Ok Problem was fixed. It was port issue. Only 2 connections were allowed.

Personally, I ran pfSense on KVM, with openvswitch. It worked like a charm, truth be told. Plus, with virtIO drivers, the uplinks to the virtual pfSense were 10Gig. And using openvswitch, the .1Q part was done entire outside of pfsense on the virtual switch.

The pastebin pages were removed so I can't see what it said. I run over a dozen VMs in ESX and none ever crash, and I know customers using it in production with no issues as well. It could be a hardware issue, a driver issue or OS issue triggered by some combination of options in use. Hard to say, but it isn't a widespread issue.

Apologies I thought I had replied to this thread to thank you. I just wanted to confirm this was the issue for anyone else who might find this thread via searching in the future.

Been running pfsense on esxi for years.. Hundreds if not 1000 is not 10's of thousands of people run routers/firewalls on VM.. Yes it a standard practice..

Care to document a screen shot of your Virtual Network Editor? I do this with 2 bridged adapters. One for WAN (VMnet0) and one for LAN (VMnet2).

I changed the vm settings and it seems to be all good now.  :) After reading the hardware requirements https://www.pfsense.org/hardware/: 501+ Mbps -> Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters. I ended up with more cores… @johnpoz: What are you hiding here, is that your pfsense setup?  Why would its lan/wan be the same vswitch? Well, yes… I am hiding the public dns/ip. Arguably lan/wan on one vswitch doesn't make much sense and I will change that.... What are those other networks on each vswitch.  I don't see more than 1 vm on those switches - so only pfsense? So what is your Iperf THRU pfsense.. ie that is routing/firewalling..  Testing to pfsense IP is not a valid test of the performance of pfsense as a router/firewall its a test of how fast you could move a file to pfsense directly, etc. I did a lot of file transfers and watched the traffic graph max out around 950 or something… I will do iperf through the pfsense as you recommend and report back tomorrow. However I can mark the thread [SOLVED]. Thanks

Use fixed size virtual disk, not dynamic.

offloading IN the virtual machine (esp. RX/TXSUM), you probably should have it disabled all offloading ON the host - sometimes you need to disable it too (but check VM first)

Its work fine PFsense can access the internet , but loses the connection after 10-20 sec and its not coming back :-( And i can´t ping my server from my home pc

A quick followup on this issue: This issue is not related to the virtualisation, it is related to negative drift coefficients. My hardware requires a drift coefficient of approx -15. The drift file /var/db/ntp.drift is either being removed (due to a negative coefficient?) or is not saved across a system restart. I am not sure which is the case. At this stage I have not had the time to investigate. All I know is that when I log in after a pfsense restart there is no ntp.drift file. In this situation NTP starts for some reason with +500 as the drift. Given that the hardware requires -15 it takes a very long time for the NTP daemon to sort things out. In my case I can fix the problem instantly by: 1. Stop the NTP service from the pfsense web admin. 2. Create the /var/db/ntp.drift file and put in -15.000 as the value 3. restart NTP from the web admin If I do this the entire NTP system stabilises in no time (5 minutes) and everything is OK from then on. Tim

It does help to reboot once the new tools are there indeed :p Then VMW and BSD both know about their capabilities and it actually works ;-)

@lipesmile: In this case I have two internet network I need 2 one for each, but I need a another card for LAN network ? If you LAN network needs its own port, then yes. If not, then no.

Well, then let me put it in simpler terms: pfSense doesn't 'read' it's IP anywhere else, other can the config file, or DHCP. Data is never flowing the other way around. Since you seem to want to preconfigure pfSense boxes, it would probably be better to simply provision the config file instead of trying to use the Hyper-V network interface's uncommon facility to push IP addresses onto machines. I guess they made that for Windows, because on every other OS, it's not supposed to work that way. You can probably script the following: MAC adresses for any of the interfaces you want to configure IP addresses for any of the interfaces (identified by their MAC) you want to configure Put them into a proper pfSense configuration XML Put that XML inside a pfSense image Boot the image What you really shouldn't do: Hack a script together that reads the IP from the interface and then puts it into the config file this is because it completely contradicts the pfSense architecture, not a single component will work well, and all of it will work against you. This is because pfSense as a network system is designed to be the authority on what IP goes where. As soon as you try to invert that, you're going to run into problems. pfSense does have a read-config-on-boot option, it has had such functionality for a long time. All you would need to do is script the XML modification and inserting the file into the VM.

Does any other protocol work? Like SSH and FTP. If not, you probably have a sum offload issue, this is described in the post at the top of the page.

The LAN has em1 but no address (this is fine because I don't have the other end of the ethernet connected to anything yet like a psychical switch yet… You connect to WebGUI via LAN, and your LAN NIC doesn't have an IP address so you'll never get there. Give the LAN NIC a static IP address on a different network than the WAN (perhaps 192.168.2.1/24 or 10.0.0.1/24) and then use that LAN IP as the gateway for your LAN clients.  Your LAN clients will also have to be on the same network to use pfSense LAN as their gateway, so if your NIC is going to be at 10.0.0.1 (for example) then your LAN clients will also have to have an IP address in the 10.0.0.0 network as well.

So again how many network devices - 500 kids doesn't tell us much.. So 17 AP, I assume those are rb951-2n devices so 2012 time frame.. They are only 2.4ghz N devices..  They are very cheap even when they came out.. You rented them for how long?  And they are just 1 large layer 2 all as AP on the same network?  With possible client count of 500? As to proxy you can still filter on url with proxy without having to mitm the ssl traffic.. So are you going to deploy new wifi or use those old 2.4ghz N 1x1 - max wifi bandwdith is 72 PHY.. That is shared with all the clients on the AP… who that must freaking scream performance with all the broadcast traffic going on as well if 500 nodes are all on at the same time on the same layer 2.. What is the internet speed?

I find it highly unlikely that some isp gateway has a /16 mask.. Default networks on all of those devices are almost always 192.168.0/24 or 192.16.1/24 –- always /24 If you want to use it as a switch/AP sure go ahead but your setup is still makes no sense.  Your going to have to port forward if you want anything outside your esxi host to talk to any vms behind pfsense.  Why would you not just leverage pfsense vm as your router/firewall for your whole network?