Multi WAN & Multi VLAN

jgun98

Hi Steve,
I have add another LAN Card, device id xl2 -> WAN2

bge0 -> for OPT VLAN90 and OPT VLAN91
xl0 -> WAN
xl1 -> LAN

Create as WAN2, IP 10.10.10.123, Gateway 10.10.10.1

Rule for Interface OPT VLAN91
Local, Gateway OPT VLAN91 GW
!Local, Gateway WAN2GW

I use 10.90.0.0 255.255.252.0 an 10.91.0.0 255.255.252.0
My ASA is 10.10.10.1 Connect via Switch.

but seem connection still through WAN, not WAN2

According to your screenshoot did you name WAN2 Gateway as WAN2 also?
Thanks.
jgun

stephenw10

I believe the gateway is automatically named after the interface it's associated with. I can't remember now I may have edited it but either way, yes the gateway on my WAN2 interface is also named WAN2.

I'm having trouble reading your firewall rules. Can you include a screen shot?

Steve

jgun98

Steve,
where you upload the image? so I can upload at the same place also.
Thanks.
jgun

stephenw10

My images are just attached to the post, they are stored on the forum.
Click the 'Additional Options' drop down when you are replying.

Steve

jgun98

Hi Steve,
Thank you for your concern.
Here is the screen capture and I am very sorry that I have to hide some information.
Thanks.
Regards,
jgun

Assign.jpg_thumb

Gateway.jpg_thumb

jgun98

Hi Steve (part 2),
Thank you for your concern.
Here is the screen capture and I am very sorry that I have to hide some information.
Thanks.
Regards,
jgun

Routes.jpg_thumb

Rules.jpg_thumb

stephenw10

Hmm, OK.

You should not have a gateway on your 'Mobile1' interface. Gateways should only be on WAN interfaces (or VPN connections).

You should not need a static route to the ASA on WAN2. pfSense will already have a route to that box via the WAN2 interface.

What do you have for your LocalIP alias?

Steve

jgun98

Hi,
Gateway mobile1 is ip on layer 3 switch therefore vlan 190 can communicate with other vlan.

and here is the capture of aliases.
Thanks
jgun

Aliases.jpg_thumb

stephenw10

Do you have VLANs on your network other than Mobile1, Hotspot and CO? You have different subnets on the other side of your switch?

Adding a gateway to Mobile1 causes pfSense to treat it differently. If you have not changed anything it will be NATing traffic on that interface for example which you almost certainly don't want.

Steve

jgun98

Do you have VLANs on your network other than Mobile1, Hotspot? Yes
You have different subnets on the other side of your switch? Yes, we have many vlan, but only some vlan that we route to pfsense.
I want mobile can connect to others vlan and also have different route to internet

stephenw10

Ok, your network is more complex than I realised.
However you still don't want to have a gateway on Mobile1. Instead add static routes to your other subnets.
I'm not sure how that might work with clients on the mobile1 subnet though. Traffic would have to route in and out of the same pfSense interface and I'm not sure that's possible. :-\

Steve

jgun98

Still not working… I think I have to go to alternative, install another pfsense

clarknova

When creating a static route the Network should not be in the same subnet as the Gateway, ie 10.10.10.0/24 and 10.10.10.1 in your case. In a static route the Gateway is an IP address that is directly reachable from a local network, while the Network is one that is not directly reachable, hence the use of a route and gateway.

What type of interface is WAN2 (dhcp, static, pppoe, et)? What is WAN2's IP address?

jgun98

Hi,
IP Address WAN2 (Static) 10.10.10.123 /24
Gateway 10.10.10.1 /24

I have tried to remove the static route as advice by Steve
Regards
Gunawan

stephenw10

I think a diagram of your network could help to clear things up here.

Steve

jgun98

When I setup WAN2, should I set the load balancer?
I have read several