why is pc2 connect to esxi?  Or is it also connected to your switch? What is your network setup of vms on your esxi. sure if you want to.. well your want to pfsense would be your wireless router.  So I have to assume 192.168.1.1 is your wireless routers IP?  So pfsense wan could just be dhcp and get that from your wireless router. Why would you think you need a static?  But I have to assume your wireless routers LAN is static on 192.168.1.1 - so what other router are you talking about? 4)  Is your "modem" as you call it just that or is it a NAT device as well..  What IP does your wireless router get on its interface connected to the "modem" Edit: here is my esxi host network.  So pfsense wan is connected to vswitch wan, which in turn is connected to my esxi box phsyical nic vmnic1, while pfsense lan is connect to vswitch lan and physical nic vmnic2 And so on..  So my pfsense in my setup gets public IP on its wan interface from my modem which is connected to vmnic1, now my vmnic2 is connected to real switch where my physical devices like my workstation are connected to (your pc2 maybe?) Can you post up your vmnetwork like what I posted so we have frame of reference to discuss your network. [image: vmnetwork.png] [image: vmnetwork.png_thumb]

mariosfx, What virtualization technology are you using? I'm guessing Hyper-V since you mention WSrv 2008R2 (but it could be VMWare Workstation). Are you using the Legacy (deX) or Synthetic (hnX) network adapters? The speeds you mention almost sound like you're maxing out on a 10 Mbps full duplex connection, either because it is connected to a switch that is slower than the physical NIC (or the switch is negotiating down to 10 Mbps connection), or the drivers being used by the VM think the network card is 10 Mbps (which is in itself irregular, since the Legacy adapter is supposed to be 100 Mbps). I posted a much improved new version for the Hyper-V synthetic adapter drivers on Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1. You might want to give this VM a try. I've been running tests, and using my internal LAN (my ISP is nowhere near this fast), I've been able to get 2 Gbe throughput through pfSense (connected WAN and LAN to different internal networks and used sftp to move files around).

The unofficial aplha 2.2 images have now been removed!  :'(

@zootie: What pfSense build are you using? The official build with legacy deX drivers or the custom build with synthetic hnX drivers? In my experience when using legacy drivers, Linux and pfSense won't function if you have teamed adapters with VMQ or VMDq or other acceleration technologies enabled. For this environments, I ended up having to setup a team and virtual switch for legacy VMs (ie, a team of 2 for Windows VMs, and a single adapter or a team of 2 for Linux VMs). In my environment, the synthetic drivers build works ok with teams based on Intel and Broadcom native teams. I haven't tried with Windows Server 2012 teams. See http://forum.pfsense.org/index.php/topic,56565.msg362435.html#msg362435 for a synthethic driver build (and there are other variations). I believe I have the synthetic build version, I have it assigned native hyper-v NICs and it's working great.  I tried disabling all the performance tweaks and it still has the same issue.

@johnpoz: Well I run my pfsense host as vm on my esxi host as well - its a great way to run pfsense! If you need more dmz devices just run them on the one host.. Yes it is a great way to run pfsense. Very minimum system requirements. I love it! And I was thinking of just using one host for dmz. That would be the Host1 which pfsense is running on. Just out of curiosity, if I did purchase a switch with VLAN, how would I configure the Host2 VM to run a other DMZ Guests? I may just purchase a new switch. Plus, I would like to know how to configure this on more than one Host :)

^ yeah you should only point to dns that has records for your local domain.  Pointing to others that don't is going to cause grief. "DNS info pointing towards both 8.8.8.8 and 192.168.1.1. " That is bad configuration, unless the 192.168.1.1 is not authoritative for any domain.  Also just putting pfsense or any just hostname is not good idea, names should always be fqdn, ie something like headphones.local.lan, or headphones.name.tld where your local dns is authoritative for name.tld You can setup your machines to have a search suffix, domain membership so when you put pfsense into your browser it queries for pfsense.yourdomain.tld But pointing to 8.8.8.8 as a possible dns - your never going to be 100% sure which dns your client is going to ask, if he asks 8.8.8.8 for pfsense.yourlocaldomain.tld its not going to work.

@priller: @mikeisfly: It's my understanding that if you wanted to import/export a copy of your virtual machine you need the paid version of ESXi is this correct? With the free version (using 5.1) you can import/export the OVA or OVF of any virtual machine … from the "File" drop-down menu in the vSphere client.  No restrictions that I'm aware of. I periodically export my VM's to have a backup.  Likewise, I have created new VM's from a OVA. You can use the VMWARE Converter tool.  It can clone a physical to Virtual. Clone from ESXI to VMWare Workstation or vice versa. https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_management/vmware_vcenter_converter_standalone/5_5    or https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_management/vmware_vcenter_converter_standalone/5_1

thanks guys will give it a bash and see how I get on !

So after a bit more research, it looks like ESXi is responsible for determining which PCI bus # a given device gets added to…and there seems to be no specific way to configure it from ESXi-land. FreeBSD (and pfSense) are behaving as designed, so no fault there. It looks like what I would have to do is: Develop a manual script to create a mapping of interface names and roles (e.g. "external", "intrasite", etc., arbitrary definitions) to MAC addresses (similar to /etc/network/interfaces in Linux); Run the script once I've got a configuration ready for production; Develop an rc script that runs at each boot that a) checks to see that the mapping is as originally set; b) renames interfaces if their PCI bus order changes (and reapplies any other configurations as needed); and c) calls the "Assign Interfaces" function if all of the MACs have changed; and Make all this scripting something that can be transitioned to other *BSD-based systems (for example, the next upgrade of pfSense). This, of course, in my Copious Spare TimeTM. So, not an issue with pfSense or FreeBSD per se…but one that I'll have to work out how to handle from within FreeBSD in order to ensure a consistent configuration template that I don't have to re-work for each potential instance. Biggsy: thank you for your input on the issue; you stimulated much research and learning. -- Troy

I've encountered a fatal trap 12 with a pfsense kernel running under xen. You need to provide the trace information (at the db> prompt, just type "trace" and hit enter), to see what was on the call stack at the time it trapped the fatal error. That will tell you which function threw the error, and be the first step to finding a solution.  Here's the thread for my fatal trap 12 - different circumstances and thus likely a different problem, but it has an example of the debug trace. https://forum.pfsense.org/index.php/topic,69546.0.html

1. Please post your ipconfig and ifconfig maybe edit out your WAN? 2. Can you ping anything else on the LAN from pFsense? 3. Are you really sure that your are on the same virtual network?

Thanks alot! Here's another problem. While waiting for a reply on my previous issue, I turned off my box alread. Just now, when I am abot to implement your solution, ran the vbox (as pfs nanobsd is running in vbox) and the pfs can't obtain connection from bridged WAN. I bridged it to the laptops broadcom wireless. Nevertheless, I unchecked the box, based on your solution, restarte the vbox, and the console no longer show any WAN, it just shows WAM > em0 > (blank) did I missed something? my laptop is connected via wifi.

@akshay: Hi all , I am new to "Pfsense" i have read and truing to install on hyper-v guest with legacy network card but its not working its always gives same error "no link-up detected". i cant understand can any one help me on this. Also can Pfsense able to block HTTPS websites with wildcard like [ / , . ]. Use image from this https://forum.pfsense.org/index.php/topic,56565.msg364122.html#msg364122 post Up and running well with syntetic network. Not legacy.

Check this out maybe: http://timita.org/wordpress/2011/07/29/protect-your-windows-laptop-with-pfsense-and-virtualbox-part-1-preamble/

so keep your WAN of pfsense bridged to the NIC that is connected to your ISP but then create an internal vSwitch that is bonded to your secondary NIC then point your LAN interface of pfsense to that vSwitch then also point your webserver VM to that same internal vSwitch and that will put your server "under" or "behind" the virtual firewall as well as other devices on your physical network if you plug that secondary NIC into your internal physical switch