access ANY other connections. makes a hell lot of sense does it not? screw residential internet access..im going business! just a little FYI for those who may run across such an issue.

My setup: Modem–-pfSense(DHCP, NTP, DNS, VPN, NAT)---<trunk>---Cisco SG350 (L2 Mode)---Clients: VLAN 1 Management (Laptop, iPhone, iPad) VLAN 100 Trusted WiFi (Wife iPhone and iPad, Kindles, Smart Scale, Home Lights & Sensors) VLAN 200 Guest WiFi VLAN 666 Media (NAS, Media Players, PS4, TVs, Workstation) VLAN 935 Voice</trunk>

@NogBadTheBad: Also as John mentions most access-points need their management interfaces in an untagged vlan. For most situations (such as UniFi) you can have everything tagged on the firewall and just set your ports native on the lan-vlan and tagged on the wifi-vlans. Only exception I have seen is some crappy switches that can only be managed from vlan 1. It is also sometimes needed when you don't have the luxury of re-programming the entire site. That being said, my early Cisco training stressed that it was bad practice to use vlan 1 as a production vlan, and I avoid it when possible. Your mileage and OCD may vary.

NEVERMIND!!! It would figure the a little more thrashing around myself would resolve into an answer. The DHCP gateway on the pf2 box was somehow screwy. So I gave up on DHCP for WAN … I assigned the WAN on pf2 a static IP in the LAN (10.1.1.x) and manually defined the gateway as the pf1 box. Voila! 3-hours later, I can now begin the experimentation I hoped for.

/etc/rc.php-fpm_restart Thank you

System logs are a good place to start. In my case it's usually a PPPoE problem because my ISP went down.

Can you post the interface configuration (screenshot preferable) for WAN and the gateways screen at System->Routing->Gateways.

Good luck.

OK now I understand but unfortunately I don't have a solution for you other than to manually assign a VIP when you need to access the modem admin page, which have already thought of.