@sgw The theory for it is relatively simple but in practice, it may require some planning due simply to the nature of virtualisation. If you have a firm grasp of the technology, it should be straight forward however. There are essentially three modes for vlan tagging in vSphere: external switch tagging, virtual switch tagging and guest tagging. It is all here. You are correct that you'd need separate vswitches for both the internal and external networks but depending on how you want to manage the internal vlans, you'd want to pick one of the above three methods. I suspect that for the majority of users running pfSense virtualised, you'd want pfSense to manage the vlans so VGT is the preferred route. Your external switch is configured to pass all vlans to the trunk/access port that pfSense is on and esxi will preserve the tagging when it forwards it onto the VM. For the management vlan, even if you have a single vswitch configured to accept all vlans, you can have another switch (on the same vmnic) configured for a single vlan that is also within that other wider vlan group. The usual good practice of moving the native vlan to anything other than the default vlan works in this scenario. A word of advice is that if you plan in future to use vSphere HA, you may want to save yourself the trouble later down the line by setting up your project with HA already up and running rather than migrating everything to Distributed Switches later.

@SteveITS said in Update pfsense 23.09 amd64 to ARM: @alvescaio Only Netgate hardware has Arm support (models 1000-3100). Learned something new today. It is a very recent addition, so easy to miss. We only started supporting it since 23.09 released, less than a month ago: https://www.netgate.com/blog/netgate-releases-pfsense-plus-23.09-on-aws-graviton

@bearhntr That's basically a Proxmox Topic. Maybe its firewall only allow access to the former interface. As I understand it - in order for any other VMs (currently only pfSense on here - until I figure this out) need to use the same vmbrXX that pfSense is using for LAN in order to get an address? Is this accurate? Yes, if you set an IP on the bridge, I'd expect, that you can access the GUI using it. However, to have IPs on multiple interfaces within the same subnet, is not a good idea at all. So you should remove the other and maybe it needs to be rebooted then.

@bmeeks Sure, and I 'get it' and not complaining. It helps to have a clear understanding of how things work. Not trying to rock the boat. As mentioned, I'm doing my best to get with newer (to me) things. Thx, Chris

@ARTEMISFAN Congrats...please mask your WAN IP.

What is 10.0.2.2 there? Are you NATing in VBox or bridging?

@eiger3970-0 with two physical NICs, option 0 or 1 are most sensible.

@tim4532 said in Proxmox SR-IOV VF pass-through to pfSense VM: FYI: My board got 2x 1G and 2x 10G ports. I would definitely use one of the 10G for pfSense WAN set for vtnet0 connected directly to your ISP modem. Once you assigned say ens2f0 to vtnet0, you don't need to passthrough the entire NIC, just plug the cable from your ISP and it will automatically passthrough...same goes for LAN if you have an external switch, do the same as you did with WAN and connect Proxmox's management port to the switch...you would have one port available for whatever you want.

@johnpoz Hi John, Thank you for your reply. As I use pfsense on the ESXi for a long time without issues I forgot it is only recommended for testing on virtualized platforms. https://docs.netgate.com/pfsense/en/latest/virtualization/index.html#:~:text=pfSense%C2%AE%20software%20supports%20a,Type%2D1%20hypervisors%20for%20production. at the same time they mention freebsd 14 on esxi 7, that is the version I am running: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html Some links for references: https://www.vmware.com/resources/compatibility/vcl/result.php?search=FreeBSD&searchCategory=Guest+OS https://docs.netgate.com/pfsense/en/latest/releases/versions.html Anyway if anybody get to know how to resolve the current issue please kindly help to reply. Kind Regards,

It looks like a firmware update put the IPMI on the motherboard in Failover NIC mode instead of Dedicated mode. I switched it back to dedicated and it has been stable for a few days.

Something I learned during my recent Proxmox setup is that one doesn't need to passthrough the PCIe NIC, example the Intel i350-t4. At the time of configuring pfSense at the console, just name them vtnet0, vtnet1, vtnet2, vtnet3...they will automatically pass to the NIC...the surprise doing it this way is 10GB lie or is that 10Gb... [image: 1697490906896-screen-shot-2023-10-16-at-3.49.19-pm.png]

Thanks a lot bmeeks.

@johnpoz Yeah that's correct, sorry. English is not my native language and i was to busy to try to not make some stupid error and so i explain bad this part sorry