I've already mentioned other possible problems - search my previous reply for NetBIOS ;) Did you put rule (1) on the 192.168.2.x network interface?  Is it before any other rules?

I think I know what is happening, not sure how to fix it yet. There are 2 sets of trunks, 3 trunks with one provider and 1 trunk with a second provider.  If I disable either trunk set, the other set will register and work fine.  Its when both trunk sets are enabled that the single trunk set will drop.  It should be noted that when the trunk drops, tcpdump shows no outgoing traffic to the provider of that trunk on the wan interface; however the lan interface shows the traffic coming into the box. So at least I can replicate the issue by enabling/disabling the asterisk trunks without rebooting the pfsense box each time. I suspect that this vanished trunk registration traffic is being incorrectly routed to the other provider and thats why I don't see it.  I also have no idea why it would work initially for a bit when the trunks are all enabled and then it dies with no trace.

@dotdash: To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options. Followed this guide: http://202.143.130.99/files/transparent_firewall.pdf Worked like a charm!  Thanks for pointing me in the right direction :)

Anyone have any ideas?

Glad it's working.  I've had a glitch or two where rebooting cleared up whatever stale state/entry was causing issues.

Sorry for the delayed response! Apparently, I had a rule allowing all the ports forwarded from my VM, this appears to have been added by default.  Does anybody know why?  The description is "Default allow all on WAN in VM." In any case, disabling the rule has fixed my issue.  Thanks!

Why dont use Captive portal??

Try searching the forum and read the answers to the other threads ;) In short, by itself it won't provide you with CALEA compliance but it also doesn't stop you achieving it.  You should talk to a lawyer about what you have to do, but it may be that simply providing a network tap is sufficient.

No one can help or know in issue??

Your OP said "going up and down".  What is the pfsense sending back?  Unless you are running some kind of open service they can access, they should not be using anything like 2mb/sec.

because specifying "wan address" means: "filter if the destination is the WAN address".  in this case, the wan address is the gateway, not the destination.  nothing strange about this.

That would fit in with this question too.

Possibly, but if it all goes wrong and you break your box you're on your own.

You can refer here: http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy

Please refer to this link: http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy