I've spent hours on this and it seems I've solved my problem. Now: In pfSense web interface, it checks for updates without issues for real (previously it said it was running the latest version but now it says that update is available). In Ping menu it can ping all addresses without issues, e.g. 8.8.8.8, 192.168.2.1, google.com etc. LAN clients can access the Internet. What exactly fixed my problems (from what I understand): In [System - Routing - Gateways] there were 3 gateways configured (2 first ones remained from my testing environment). I had no idea that (a) pfSense would save them all even after I've changed the main gateway IP in vWAN interface, and that (b) it would also still use the very first gateway as by default. I've removed first 2 gateways, leaving only current one. I think this fixed the issues in Ping menu and returned the ability of pfSense to actually access and share Internet access. In Hyper-V virtual switches settings, I've reverted back to vWAN with disabled "Allow management" and vLAN with enabled "Allow management". Network Connections section in Windows now looks like this: NIC1, set to something different from 1*.2*.3*.250, e.g. 1*.2*.3*.251 (also had to change the mask to allow that). NIC2, with all protocols/components except "Hyper-V Extensible Virtual Switch" disabled. vEthernet (LAN), set to use IP address 192.168.2.1, gateway is 192.168.2.2. Did not change addresses in pfSense, but just in case here they are: vWAN: 1*.2*.3*.250 (including all other parameters from our ISP) vLAN: 192.168.2.2. Important thing to note about (3) and (4) is probably that the physical server should not use the same IP addresses as pfSense uses on any interface. Otherwise, from my observation, LAN clients could ping all Internet addresses (e.g. 8.8.8.8 and google.com) but were unable to load any website for browsing. Also, I'm not sure about DNS for now, but I've switched from DNS Resolver to DNS Forwarder. I was unable to fully understand how they work and why in most cases I'm unable to test DNS functionality right after I enable either service. Perhaps DNS services need some time to cache something, or I need to "Reset States" (have not tried this after changing DNS services yet). I'm testing DNS functionality like this in command line in Windows: nslookup google.com 192.168.2.2 I'm disappointed that pfSense made me believe it could connect to the Internet at first. I might have been able to solve the problem much faster if it displayed an error message on Dashboard about being unable to check for updates.

Yes the ability to choose a gateway group as the default is new in 2.4.4 as is the "Automatic" selection option. We have seen a few "quirks" with it, with disabled gateways especially. It's behaviour will be updated in 2.4.4p1. Steve

Why would you get a mismatch error for a new interface? The only time a mismatch happens is if it can't find an interface that must be there. For example if you had DMZ assigned and then removed that extra interface from the VM without removing it from pfSense first, that would be a mismatch. All you did was add a new interface, the ones pfSense cared about were still there. That's not an error state.

just figured out the issue, I had to set nativeVlanID to 0 in order not to lose my lan adapter connection: but in the original command it has native vlan ID 1 Get-VMNetworkAdapter -VMName "vmname" | Where-Object {$_.MacAddress -eq "XXXXXXXXXXXX"} | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-1000" -NativeVlanId 1 I found it in this instruction https://schimpie.net/2017/03/03/pfsense-vlan-with-hyper-v/ Even though setting native vlan ID to 0, it worked, but it does not make sense.

Got it fixed last night with a bit of fiddling around with open vswitch, it really did seem to be how openreach forward the service to plusnet.

Ok, So I've changed motherboards and CPU (one that allows PCI passthrough for intel NIC) and problem has been resolved. UnRAID's VirtIO bridge seems to be unstable with pfsense (at least in my previous configuration) or a hardware related issue with previous config.

I had the same problem there is a setting or something in pfsense causing the problem because i used my old backup config file from and old machine and now speeds are great through the firewall !

Like Derelict said, MAC address should not change during vMotion. Are you assuming that this happens or did you see it happen, because that would be highly unusual.

Just plug something else in bypass the vm router to your modem and see what speed you get.. Easy enough to do a speed test with your VM... Put something on wan and something on lan and run say iperf server on wan side, and then run a test from lan side.. This will tell the max your VM can handle for throughput.. Mine when not firewall/nat could do like 200ish on that old N40L.. Vs building a new esxi host, I just went hardware and got a sg4860.. Was cheaper then the esxi host I wanted to build ;) hehehe... I then just got a synology nas, and run a few vms on there that I like to play with. If I add the prices of sg4860 and my Nas and the new sg300-28 switch I got as well it still less then the host I "wanted" to build for esxi... And I use way less power now as well... But I do miss the ease of playing with dev versions of pfsense when it was VM.. But now when I have to reboot my nas for something I still have internet - which is way better then when reboot esxi host the whole network was down, even local routing between vlans, etc.

Hi io, Hope you can reach me even that this post its quite old. I ran on the same “adventures” as you did. Even that I got the ha configuration on both firewalls I have not been able to show them as a cluster where they share a unique public ip. I have tried to set up an azure load balancer to do so and al the traffic is managed by one of the nodes but when I turn that node off, the ipsec set ups that I have to onpremise are not working. Have you tried to do this set up as well?