if you don't want devices on the same vlan talking to each other the most common solution is private vlans..

How exactly is a firewall/router that is used to get off that network going to block devices from talking directly to each other??? They can see each other via layer 2, so the firewall and routing that happens at layer 3 never comes in to it.

Only way firewall could block such traffic would be if the devices were on different sides of a bridge..

Didn't realize this wasn't done via the command line anymore. Thanks!

So you want to run something you have no clue how to use at all is my take on that, and what amounts to a idiot proof setup.. What I would suggest is you understand how to properly place a proxy in your network before you think of running one..

You have a cisco router and managed switches, you don't show any lan side but you do show another downstream switch and mention "core" are you doing layer 3 at the 3850?  Just at a loss to why you think to throw another router into the mix?  More than likely wccp would be well suited for your setup, when you don't want to put the proxy at the edge.

https://en.wikipedia.org/wiki/Web_Cache_Communication_Protocol

A layer 3 switch is not all that expensive… The cisco sg300 10 port gig switch can be used in either layer 2 or 3.. And is less than $200

Shit.. Down to 130...
http://www.amazon.com/Cisco-SG300-10-10-port-Gigabit-SRW2008-K9-NA/dp/B0041ORN6U

I might have to pick up another one, and scrap that shitty netgear I have in my living room..

There really is no reason to passthru the nic to your pfsense vm, to be honest that really defeats the whole purpose of virtualization..  And depending on the host your running the VM hypervisor it should be more than capable of routing gig of traffic.

enabling time synchronization with host resolved problem.

Hi Gomez,

I didn't try the e1000. I will give it a try and report back.

You're very welcome. We all need someone to take our hand and guide us sometimes  ;D

As far as the DHCP thing goes I would say just don't use the one provided by pfSense. I have the DHCP server installed on my AD Domain Controller and all you have to do in pfSense is to configure the DHCP Relay service to point to the DC's IP address and any DHCP request that hits your pfSense box will be forwarded to your Windows DHCP server. The DHCP server in pfSense is pretty basic and I was more comfortable using the Windows one.

As for configuration recommendations beyond that it's very difficult to make any as every environment is different. What I would suggest though is to make a checkpoint of your pfSense VM before you try anything new so you can go back to a known good state if you somehow screw something up. God knows that's saved me many times. Oh and thoroughly research whatever options/services you plan to change in these forums and on Google in general because pfSense has a way of tricking you into not fully understanding the impact of every configuration item.

One thing I had issues with: by default pfSense will change the outboud port that your clients use to communicate with Internet servers, just in case two clients tried to go out on the same port at the same time. This broke a few applications where the client initiates the communication but the server always responds on a pre-determined port. In those cases, because pfSense changed the outbound port from (for example) 501 to 50001 and the server always tried to connect back on port 501, the connection would time out. Unfortunately I can't remember for the life of me the setting I changed to fix that and tell pfSense not to change the outbound port for client-originated requests. I think it might be the "Insert a stronger id into IP header of packets passing through the filter." under System -> Firewall/NAT but I'm not 100% sure. Anyway you probably don't have to play with this unless it becomes a problem.

Another hint regarding checkpoints is to delete them all once you've attained a good, stable state. Checkpoints are great but if you keep too many or you keep them too long the delta vhd that are created with each checkpoint become very big and your VM's performance may suffer in the longer term. It's a great troubleshooting tool though. Also I don't know how you do your backups but I simply have Windows Server Backup backup Hyper-V and its VMs and that works very well too. That has saved me when I have forgotten to make a checkpoint before going in blind and changing stuff just for kicks  :D

Its not working only in EDGE :/ .working well in other browsers(tried on chrome too).For the past 3 days i've been banging my head against the wall, all i had to do was switch browser  ::)

^ That. I wouldn't bother with the tools for virtualbox.

I've never had that problem under Workstation or ESXi.

The strange thing is that even if you install from the pfsense cd you have again to delete that folder in order for the daemon to work…nobody has noticed that?
strange...

Thank you very much for that information!

I saw the commit, but it's not in the snapshot yet. I will try again next weekend, during the maintenance window on this. I do believe the "hn0: exceed max page buffers,75,32" will be an open issue with Hyper-V and pfSense.

try this configuration:

internet -> dsl modem -> vswitch (wan) -> pfsense on esxi (virtual nic#1)
      physical switch 1/2 <- vswitch (lan) <- pfsense on esxi (virtual nic#2)