I was able to configure the PFSENSE as a transparent bridge, however, something is wrong because I cant make inbound traffic work.

I can ping the machine, however, I can't connect to SSH or APACHE ports, for example. However, inside the VM (using console), I can download files and everything…

What can be causing this?

If you try without vlans in your config is the bridge mode working?

Not sure why you would use Net.ReversePathFwdCheckPromisc to 1 as this is discussed in VMware forum where vswitches are somehow linked. http://www.chriscolotti.us/vmware/vsphere/interesting-vmware-vswitch-advanced-setting/

Just some feedback,
I had that working fine, but I really don't want to change all the servers IPs, I have decided to go for Transparent mode [Bridge] In that way I only have to move the servers from the DMZ to WAN port back in case the firewall is down for whatever reason. Servers/service can keep their current IPs and the 'design' is way much simpler. Thanks very much for putting me in the right direction.  :)

@FauxShow:

Why not use regular IPSec for site-to-site connections?

Perhaps you'll find the answer in the proper forum subsection.

You could give your vm a hundred nics…  What are they connected too??

You want to give your vm 3 nics.. Does your workstation have 3 physical nics?  Should be at min 2, one for your WAN and then another to your lan..

Are you running on workstation on linux...  BTW current version is 11.1.2, if your on 11.0.2 your bit OLD..

I just downloaded a trial and and took all of 2 minutes to setup..

What port is your vmware workstation server listening on - by default its 443, what port are you trying to hit your pfsense webgui on?

So the host only network is 192.168.144 on my setup, my normal lan segment is 192.168.9/24 -- the installed defaulted to 192.168.1 -- changed this to be on the workstation host only network vmnet1 which 192.168.144 and bing bang zoom..

So again I will ask how is your workstation network stuff setup.. Don't really care what emulator you used.. be it e1000 or vmx3

I used bridged interface that is connected to my network for WAN em0 for pfsense vm, I used the host only network for the LAN le0 in pfsense - bing bang boom clickity clickity up and running!!

networksetup.png
networksetup.png_thumb
setup.png
setup.png_thumb

its a VIF UUID's issue.
i've spend last month a 3 days looking for the solution.

so..it appears i dont have a suffient enough wifi card/AP to run behind pfsense (edge router). at the moment i've left the SuperHub as the main router now and wifi (5G) connections connect to it. Only the physical connections connected to the managed switch are behind the firewall.

…also, if i manage to find a resolution for the wifi, would I be forwarding all traffic to my pfsense box (and have everything managed from there?

Yeah, known documented problem.

https://doc.pfsense.org/index.php/VirtIO_Driver_Support#Disable_Hardware_Checksum_Offloading

yip, just like my example, use Greenshot tool to make screen-shot and obfuscate your IP, this is a forum after all ;-)

There's no problem, let alone when writing to disk… Reading from RAM is faster than reading from disk, what's currently used gets cached. Focus your debugging efforts somewhere else.

Reinstalled package from manual (https://forum.pfsense.org/index.php?topic=73258.90) fixed it.

The guide is not mine, I junk linked it ;)

Ah you have as static IP then..  Then you normally would want to clone even if you were dynamic so you get the same IP..  I made my mac specific on my vnic so I know what interface is what for one, and second to make sure I keep the same mac.  When I play with different versions of pfsense or other firewall/router distro's I always use the same mac..  And don't have to worry about my public changing even though I have dynamic assigned.

No idea, sorry.

Doesn't matter if your wan was unplugged in pfsense - that has NOTHING to do with clients on lan side getting IP addresses..  If you can get an IP then either dhcp server not running on pfsense, or you have a connectivity issue.

So What IP did you put on pfsense lan?  Put a static on your client in that network - can it ping pfsense.. If not then how would it get an IP from a dhcp server?

Why do you have a 2nd vmkern port group with APIPA address on it? On a vswitch that doesn't even have a physical nic attached?

What is that 2k12 vm going to talk to?  There is no leg of pfsense in the vswitch either..

You sure you have the correct nics connected, and the correct vnics in pfsense connected to the right vswitches?  Look at the macs of your pfsense vnics and make sure you have your lan in your lan vswitch and your wan in your wan vswitch, etc.

If your on the wan side of pfsense then your never going to get a dhcp address from pfsense, etc.

Not getting 900mbps through pfsense.. I wouldn't expect that with my VM running on a N40L.. But I get in the low 500's between segments..

But with tcp you can add window size with -w 256k on the client which should give you large enough window size with 1ms RTT

BDP (1000 Mbit/sec, 1.0 ms) = 0.12 MByte
required tcp buffer to reach 1000 Mbps with RTT of 1.0 ms >= 122.1 KByte
maximum throughput with a TCP window of 64 KByte and RTT of 1.0 ms <= 524.29 Mbit/sec.

pfSense WAN is set to block private address space by default.