Basically yes.
Right.
I think the policy-based routing decision (which decides which path the data takes) is actually based on the hostname of the client. But yes, my pfSense box is connected to LAN2 (on the isp router) and my hEX PoE is connected to LAN3 (on the isp router). There are no VLANs involved up until this point.
The gateway ip of the isp router is 192.168.2.1 (see appendix).
