what version of Windows/Hyper-V is it?

No, as far as I know, it's not possible to add another NIC to that machine. If you are pushing 100GBytes/day through that one NIC, bear in mind that its 1Gb/s bandwidth will be pretty much split between WAN and LAN. If you aren't on gigabit fibre, it probably won't make much difference.

You can use VLANs on ESXi in much the same way as you do with your managed switch.

You will probably want to allocate at least two cores to pfSense, given the packages you run.

I don't know much about the disk space or memory requirements for those packages but I suspect 6GB of RAM would be plenty. Someone else might be able to help with those numbers.

I suggest you give us some details to work with. How does it fail exactly? Any error messages? How does Vultr tell you to login to WebGUI? Usually they will assign you an IP address. Is your WAN configured with a public IP?

Has anyone tried this yet

Used 4000000 but I'm unable to improve it further. I honestly don't know what I should tweak or what's going on.

On this image below, orange arrow shows when I downloaded the file from the pfSense VM. Green arrow shows when I used my server (where pfSense is running)
0_1552041054520_Screen Shot 2019-03-08 at 11.30.00.png

EDIT:
Adding a video where you can see how it looks downloading from pfSense vs server (both connected with LAN). Looks like the pfSense is being limited to around 250mb? while the server can download at more speed for a limited amount of time. This is driving me crazy haha
Video: https://d.pr/v/1OYQeP

@macduke I got it running, seems like everything is fine so far.

I’m using unraid with virtio nics (also shared with the server as I only have 2 nic ports for now

I have only got enabled the hardware checksum preference. I haven’t touched any other preference on unRaid or the VM

Do have configured pfSense via LAN interface and disabled it after?
If so, that wasn't a good idea, as long as you haven't configured the WAN interface for accessing the firewall before.
You will have to set rules on WAN to allow the access for the clients and for management.

In addition there is also a rule on WAN by default which blocks any access from private networks. It's set in the WAN interface settings.

The main reason is the windows client required to maintain XenServer - I pretty much never have to boot that windows VM any more. They also removed a bunch of functionality I used from the free product. I was "stuck" at XenServer 6.2.

Citrix basically lost me. I do pay Proxmox but since it's just one socket (with 12 cores) it is quite reasonable. Even for a home lab.

I have some Dells in the garage and it's on the list to build a Ceph cluster with them.

@tibere86 Don't think so. In Hyper-V, I get the same response in the shell to "powerd -v" enabled or not.

[2.4.4-RELEASE][root@fw.workgroup]/root: powerd -v powerd: no cpufreq(4) support -- aborting: No such file or directory

@isaacfl Running on 2012R2, I use Shutdown. In the past I had tried Save, but I think I was getting a panic and crash before it saved and the disk would come up dirty. I would need to restore a checkpoint. Shutdown seems to work fine, though when host reboots are required, I do a manual shutdown from the H-V Manager first, and Always Start. On reasonable hardware, there's not too much time required to cold boot. HTH

Perhaps you might benefit from running two instance in pfSense HA mode, or using VMware HA.

@johnpoz

So did I but you are missing the point. A config that works for four hours should work for four days too.

The issue I have seen is that the Vlan trunk stops working after a few days. Not even arp will see the nic of the VM.

The "workaround" I found was to add or remove a nic to the VM (just a non connected nic) and it will work for a couple of days again

With 2016 the same config (actually it's the same VM) works if you can read this ;)

Now it's 2019 and this is still a problem :-)

I have been struggling with this for a week; I couldn't work out why ICMP from the host and another VM through the pfSense VM would work, but nothing else. I could only SSH into the host if I SSH to the pfSense VM first. In order to have the host be able to connect out I installed Squid and set it up as a transparent proxy, but I shouldn't have had to do this.

Researching, I finally found this thread. I'm replying because I just wanted to say that after I enabled "Disable hardware checksum offload" and pressed save, immediately traffic started flowing to/from the host, and the other VM which had basically been unreachable. No reboot or reconfig or anything else was required.

I now see it's fairly well documented here.. https://docs.netgate.com/pfsense/en/latest/virtualization/virtio-driver-support.html

Perhaps it would be nice if pfSense could automatically disable hardware checksum offload on the virtio driver/NICs :-)

@viragomann But that was after letting him select the .gz in the first place. It was smart enough to know it can't connect to a gzip, but not smart enough to filter out all non-ISO files in the image picker dialog?

I just tried it myself with ESXi 6.7 and it doesn't show any non-ISO files. I couldn't select one even if I wanted to.

Bizarre.

@johnpoz just for learning sake, if this was a cisco router, how would one set the NAT? anyone happen to know the command? is it

enable
configure terminal
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length }
access-list access-list-number permit source [source-wildcard ]
ip nat inside source list access-list-number pool name
interface type number
ip address ip-address mask
ip nat inside
exit
interface type number
ip address ip-address mask
ip nat outside
end