OK, I think my issue has been solved.  I downloaded the ova for pfsense and did a vanilla install with no packages.  I didn't see any CPU usage issues so I started comparing settings to my high CPU install and found one option that somehow got turned on at some point.

System–>Advanced
Enable device polling was checked on

I disabled it and as soon as I did I started getting watchdog errors.  I logged onto the pfsense console and rebooted the VM.  After reboot, my CPU usage went from 2600MHz to a mere 138MHz.  Hopefully some of you have the same option enabled.  Not sure how it got turned on.

Xen or XenServer? Which version of pfSense? Are you trying to connect to wan or ping wan address? Because WAN pings from outside are blocked. Also if the set up is LAN –-> pfSenseWAN ---> pfSenseLAN then pfSense by default blocks private networks from accessing the WAN interface. Even if you add an easy rule to allow that, DNS Rebinding and HTTP Referral attack protection means you will not be able to log in to the WebConfigurator. You are pretty much just better off setting pfSense LAN address within your LAN address with static ip and DHCP off and then you can log in to the WebConfig.

First, Thank you so much for taking my call.

I have a VLAN with pfsense in XenServer.
I'm trying to insert more than 8 interfaces and can not.
I believe this is happening because que When creating Vlans in Xen and insert in pfsense, pfsense the
understand how physical board and limit the number to be created.

Does it have a way to release more interfaces?

bump

have you tried pfsense v2.1 ?

I have set up pfsense as a dynamic SOCKS proxy, OpenVPN server and PPTP server long ago using VMplayer for testing and it worked fine, although adds zero security. I was just in it to test out the various functions at that point.  I assume squid will work also this way.  (also a good way to send someone a ready made VPN if you have no physical access to their system but do have remote desktop)

What I did is install wmplayer.
Install the latest full release (like 2.03 today)
Make the VM so that :
      Network is bridge and replicating physical NIC state for WAN.
      Another virtual network interface to use as lan. (Not Bridged!)
      1 core (2 is better)
      512MB ram (you can experiment with less)

After I booted, I'm locked out because I only have a WAN but no LAN I can access unless I make another VM of windows or something to use a virtual interface.  More resources…  So, no.

I went into the VM shell command interface.

pfctl -d

Now the firewall is down, so I can go in at the WAN interface of your pfsense (assigned by DHCP by your other router) and deactivate "block private IPs on WAN" and I can also open my port 80 and 443 3128 and whatever other service ports you will need in the firewall rules under the WAN interface tab.
Disable DNS Rebinding Checks also.

Back to the pfsense command line interface
pfctl -e

Now your PFsense VM interface is accessible through its wan via your physical computers.  You can set up VPN, Proxy or whatever services you like.
You can use it as a proxy for anything on the LAN or from outside on the internet also.  If you plan to access your vmplayer install of pfsense from the internet, you can you just have to forward ports from your first router to whatever IP pfsense gets from it.
Stephenw10's way is better than this if your hardware supports VLANs and his way also frees up some hardware. 
But you will need a better hypervisor than vmplayer.

For me this worked fine but it was just for testing for me until I decided to just install pfsense on hardware as my router/firewall.
Try that last part out. It works best.  Just replacing sonicwall with pfsense in the end is better.

you can use 1nic or 2nics

for 1nic nic, bridge your physical nic to vmware
add two network adapters in vmware settings and select bridge nic

–--

for two nics, 1st is you wan interface and 2nd is your lan interface.
for wan interface, in local area connection under properties just select/check vmware bridge protocol only.
for lan interface, in local area connection under properties just select/check everything.

Hi,

Now I have two identical pc:s with Esxi and Pfsense.
Both working but hangs and stops working after a couple of weeks.
They have no connection to earchather!
I dont see any wrong i Esxi logs?
After restart they working again, for a couple of weeks :'(

Can someone help me what I shuld look after

So are you trying to bridge your wan and dmz interfaces?  Or do you just really want a firewalled segment?

In a bridge your dmz devices would get an IP from your WAN network..  If just a firewall segment, then pfsense interface in the dmz network would be the gateway, etc.

So for example on pfsense

wan int = public ip
lan int = 192.168.1.1/24 for example
dmz int = 192.168.2.1/24 for example

device in lan segment be they phy or vm would have a 192.168.1.0/24 address and point to lan int IP of pfsense

device in dmz segment would have ip 192.168.2.0/24 and point to dmz pfsense int IP for gateway.

Now when you bring up other interfaces in pfsense (opt1, 2, 3, etc) the firewalls would not allow any traffic outbound on that inteface by default like the lan inteface does when you install pfsense.  So you would have to create your firewall rules to allow the traffic out of that segment that you want.

If you are following some guide - links to the guides your following would be very helpful in figuring out what your doing wrong, etc.

No physical access except by long plane ride.

@kejianshi:

I just cache dynamic content…   including all updates.  It sounds elaborate for 6 people though. Hope they enjoy the effort.

I'm leaving the whole IT scene professionally but not personally. They don't understand the effort, but I like keeping current.

I appreciate your effort in helping me out though. I am currently almost done the Hyper-V to ESXi migration.

Its possible with one card, depending on what function you need.  What do you need it to do?

So I edited /etc/sysctl.conf added
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.ipv4.ip_forward = 1
I installed openvswitch-git installed it and enabled it and create openvswitch interface.
I enabled openvswitch support in kvm.

Thanks a lot. its working…I just click on auto eth4 (which was created by Host) in network manager.

I run freenas under xen 4.3 and its work perfectly. It setup it that way because I had read comments that freenas works better that way.

On the Hypervisor side, depending on your background (Windows), Hyper-V is also a good alternative for pfSense (if using the custom pfSense ISO with integrated synthetic drivers, see "Hyper-V integration installed with pfSense 2.0.1" http://forum.pfsense.org/index.php/topic,56565.0.html). Hyper-V doesn't have some of the more advanced ESXi's features, specially third party management extensions, but for small setups, it is more than adequate, and you don't have CPU and number of VM limitations (that you get with the free ESXi version), and the paravirtualized driver support in Windows guests can make a considerable difference in performance (ie, it helps performance if all/most of your guest VMs will be running Windows or have synthetic drivers).

You can also download the free Windows Server 2012 Hyper-V Core Edition (ie, Windows Server w/o GUI w/Hyper-V).

To achieve near native performance, you should pre-allocate virtual hard disk, but it helps to also have the option to use dynamically growing disks (for disks storing files that seldom change).

As for which version to get (2008 R2 vs 2012), it is up to you. It might take some getting used to the "Modern UI" in WSrv12, but there are considerable improvements in Hyper-V 3.0, making it worth it (and you don't have to deal with the Modern UI that much once you have Hyper-V installed).

As for the network card, for a small server, I typically get a VMQ (VMDq)/SRV-IO Intel capable dual port card and set them up in a Team (using Intel's enhanced drivers) - see http://www.intel.com/support/network/sb/CS-030993.htm

Hi

Maybe look here where dreamslacker writes: "Under Advanced system settings, you can disable NAT.  That will turn the box into a pure non-gateway router."

http://forum.pfsense.org/index.php?topic=30839.0

Then configure routing on the box and dont use any NAT in ether workstation or the pfsense box.

One more reply to my self here…

I had to give up, at the moment on installing 2.03 as KVM on omnios. I choosed to install 1.2.3 instead, and that went fine, no problems what so ever, worked fine with internal virtual switches, and everything looks good. Question is, can I upgrade to the latest? Wouldn't actually think that...

Rgrds Johan