Thanks guys! =)

Start a new thread if you have a problem instead of digging up this zombie.

@pf$george how did you get all IPs of Facebook? Did you list down all IP ranges stated in the https://ipinfo.io/AS32934 website?

Thanks it was as easy as changing the Interface > Assignments to a new different port.

Those spurious retransmission and Dup ACK errors are going to hang your connection and cause the issues you are seeing.  Do you see those errors for any other communications, or just with this mail server?

Still no insights?

change the update settings to stay on the 2.3 branch

Thank you both. This was the "not an expert" qualification, although this seems pretty basic so I am embarrassed! It would appear that this traffic is simply between source and dest and pfSense isn't seeing anything.

I don't have a managed switch, though will be getting one soon to set up VLANs. Maybe I can try again then.

@Forced2b:

…I do not need a year or years of support that pfsense offers, i need a one time setup and access to future support if needed...

Isn't "access to future support if needed" exactly what a commercial offering does?

Anyway, as others have mentioned already, maybe post your basic network layout and things you need to get done so we have an idea of what you are talking about. Right now it can be anything from a single WAN/single LAN home setup to a perimeter firewall for a Fortune500 company.  ;)

You're welcome. Please know we also offer support and official pfSense appliances which might be of interest to your educational environment. Thanks!

It's fixed!  2 things fixed it (in my opinion).

Removing the modem/router box from my ISP in the middle.  Today my ISP provided a media converter for glass fibre to RJ45 so I don't need their modem router anymore.  Even though I had PPPoE Passthrough enabled on their modem, I have a feeling it was somehow blocking my own router getting through.

Setting trunking on the VM switch port/group.  I would never have thought of that! Thank you so much

It's now working beautifully.  500Mb down and 750Mb  upload with an MTU to google of 1500.

Thanks so much. 
Matt

PS: if anyone is interested in my settings I can try to write them down, just reply here and let me know if there's interest in it.  Running pfSense on Esxi VM directly via F3100 media converter to xs4all glass fibre

@Shuh:

Ip cameras are in the office, but nvr are out of the office. I need to record from these cameras. (((

Then use a VPN, there is no excuse for opening these devices to the world.

what have you entered in your /boot/loader.conf and /boot/loader.conf.local?
do you use the realtek shipped with pfsense or a newer one?

you should try the tip with the new driver on this post: https://forum.pfsense.org/index.php?topic=103841.msg766227#msg766227

Ok so to update;
I wanted to go to 2016 anyway, along with other NICs, virtual and physical, along with VPN apps doing who knows what to 2012. I decided just to go to 2016 and start from scratch.
All is well now!

Diagnostics > Packet Capture.

I've got a comcast business modem where I have put the Sophos XG WAN interface in the DMZ and everything works just fine when packet filtering is turned off on the pfsense side. The goal is to use pfsense to isolate/route between the different vlans and have sophos maintain the firewall aspect.

I have gone through that and haven't had success even with pfsense as the Edge and in the DMZ of the comcast modem the problem persisted. From what I can tell I don't see a NAT issue (Sophos XG is handling correctly, and PFsense does not have NAT enabled) but are there other areas in PFSense I can check for that?

–-Topology Update---

Comcast modem <> Sophos XG (Edge Firewall. This is listed in the Comcast Modem DMZ) <> PFSense (Handles vlans and inter-vlan routing. Currently has both packet filtering and nat disabled which is causing the vlans to be able to speak to each either versus follow the rules that are in place.) <> Various vlans.