Sounds like all you need to do is eliminate the HSRP IP address and put the two routers on different VANs/subnets. Make each router the default gateway for its subnet. Do you want each router to be a backup outbound path for the other? You'll need some policy based routing statements with SLAs attached.

Is the WAN port configured as DHCP? Did you try Status > Interfaces? DHCP Release/Renew button?

full

All well and nice but I have several pfSense boxes at several client locations and all work except one. I've checked and double checked each and every setting, deleted it and recreated it, but it still keeps saying 'Gateway authentication error' and 'invalid ID_V1 payload length, decryption failed?' after the upgrade to 2.2.4 (I skipped 2.2.3) To be precise, I copied the configuration from exact the same hardware appliance box, just to rule out hardware dependencies.

@mechrock: Have you been able to fix this? sadly, no. i am totally at a loss. dont know what to try

But you was not trying out the yellow SATA port, or? I would try it out once more again with a SSD or USB Memstick NanoBSD.

What box are you actually using? The BIOS you referenced is for an X-e box like the x750e. The X700 is not an X-e box. Steve

Had the same issues with 2.2.1 through 2.2.4.  Only swapping to a newer card fixed it.  Like I said, maybe forcing the loader to use a slower PIO mode may have worked, but I was having entering commands using the serial console (for some reason only with 2.2.x) and loading the image in vmware to save/restore configs was making the troubleshooting a hassle.

Two main causes: 1. Shoddy disk 2. Shoddy controller #1 can't be worked around, but #2 sometimes can: https://doc.pfsense.org/index.php/Boot_Troubleshooting#.22Fake.22_RAID_cards_with_a_GRAID_error Wiping the disk isn't a bad idea, quickest way is to let pfSense boot all the way up to the menu (may have to assign NICs first), drop to a shell and run: dd if=/dev/zero of=/dev/ada0 bs=1M count=1 A little more than needed, but quick and sure to get the job done. Also if your BIOS has any tweaks for the ATA controller, try toggling things like Legacy mode or AHCI, and a BIOS update isn't a bad idea. If there is a crappy soft RAID controller in the BIOS, disable it or set it for JBOD mode.

Why would you need a IP on your switch for every vlan?  Unless its L3 and you want to route on our switch?  Or you need a IP in that vlan on the switch to troubleshoot with.

Tuning and Troubleshooting Network Cards It depends also a little bit on the available RAM in your pfSense box, RAM is cheap to get these days and not anymore limited since 64Bit hardware is in the game and available. So 8 GB RAM or 16 GB RAM would be not the problem for you as I see it right. You can easily high up the mbufs size explained how to do so, shown under the link above. Mostly the users are thinking that something goes wrong if there a perhaps 256 MB till 1 GB of RAM will be used, but the entire mix of their hardware and art and wise of the usage of the pfSense box, so at this days it is not really wrong to hug up the amount of RAM. 2 GB should be something as a good starting basis 4 GB if VPN and high Internet and/or network usage is in the game 8 GB if Squid and Snort are coming to that on top 16 GB if money is there and your hardware is supporting it

disabled NAT In usual all is opened if the NAT is down! There are two common ways to do so: Opening ports at the WAN interface Disable NAT and all is open At today many peoples want to create a so called transparent firewall by bridging ports together and disabling then the NAT function at the WAN Interface and yes the most of them don´t really know what they are doing, but they are thinking this transparent firewall is much more secure then the others. I really don´t know from where this knowledge is coming or will be spread out but in this way the security is not gaining up in your network, believe me please.

the hdd controller is faulty :-) Is this a SSD? Were you setting up the AHCI mode in the BIOS?

Silly question:  Are you sure you're assigning WAN to the proper NIC in pfSense? If I do a fresh install or add hardware on occasion, the NICs show up differently in pfSense. Only by writing down the MAC address of each NIC am I able to correctly reassign them at reboot.

@snm777: perhaps somehting about the SD cards is similar enough between the nanobsd and FreeBSD That something "similar enough" is the UFS filesystem with the SU+J disaster "feature". (It was turned off on nano in 2.2.4 because it's completely unusable with slow media.)

Yes, you don't have to use 1:1 NAT from your virtual IPs. However if you have added them for convenience you can override the 1:1 entry with a port forward to change the ports. Steve