Sun Mar 28, 2021 2:12 pm
In that case, let's suppose the pfSense has two physical interfaces (or two VLANs), a "WAN" one and a "LAN" one.
You will partition the Mikrotik into two virtual routers - one will forward the traffic between pfSense's WAN and the Mikrotik's WAN interfaces, and the other one will forward the traffic between Mikrotik's LAN interfaces and pfSense's LAN (unless you have a single subnet so you can use Mikrotik as a switch alone and the pfSense's LAN IP as a default gateway in that single subnet).
As Mikrotik states somewhere in the documentation that use of VRF is not compatible with assigning routing-mark values using mangle rules, it may not be possible to assign the interfaces into a VRF, and you'll have to do everything using the mangle rules.
If this is not enough, post a drawing of your network as @pe1chl has recommended, and an export of your actual configuration rather than a reference to the template you've used.