Please help me.

I can solve this problem from your question.This can be used normally.

For redundancy, one normally uses a protocol. Google for 802.3ad And in pfSense, this might be what you are looking for: https://doc.pfsense.org/index.php/LAGG_Interfaces You can find that in interfaces>assignments>LAGGs (last tab)

@johnpoz: just policy route and put rule allowing the access you want to access a vlan above the rule that sends traffic out the vpn. I found this https://philsheets.me/blog/multi-vlan-vpn-endpoint-pfsense-network/ and added 2 new NAT rules in outbound, see attached screenshot and highlighted rules I added and now it works. :D I gotta be honest I don't understand what you are suggesting. But since it's working now, and I already have multiple auto-created rules in Outbound i guess this will qualify as a fair solution? :P  

Thanks for answer. With this option "ignore unknown clients" the problem still exists. For my case my network will be open for anybody whit IP = 192.168.0.2 - 99. and 201-255 So is there any other option to "list out" connected devices? Ref my Android fing app.

Where did you get the idea that pfblockerng needs to use forwarder mode? https://forum.pfsense.org/index.php?topic=128721.msg709743#msg709743 Straight from bbcan177 You can use either the DNS Resolver Forwarding mode or the DNS Resolver mode.

That is correct VLANs are at Layer 2. The SVIs (Switched Virtual Interfaces (logical L3 interfaces)) are in place to facilitate the intervlan routing. This all works correctly. The connection from the switch to the pfsense isn't configured as a transit VLAN - it is a routed link created using a routed port (no switchport) on the 3750. What I'm saying is: The SVIs, default route on the switch and routes on the pfsense are all set up correctly as I can ping/browse from a host on any of the VLANS to a host on the internet which indicates that the mechanics are in place. What I cannot do is ping from the switch itself to the pfsense and beyond when the source interface of the pings is the egress port on the switch (the egress port being the routed/172.34.2 interface). Everything else works. Hope this is a little clearer.

:'(

I forgot to mention that the box is running  Pfsense ver 2.3.4 release p1 (I386). Any ideas?

So now I am scared what will happen if I Restar the Host of "Firewall PF2" wich is Root1? That depends on how you have it configured. How am I supposed to Start Pf2? If it is that critical for you, why do you not have it set to auto-start under VM startup.shutdown in ESXi? do I have to start any Services on the VM or is it enough to let the vm Start? Just start it.  All services should start by themselves if they're enabled. Btw you should probably upgrade to ESXi 6.5.

Without more comments, I'm right if I'm saying, this should be a gateway issue with this Static IP? I get connected (and Successfully updated PFSense version), but can't get online other machines connected over LAN <-> WAN (inside - outside)                

Hello Harvy66 did the same for my net: WSUS and SCCM local, via GP distribute the addresses and get local full speed and offload the WAN line at daytime for user stuff. Afair: "one ring to bind them all" As alternative: you could use squid as transparent proxy and there's a manual esp. for the WSUS case to offload the WAN line (problem with the lot of IPs/subfolders). Cheers Michael

Either the hardware is bad, the installation is bad, or some combination of the two. Take a backup ASAP, run hardware diagnostics, and then reinstall with a current version if the diagnostics pass.

[2.4.2-RELEASE][admin@pfSense.geek.local]/root: pfctl -vvsr | grep -A3 1000000103 @5(1000000103) block drop in log inet all label "Default deny rule IPv4"   [ Evaluations: 666223    Packets: 6750      Bytes: 588103      States: 0    ]   [ Inserted: pid 15505 State Creations: 0    ] @6(1000000104) block drop out log inet all label "Default deny rule IPv4"

Did you also try setting the Peer Certificate Authority for the LDAP server to Global Root CA List?

As you get a bit more advanced, your prob going to want to do vlans on your wireless networks and even wired networks, etc.  In that case get a vlan capable switch and your AP.. you would then be able to leverage any interfaces in pfsense as other networks either via physical or vlans, etc. Network interfaces make really poor switch ports..  If your at a point where your thinking - oh I can bridge one of my interfaces on my router to use as a switch port..  Your going at the problem the wrong way - clearly you need another switch or higher density switch at that point ;) Like saying hey I need to drive this nail in to that piece of wood..  Oh shit my hammer is on the other side of the room - let me just use this screwdriver I have to hammer it in.. Its got a big handle on it ;)  I will just hold it by the shaft and swing it like a hammer.  While it might get the job done - its not the proper tool for the job..  Its not really designed to do that..  Your prob going to miss the nail and slice up your hand, etc. etc..