The guide is not mine, I junk linked it ;)

Ah you have as static IP then..  Then you normally would want to clone even if you were dynamic so you get the same IP..  I made my mac specific on my vnic so I know what interface is what for one, and second to make sure I keep the same mac.  When I play with different versions of pfsense or other firewall/router distro's I always use the same mac..  And don't have to worry about my public changing even though I have dynamic assigned.

No idea, sorry.

Doesn't matter if your wan was unplugged in pfsense - that has NOTHING to do with clients on lan side getting IP addresses..  If you can get an IP then either dhcp server not running on pfsense, or you have a connectivity issue. So What IP did you put on pfsense lan?  Put a static on your client in that network - can it ping pfsense.. If not then how would it get an IP from a dhcp server? Why do you have a 2nd vmkern port group with APIPA address on it? On a vswitch that doesn't even have a physical nic attached? What is that 2k12 vm going to talk to?  There is no leg of pfsense in the vswitch either.. You sure you have the correct nics connected, and the correct vnics in pfsense connected to the right vswitches?  Look at the macs of your pfsense vnics and make sure you have your lan in your lan vswitch and your wan in your wan vswitch, etc. If your on the wan side of pfsense then your never going to get a dhcp address from pfsense, etc.

Not getting 900mbps through pfsense.. I wouldn't expect that with my VM running on a N40L.. But I get in the low 500's between segments.. But with tcp you can add window size with -w 256k on the client which should give you large enough window size with 1ms RTT BDP (1000 Mbit/sec, 1.0 ms) = 0.12 MByte required tcp buffer to reach 1000 Mbps with RTT of 1.0 ms >= 122.1 KByte maximum throughput with a TCP window of 64 KByte and RTT of 1.0 ms <= 524.29 Mbit/sec.

pfSense WAN is set to block private address space by default.

Chris/anyone, Is there any feedback at all on how the discussion with Microsoft went on this issue? @cmb: That's just how the hn network driver (written by Microsoft) functions, though it's a bit unusual in that regard. It could pose issues for traffic shaping. We'll be talking to Microsoft next week actually, I'll make a note to bring that up then. If not, what hypervisor has the best support for pfSense (and is reasonably easy to get up to speed on)? We have been using Hyper-V on the rest of our customer servers for five years, so we were comfortable with it and did not want to move. Don't want to get into any religious wars on what is the best hypervisor - we knew Hyper-V and it worked for us. But giving up traffic shaping is probably too high a price to pay. Our customers are all in the "under 20 user" category. We've been trying to standardize on a 1U box running a hypervisor that handles pfSense, their FreePBX phone system and an outgoing CentOS mail server. We actually run a second mirror and let Hyper-V's replication provide us with a (non-immediate) failover. It's worked well except for the traffic shaping part. Any input at all is appreciated. Thank you - Richard

I might as well just run it as a standalone on the hardware. Well sure, if you want to forego all of the amazing benefits of virtualizing the server.  That's the whole point of virtualizing.  Backups & snapshots have saved my ass so many times.  Being able to move the VM while live from one box to another.  Cloning the VM so that I could play in a sandbox without affecting the network.  No more hardware worries, and if the ESXi host dies, I can spin pfSense back up on another host in a minute or two.

You need to check the Connect at power on box.

If you run it in a VM, then settle your management network on a seperate physical NIC. And dont run the latest and greatest. Wait for updates and error reports.

Logs and some details..  So using vmware what, player, workstation, esxi (version) what? So do you have these dmz and lan and wan in different vswitches?  What nic are you using for pfsense e1000, vmx3 ?  Are you using native or tools driver? So your saying everything works fine and then you can only ping pfsense interface in lan from a box in lan?  Are these other VMs are physical boxes?  Sounds to me from ping being the only thing that works like your using tools driver for vmx3net interfaces.. What flavor of pfsense are you using 2.2.2? 64 or 32? etc..

thankx for the solution it worked.

Intel gigabit cards probably your best bet. Easy to find, inexpensive (especially if you want to go the ebay route for used), and reliable. We sell two different options that'll work great with Windows too. https://store.pfsense.org/accessories/

Well, ESXI isn't the only thing in the world. There is Xen, and KVM, which both work perfectly fine. XenServer is free nowdays, and KVM is easy with Proxmox, which also happens to be free.

What CPU are you using specifically? I have no such problem on Xeon v3's. (yes, the v3 version of the E3's and E5's).

It doesn't bring optimisations, it brings 'support'. The problem wasn't performance, it was that VirtIO wasn't supported at all.

@stephenw10: Great, thanks for the feedback.  :) That error is probably expected (though I haven't reviewed the code changes there). In general syncing between different versions of pfSense is not supported, the format may have changed slightly. It's better to disable syncing when upgrading a CARP pair to avoid that. Steve Hi, Stephen, I did upgrade both nodes to the 2.2.3 development snapshot, but the sync error still appears after each reboot. I haven't actually tested to see if it impacts anything, but it does show up once after each restart. I'm not too worried about it, since it's just a proof-of-concept at this point. I'll wait for the full 2.2.3 to deploy in production. Hopefully 2.2.3 stable isn't too far away.  :)