Use Separate WAN interface for each VLAN



  • Hi,
    I have two ISPs connected to the pfsense box (WAN1,WAN2) and I use two VLANs (VLAN10,VLAN20) mounted on the LAN interface. What I want to achieve is to connect to the internet from VLAN10 through WAN1 and from VLAN20 through WAN2. Can you advise me how to achieve that?



  • By default all upstream traffic is sent to the default gateway. So for that VLAN which is meant to go out the default gateway there is nothing to do.

    Assuming your default GW is on WAN1.
    For the VLAN20 you have add an outbound NAT rule to masquerade the outbound traffic with the WAN2 address.
    Go to Firewall > NAT >Outbound and select the hybride mode and save it.
    Then add a rule:
    interface: WAN2
    source: VLAN20 network
    translation: WAN2 address

    For directing outbound traffic from VLAN20 to WAN2 gateway, you have to use policy routing.
    That means you have to edit your firewall pass rules for upstream traffic on the VLAN20 tab, open the advanced options, go down to gateway and select the WAN2 GW.

    Consider that if you need any access to pfSense itself like DNS, you have to specify additional pass rules for that, because the policy routing rules only allow access to the stated gateway.
    The same applies to access to other local networks.

    If you have inbound traffic on the non-default WAN also consider to only allow it on the WAN2 tab. Do not use floating rules or interface group rules for that!


Log in to reply