Do a fresh Install in your VM, take a Backup for the appliance in Diagnostics > Backup & Restore and Restore this Backup to your VM. More Information here: https://www.netgate.com/docs/pfsense/backup/configuration-backup-and-restore.html -Rico

The guide is like that because running with only two NICs total is not recommended. It states: Host has at least two network interfaces available for WAN and LAN. If you have used a NIC for the management port then you don't have two available. However it should work with two NICs total and no dedicated management port as you found. Steve

@eiger3970 Buy any NIC you want, so long as it's supported by FreeBSD. Stick with Intel if you can. However not sure if pfSense is clever enough to allocate the 2 ports to LAN and WAN? pfSense doesn't allocate anything. You define WAN and LAN yourself during setup by telling pfS which NIC is WAN and which is LAN.

refer to this thread https://social.technet.microsoft.com/Forums/exchange/en-US/ca93a8bc-500a-49e3-be6e-bf3407d8d798/hyperv-is-not-configured-to-enable-processor-resource-controls?forum=win10itprovirt i used bcdedit /set hypervisorschedulertype classic to fix the latency, intermittent, and bandwidth issues this is needed on win10 1803 and 1809 also in pfsense under System/Advanced/Networking make sure Disable hardware checksum offload Disable hardware TCP segmentation offload Disable hardware large receive offload are checkmarked with certain networkcards such as realteks

refer to this thread https://social.technet.microsoft.com/Forums/exchange/en-US/ca93a8bc-500a-49e3-be6e-bf3407d8d798/hyperv-is-not-configured-to-enable-processor-resource-controls?forum=win10itprovirt i used bcdedit /set hypervisorschedulertype classic to fix the latency, intermittent, and bandwidth issues this is needed on win10 1803 and 1809

Did you get your hyper-v pfsense running? If not, feel free to post again. I have a couple of pfsense instances running on a hyper-v server, so it's definitely possible to get it working properly.

i found the link below and a few others on the net but this one explains what i'm trying to do, at least from a vm perspective: dailysysadmin.com/KB/Article/965/port-mirroring-cisco-switch-virtual-machine-vmware-esxi-host/ made those configurations & mirrored the pfsense LAN switch port to security onion. checking now if i have the VLAN option correct but for now seeing a lot of traffic on the securityonion " ens192 " interface, the one without an ip that, i think, captures on all interfaces. getting there. i want to get the actual traffic to securityonion for analysis, say versus streaming pfsense syslog to securityonion. so port mirroring the pfsense LAN port is the way to do so, yes?

@netblues Hi, following up on this, below is a small and crude (sorry...) script for setting up a basic UDP LB with Nginx on-board pfSense. This script assumes that the directory /root/NGINX exists, and you have your custom nginx.conf file in it. #!/bin/sh if [ -f /usr/local/etc/rc.d/nginx ] then echo "Backup and rename nginx service" cp /usr/local/etc/rc.d/nginx /root/NGINX/nginx-dist mv /usr/local/etc/rc.d/nginx /usr/local/etc/rc.d/nginx.sh cp /usr/local/etc/nginx/nginx.conf-dist /root/NGINX/nginx.conf-dist echo 'nginx_enable="YES"' >> /etc/rc.conf.local fi echo "Update nginx config" cp /root/NGINX/nginx.conf /usr/local/etc/nginx/nginx.conf echo "Restart nginx" service nginx.sh restart ...and this is the diff between the default nginx.conf and my custom one, which balances two AWS instances (addresses intentionally changed): [2.4.4-RELEASE][ec2-user@MY-pfSense.localdomain]/home/ec2-user: diff /usr/local/etc/nginx/nginx.conf-dist /usr/local/etc/nginx/nginx.conf 0a1 > load_module /usr/local/libexec/nginx/ngx_stream_module.so; 15a17 > user root wheel; 122a125,142 > > stream { > > upstream lb_instances { > server 1.1.1.17:1234; > server 1.1.1.147:1234; > server 1.1.1.140:1234; > } > > server { > listen 2.2.2.1:5678 udp; > proxy_pass lb_instances; > proxy_bind $remote_addr:$remote_port transparent; > proxy_responses 0; > } > } > It seems that the failover feature is an Nginx+ feature, which requires a paid subscription. Thanks a lot for your help! Erez

10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 -Rico

@unsunghero The sort answer is unfortunately, NO. pf is an enterprise grade firewall solution. It is never meant to be a plug and play box. It can do many complicated things, but then its like driving a racing car. You have more things to do apart from the steering wheel and the gas pedal. Here is a great reference for all things pfsense https://www.netgate.com/docs/pfsense/book/ It will answer all your questions, but then you need to invest some time and effort.

@rico said in 1&1 IONOS Cloud Server - Routing Socket - Network is Unreachable: Glad you have it working now. I would not open Management Port 80 and 443 to the whole Internet. Maybe you could lock it down to only a few Source IPs in your Firewall Rules. The best Solution is to use some VPN. -Rico Thanks Rico - I have a static IP so locked it down just down just to this one. Thanks again David

This isn't directly related to your probably but you probably don't want to use a VM as a time source as the VM and the Hyper-V host tend to fight about the time...possibly the cause of the jumps you mention. https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/11/19/time-synchronization-in-hyper-v/ "...the rate at which the time in a virtual machine drifts is affected by the total system load of the Hyper-V server. More virtual machines doing more stuff means time drifts faster." Aside from that 2.4.4 upgraded FreeBSD so you might look into the NIC settings on the host. I am not really pointing to you anything specific but maybe there were driver changes in FreeBSD related to Hyper-V NICs. Oh, how about this bit in the blog post for 2.4.4-p1? "Fixed issues with Hyper-V hn(4) network interfaces and IPv6 as well as issues with ALTQ."

@vkappas Can you share an working image of pfsense that can be uploaded to Azure, i have been trying to do this for quite some time. I was able to upload and get it started, im stuck with HTTP referer error.

@netblues Thank so much for your detailed feedback here, is great to see high bandwidth under iperf test, for me. It's outstanding all my thinks! Now I'm hurry to do my iperf result too. And I also happy to try with my bare hardware! Hmmm See you soon, regards.

Interested in knowing what you are testing with? Iperf? Did you find a solution or at least a root cause?

Correct, but I need to restart pfsense ... Thanks.

The CPU is: Intel Celeron J1900 Confirm no AES-NI support.

Just doing the same process, had any success?

@_neok said in vNICs degraded - Hyper-V Server 2016: I'm running pfSense 2.4.4-RELEASE (amd64) on Hyper-V Server 2016 in a generation 2 VM. The server is recently updated. The administration console, in the tab "Network Functions" informs me that the status of my vNICs is "Degraded (Integration services update required)". I'm not sure if this is simply because I'm using the latest versions of both pfSense and Hyper-V. Does anyone know if there are updates of the integration services for my VM and if there are, how to install them? I really appreciate your help and experience. PD. I haven't found any performance problems. Best regards, Gabriel It's for the reason I imagined. https://social.technet.microsoft.com/Forums/en-US/06796c00-547a-4856-8e3f-2800d2653096/vnics-degraded-hyperv-server-2016?forum=winserverhyperv