its solved..

i just change another physical NIC and plug the trunk interface into new NIC.
set encapsulation dot1q on cisco switch, i've tried (it works on 2900 & 3550) it doesnt work on 2950,2960(may be im wrong config).

old one NIC doesnt support for trunking.

Thanks.

As long as you set up the vswitch so that only the pfsense box has a LAN port on it, and its running to a dedicated esxi NIC your fine.

That's not as uncommon as you think. I run into that all the time when I work on networking chassis or firewalls, anytime I change out a line card or module it regenerates the ssh keys when it restarts.

The problem is with the ESXi. I can put an ESXi management interface on the LAN and add a NAT, however I can't change the default gateway, it's a global configuration to all VMKernels. And so the packages are unable to get out!

Well I didn't bother to wait for an answer here… not sure why it failed after the update, maybe because it's been updated so many times from previous versions something was messed up.

I downloaded 2.3.2 ISO, did a fresh installation, then updated to patch 1 and loaded my backup everything is working great. So I guess case closed.

Cheers

OP, does 2.3.2 (not p1) work for you?

I've been running pfsense under ESXi for about 8 years now at least… never had an issue until 2.3.2_p1 update... when I update to it, it doesn't even want to boot.

Also under ESXi 5.5 BTW

see my thread here: https://forum.pfsense.org/index.php?topic=123971.0

Although from what I've read that error seems to point to a hardware issue it just doesn't make any sense.  I don't have USB or floppy drives, etc on that VM.  It's just a video card, HDD and that's it which has always worked for me even w/ 2.3.2 (non-p1).

EDIT: I reinstalled 2.3.2 in a fresh VM from the ISO then upgraded to patch 1 w/o an issue.. restored my CFG and I'm off to the races.  Hopefully you find out what's going on with yours.

Cheers!

Well for starters your nic is not connected and why do you have it set on your wan for vlan 1?

So just as an FYI, i updated to 2.4 and I must say wow, it feels way faster then 2.3.x. It also fixed all my percieved latency problems, and it was super simple to set up ipv6 in it. Great job guys, keep it up.

@andipandi:

Thank you, Mats.

I just checked and tcp/ip is indeed disabled on all adapters that have a vSwitch on them. I tried disabling the adapters in the host before, but that did not work at all (loss of connectivity on the vSwitch as well). With tcp/ip missing I am a little more relieved.

Good.
One way to se it is that that binding for the Vswitch is the virtual cable between the nic and the vswitch. If you unbind it - you unplugg the switch.

As long as the only binding fot the external card is the vswitch and the only thing using that vswitch is the external interface on the PFsense box - then your safe. I haven't heard of any security issues with the vswitch in al years with hyper-v

@heper:

you created rules on those interfaces to allow packets to flow ?

Yes..

Funny thing is now it started to work.. Not sure what made it work.. the difference between 30 min back and now is that I had enabled port 4(eth4 - LAN3) connected my laptop and added rules and nothing worked..
And then i connected WIFI router to eth2 (LAN1) and laptop to LAN2 and disabled LAN3.. Now laptop is reachable to outside world and the wifi router is also working which is test by checking the mobile and laptop..

trial and error… using proxmox on supermicro boards they bind the IPMI port to lan 1 (eth0), thus creating my confusion.

vmbr0 = eth0,eth2,eth3,eth4 - 192.168.1.3 / 255.255.255.0 / 192.168.1.1
vmbr1 = eth 1

pfsense add two nic's e1000's, assign one vmbr(x) to each nic
Then go through the assign function at the command prompt.
get into the gui and dhcp release / renew on your WAN.

Fixed it for me.  Now to assign a fail over secondary wan using a cradlepoint AER1600

Changed to lsi SAS. Still the same issue. Get errors even during install but the files get copied, though slow as hell.

Thanks again!

I googled "SR-IOV Hyper-V NIC security" and slight variations several times but not a single hit on the first 2 pages was about security, all were about performance. Do you have any pointers?

This is the best article I have found so far https://blogs.technet.microsoft.com/jhoward/2012/03/21/everything-you-wanted-to-know-about-sr-iov-in-hyper-v-part-8/ but it only mentions SR-IOV security flaws rather than it improving security.

Also, I found out that I can check whether a NIC supports SR-IOV via
  Get-NetAdapterSriov
even though all NICs say that SR-IOV was enabled successfully, only the 82576 actually comes up as supported.

As for IOMMU, I am still not sure. Yes, the hardware components support it, but the BIOS also could disable it, and there is no such option on the Dell, also, googling came up with mixed results.

Or you could do paravirt.

Anything in your System or Gateways logs during the spike?

Stange. That'd mean that the XenServer product is using a Dom0 that doesn't play nice with the hardware. I checked my inventory, I have two HP servers running Xen (not XenServer, just Xen), a DL180 G6 and a DL360 G6, and they are doing just fine. They are nearly identical setups; Xen 4.6 and Xen 4.8, but both Debian 8 as a Dom0 host, pfSense 2.3.2-p1 as firewall and a bunch of DomU's, all Linux (mix of Debian and Fedora). I'm using the internal NIC's on both of them, and pulling 100Mbit up/down. (branch office uplinks)

Running it with Xen but also the XenServer product, no issues since 1.2.x… works fine!

Hello all and a good 2017 for all.

I have a new Intel i3-6100 3.7GHz with an Asus H110M-K board that don't get the  I for installer. It fails to mount the DVD.

Any help would be very usefull.

Thanks a lot in advance.