PfSense interfaces and VLANs


I am brand new to this forum and I read some of the previous posts but I have been trying to understand the following concept for a while and didn’t find much on the internet.

Here is my scenario:

I have a PfSense firewall with 4 NICS and an Unifi 24 port switch that distributes ethernet to all my devices in two different VLANs.

On the PfSense box, I use NIC0 for WAN and NIC1 for LAN, VLAN1 and VLAN2.

strong textHere is my question:
Is it a good practice and is there any benefit in separating the 2 VLANs among the other 2 NICs I have in the firewall?
I guess one benefit is that I won’t have the share the NIC bandwidth, but I will be connecting multiple ports from the firewall into the same switch. What are the best practices in this situation? Using all the NICS available or send all the VLANs through the same NIC?


All VLAN should be created with the same nic1 also known as your LAN. If you create with nic0, the WAN, i don’t think it’ll work. i created like 5 vlans with LAN one for your IoT devices, one for guest, etc.

I would group two or three of the pfsense ports as Lagg and assign lan, and all your vlans to this lagg port

Tutorial: pfsense LAGG & LACP & Setup - YouTube

Ubiquiti UniFi Link Aggregation (LAG) And Limitations - YouTube

Thanks @benlumia007 and @Paul

This was super useful. I will setup mine as a new LAGG interface.


IMO I think you ought to use a WAN, LAN, LAGG for the vlans on the 2 other nics, I have this setup, I don’t really use the LAN, if I need to access pfsense on the router in an emergency then I can do so, otherwise everything resides on vlans.

It sounds like a private environment (sorry if I’m wrong), there you can run the two vLANs over one port (shared).
If you have the requirement for a dedicated route (not shared), then it would be necessary that the VLANs are not routed over the same cable.
Separating this can be a bit tricky, so I have 8 VLANs all routed over one copper link to the firewall.

Some of our customers have the “urge” to have a dedicated connection to the Permitter firewall, but the majority are perfectly happy with shared LAN connections.


Thanks for your tips. I ended up using the 2 NICs in LAGG for the VLANS and LAN. Looks solid, and yes this is my home firewall.