Probably doesn't help, but I'm using 2.5.1 on Hyper-V on 2012R2, Gen1, ZFS without issues, either running or upgrading. But I did build myself a fresh 2.5.1 with restored config after a while, just because.
@spacecabbie No you can't use it like that. pfSense does support high-availability configurations but that requires you to run two guest instances of pfSense linked together on different hypervisor hosts. If it's that much of a concern then go pick up an SG-1100 and then you can reboot without losing connectivity.
@ahking19 I set it up early last week to test it to see if that would remain stable. After it’s been up for nearly a week, I didn’t have time this weekend to roll back. I also made a few config changes on in the firewall and a VLAN tag that I would need to replicate from the 2.5.1 router that was crashing and the router on a stick back to the 2.4.5 VM. In this case, it’s not quite as simple as just hitting the “roll back” button.
I went into Proxmox and changed VMBR0 bridge from old interface NIC to new interface NIC instead of having a new bridge along with setting back the IP and gateway.
And subsequently I changed the same in PfSense back to use the old NIC.
As it works and I'm no network genius, I'll leave it be for now :)
EDIT: just change some DNS Resolver settings, like the outgoing network interfaces (selected only WAN), disable DNSSEC, enabling Forwarding Mode and also disable IPv6 on WAN and LAN on the interfaces setting and now it's working!
@KOM I appreciate the insight. I think that will be my backup plan.
I realized my office computer has a wifi adapter. I never used it. I'm thinking I will connect it to my current Netgear router so that network is not taken down. I'll connect my ethernet to Pfsense. I found a program called ForceBindIP, which I'm thinking could force Firefox to use the ethernet adapter, so I can configure PFsense in the web gui. I have to make sure the WAF is stable...😁
So, I would like to admit I'm an idiot. My problem was I couldn't get full speed on Wi-Fi. Well, turns out my computer was defaulting to connecting to my 2.4GHz network. When I upped the ram and restarted the pfSense VM, for some reason my computer reconnected to the 5GHz network.
On the 2.4GHz network my WAN tops out at 80-90 Mbps
On the 5 GHz network, the WAN tops out at my rated max of 230 Mbps
So, I didn't actually have a problem... just thought I did and managed to convince myself of it.
@limez17 yes easy tek.png that's the setup the problem is that in aws you can't add specific routes so my next guess is to portforward in the dmz are websites and rdp is a must for admin emp dev network
@jimp I've seen many linux distro's handle having several nics in vmware and handle adding more perfectly fine.
Linux is vastly different in their default naming schemes. The current default names in Linux are based on bus locations which likely wouldn't change in those cases. FreeBSD counts up from 0 for each instance of the driver it finds when probing, so if the probe order changes, so does the NIC assignment order.
Does pfSense / FreeBSD have an option where you can force binding to a particular MAC address? If so I imagine many people would love to have this as a selectable option.
I would still like to see test through pfsense vs to or from pfsense.
If you can give me an idea of how to perform that test I would be happy to do so.
Otherwise, yes I can get my full 1500/1000 (or slightly above on the downstream) WAN throughput consistently even with pfNG + Suricata running).
However just like the iperf tests show, the upload speeds are not quite as good as download/ingress speeds.
What I mean by that is - while I can generally get 1500-1600 Mbit/s down, the upload is rarely faster than 800-850 Mbit. I'm testing from a 10Gbe connected VM by the way. While understand there is overhead involved I couldn't help be curious about the iperf tests showing FAR slower network speeds TO pfsense compared to FROM pfsense.
I don't always put too much weight on internet speed testing as it's out of my control when it's past the gateway anyways.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.