I'm afraid I wasn't looking. If I have to run these tests again I'll make a point of measuring.

This should be no problem. Your T310 is going to have plenty of headroom for running pfsense, even with those windows servers and LAMP. Just follow biggsy's tutorial here: http://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

If you have no bandwidth problems, then you might leave vlan pruning off. or set it as none

The way I normally do this is to setup VLAN networks in ESX and then create a nic for pfsense in that new vswitch. This keeps pfsense from having to do any VLAN work on top of what ESX is doing.

Hi, Is it possible you could provide a guide for building the PV aware kernel? This was something I was very interested in a year ago, but didn't have the time and couldn't find any guides. Lookd forward to your response

See my post here: http://forum.pfsense.org/index.php/topic,57851.0.html The "HgfsDebugPrintVattr undefined" error doesn't appear to cause any problems but seems to have been fixed in later versions of OpenVMTools..

I have a similar setup for one of my box and here are some of my 0.02: 1. You will need more RAM If you plan to use SNORT, squid … etc. I have an odd ball 5G system and memory usage is constantly at 95%+. Pfsense is in a 3G VM together with win7 host they use more then 4G. With SNORT fully loaded pfsense memory load  (within the VM) can peak at 80% - SNORTis the memory hog, so if you not plan to use it you will need more host memory. 2. Get a 3rd network card as a management interface to the box. if you are concern, you can assign the 2 NIC to some funky IP address and have a firewall rule to block them off completely. 3. I never able to get VLAN to work in this setup, somehow the 11q tag was lost. Maybe because at the time I was running an older version of workstation or because I have not install vmware tool. VLAN is not important to me in this setup so I never go back to look into it.

also confirmed updating via "yum update" from a nonworking 5.7 to 5.9 resolved the horrific lag issues!

@cmb: We do exactly as described frequently, nearly all our production firewalls in several colos, our office, homes, etc. run in ESX (ESXi technically, I and most use ESXi and ESX interchangeably these days). Never so much as a blip. So it's far from a general problem, tons of people do what you're doing with no issues. Need some more troubleshooting, packet capture to see what gets where, check firewall states for what's getting passed, etc. What version of ESXi are you running? The systems I have tried it on have all been ESXi 5.0 (I've not tried 5.1 yet). We have many of the same setup on ESXi 4.x without issue.

Nevermind. I did another install and it works fine now. The first install must have been messed up in some way, because I didn't really do anything different the second time around. I also didn't realize I had to add rules to the second LAN connection, and it works fine now too.

If virtualbox can pass the USB device directly to pfSense, it should work, provided that the modem works with pfSense at all. The setup would be the same as any other multi-wan setup or 3G setup, plenty of docs/examples around on the wiki and forum for both. The problem might be getting the USB device to pass into the VM. I believe the OSE version of virtualbox can't do that but the precompiled binary package from Oracle can, unless they fixed that since I last tried it.

Thanks to everyone for their hints and suggestions. Here is what I ended up doing that seems to work. Add a new firewall rule:     proto: any, source: WAN, port: any, dest: any then on a host in the Corp LAN: route ADD 172.16.1.1 MASK 255.255.255.0 10.3.1.100 and voilà! I am intrigued by the notion of doing partial NATing and am going to try playing around with that.

OK.  Is there a particular reason you want to pass through the one and only NIC to pfSense?

Indeed! In fact it looks like the disk emulation sometimes takes too long to read or write or it's not even able to read or write at all for some sort of disk emulation crash. I have been using the latest vbox for a while and no errors at all, but sometimes, with the very same config, i install a newer pfsense snapshot (always working with the latest ones) and the problem appears again. I have been using a nice 2.1 snapshot that works perfectly but it's from November 2012. I'm afraid that installing a newer February 2013 snapshots the issue will appear again. I noticed that disabling I/O host cache the issue is less frequent. Also with some snapshots virtual SATA controller seemed to work better than the default IDE controller. In some snapshots SATA didn't work at all so not always i could test the SATA setup. Hopefully this info will help someone.

I understand, I did not want it for free  :P I could not find a source to learn more, I am stuck with this vnic issue :(

On site B you create two networks in Hyper-V of the external type Lets call them Outside and Inside You assign the wan nic to outside and the lan nic to inside Make sure that the "allow management operating system …." checkbox is selected on inside and is NOT selected on outside Now create a virtual machine for PFSense and give it one nic from Inside and one from Outside. After the installation of PFSense is complete your wan traffic will com in on the Wan nic, pass through the Outside virtual switch and reach the Pfsense box outside interface. Pfsense will then forward the trafic to its internal interface connected to the internal Virtual switch. Since the host machine is allowed to see that switch the trafic can reach it

In theory, you may have gotten past the hard part, and, again, in theory, it should work… till it doesn't, then you're really stuck.  But, hey, you've gotten this far and assuming it's not anything you (or clients) are financially dependent on, run with it.

Agreed proxmox is pretty good too… I like how proxmox uses a web interface and you dont have to have a windows box for esxi (correct me if im wrong) proxmox is fairly simple to learn and navigate,  it is based on debian too. but i do recommend proxmox or esxi.