@papotz: Hi! actually i'll run pfsense with the host OS (Windows Server 2012) my VM machine will also run Windows server 2012 but will configure exchange server 2013 and AD DS separately with 2 VM. I can't answer your question, but I was a little surprised by this.  Are your sure you want to run your ADDC, Excchange Server, and pfSense on the same physical machine?  MSDN and Technet forums are full of warnings against doing such a thing, even under virtualization.  Perhaps you are a developer doing this on purpose as a laboratory environment, but for actual deployment you might want to reconsider your provisioning strategy.  I am setting up a similar arrangement, but using a separate physical box dedicated as my ADDC.

@cmb: VMware's quirky with vmxnet3 NICs on newer versions if you add NICs later on. If you add one, you can end up reordering some or all of your other NICs (eg. vmx0 becomes vmx3). Make note of the MACs and associated NIC, then check the MACs in 'ifconfig' output after you power up the VM, then you can associate what their actual order is and re-assign the NICs accordingly. You're a genius and a life saver! Thank you so much! This completely fixed it  :)

5.5 with Update 3a?  Are you using E1000 or VMXNET3 NICs?

Hi, I have successfully set up a transparent firewall environment on ESXi 6. However, I set Promiscuous Mode to "accept" on the vSwitch level, not on port group level - both for the WAN-side vSwitch and the LAN-side vSwitch. Maybe you try that, not sure if it makes a difference? Best regards

@macralf, did you ever find out what caused this? I am facing a similar problem.

Did either of you find a resolution for this issue?

Also, ESXi 6.0.0 Update 1a came out just a few days ago.

AWebster: thanks for your reply.. the reason wan is currently on em3 is because this hardware and platform will be moved to a data centre at some point soon, and em0 will be WAN… im just waiting for the IP details from our network provider until everything is confirmed. I configured the nic's in pfsense as per cmd line which was in the screen shot i attached to my original post. regarding vlans, my proxMox presents the tagged vlan ports straight into the kvm guest which pfsense is running on by way of each of the nics, em0-3. I didn't see any reason to bring the vlan's straight into pfsense. Doktornotor : This 'PEBAK' you speak of - is possible because the 'physical switch' we're actually using to plug the two physical hypervisor servers (proxmox) only turned up this morning and I was trying to do as much 'config' on what I currently had available... thanks tho.. will update asap

Thanks for the reply johnpoz. Yes, I well agree with you about splitting up traffic; managmenet vmnic0, iSCSI traffic vmnic1, etc.. and this now makes sense. In a worst case scenario, one could literately could jack into the esxi server through the dedicated nic. I am thinking in my configuration where pfsense actually brings up the entire network. I am an idiot, 2 labs servers setup this exact way but I could not see the trees through the forest.  The rest is just virtual switch's to port the lan of pfsense into security onion and then out to the actual lan nic. I am just wondering if 802.1q is going to be lost going through security onion. Well, in any case thanks for all the help, a new project is on the horizon.

Hi there gents, I'm experiencing the same issue here, after I'm adding a new "physical" (from pfSense's point of view) interface things go kaboom! I've been thinking about using VLAN's as well, but my only question is: will it work on multiple hosts? I have a pretty straight setup with two hosts, connected via switches. Of course, for inter-host communication I'm mapping the virtual networks to VLANS. Is there a possibility to add "virtual dot1q tags" inside the actual virtual networks? Thanks, Sebastian

Anybody have any pointers or tips? Seems like an impasse at this point…

Thanks, that was the issue :)

I mean the WAN firewall rules for iperf to allow a remote PC to talk to the test server behind the LAN are at the top of the list. Just to clarify, the test points I used indicate that testing from an internet host to the WAN IP, there's no issue Testing from the pfsense LAN IP, to the test server, there are no issues The connections that the issue occurs is when an internet host connects across the pfsense router. Since you've confirmed there aren't any inherint issues with vmxnet3, I guess my new question would be some recommendations on how to probe for a cause since this is new territory for me. I'm factory resetting the pfsense install to defaults and will be trying from a bare minimum setup as a starting point like you suggested you were working with.

BIS is built-in. Works out of the box.

so your esxi 6u1 which is build 3029758 then.. And all is smooth, great to hear! So it seems cmb that doesn't actually play all that nice with older versions of esxi that do not officially support freebsd 10.1 ;) You got xbox to show open nat, you might want to share that in the gaming section..  That sure comes up quite a bit, and there is some really bad advice in there floating around about setting all port 1-65k to strict nat..  Which is just nonsense..

Where there you go you have 18,446,744,073,709,551,616 ipv6 addresses to work with, which is a LOT different than 1 ;)

if using same in a windows 10 hyper v, are there any limitations on using pfsense as a dhcp given the concurrent connection limitations of windows 10 (non-server)?

Just wanted to say thanks for this post as this helped me get past this connectivity issue with PfSense 2.2.3 + vSphere 6.0. I created the following RC script (not pretty but it gets the job done) based on the example provided which seems to do the trick: #!/bin/sh for vnic in $(/sbin/ifconfig | grep "vmx3f[0-9]:" | awk -F ':' '{ print $1 }'); do /usr/bin/logger -t vmxnetfix.sh "Disabling checksumming on $vnic" /sbin/ifconfig $vnic -rxcsum -txcsum -tso4 /sbin/ifconfig $vnic down /sbin/ifconfig $vnic up /usr/bin/logger -t vmxnetfix.sh "Checksumming has been properly disabled on $vnic" done Cheers, Dan

You want to download VMware ESXi 6.0 U1 ISO Image and VMware vSphere Client.