I could do some test based on the recommendations by KOM and johnpoz. For my situation, it seems i was to stingy with the hardware settings on my vm's. Since i upgraded vCPU's from 1 to 2 and vRAM from 512mb to 1024mb, the problems are gone. While setting up the appliances i configured with this guide: https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5. There they speak about 1vCPU and 512mb vRAM if you have e few or no packages. I only use OPENVPN Client Export Packages in addition to the baseimage. So i thought 512mb will be enough. Now the error/problem is reproducable. when i go back to 512mb vRAM and change some NAT/firewall rules (only enabling/disabling) pfSense stops working as described earlier after about 20-30klicks. With 1024mb vRAM the error does not occour, even with 100dreds of klicks.  ;) My presumption ist that pfSense 2.2 with FreeBSD 10.x requires more vRAM the in older releases. Here for Reference my complete seetings: ESXi 5.5 Build 2456374 / pfSenseVM: HW-Version 8, FreeBSD 64bit, 2vCPU, 1024MB vRAM, 8GB vDisk Thick, 2xE1000 NIC BTW: the ancient ESXi Version i was using before has nothing to do with the problem. the problem is reproduced on the my old ESXi box aswell on the new.

Were you originally aiming for a bridged setup? (transparent firewall). Steve

Thank you all for replying. It ended up being NAT. I had it set on "Manual" and changed it to "Auto" at some point after the upgrade (didn't need the port forwarding stuff any longer). For reasons beyond my knowledge, the reboot of the server removed all NAT entries (Outbound) on the box. Changing this to a "Hybrid" NAT fixed the issues; placing the proper NAT entries on the system. Thank you all for your help - I can't thank you enough.

Maybe you can answer Ermal's question: @https://redmine.pfsense.org/issues/4326: Does net.inet.ip.dummynet.io_pkt_drop increase during this time? Steve

Do a fresh install and restore the config backup.

Enable logging on your default rule on your LAN and try and connect to IMAP again. Please also list us the packages you have installed on your network and if you could show us what you're seeing in your system and LAN log that would be good too.

In short there  isn't anything that can do it without adding a syslog server on your network and pushing your system logs to it. So far but put it in as a request. I just did because I asked a similar question last week.

Almost certainly not then! Though because it's a pppoe connection it's probably /32 so you could use other IPs from the subnet. I wouldn't though.  ;) Steve

Perfect.  Thanks.

The configuration I created for them was straight LDAP on the pfsense side originally, and it failed.  I was assured by the second party they were NOT running LDAPS, and that I must be typing the account credentials wrong.  Once I loaded the ldap verbose logging tool in pfsense, I suspected that LDAPS was in play, and explained that we needed to exchange root certificates and that conversation hit a brick wall fast.  I would always prefer secure setups, but my issue is that I don't always work with people that understand their own networks.  Every now and then I have to tell people (nicely) that they are in fact running something they think they aren't, and I always want good technical information to back me up when I do . Thanks again for the prompt reply, this was a big help.

Mind your B's and b's. :-)

Thank you sir  ;D I've been fiddling with the network card tweaks (apparently I had some, but according to the forum not all). I think the problem has gone away like a fart in the wind ( ;D ;D ;D )

It is fairly general. If I have a notice and go to a webGUI page that is longer than the screen, then scroll down to the middle/bottom of the page, then click the "unread notice" button, the page jumps back to the top and/but the Acknowledge All Notices popup appears somewhere down the page on the right-hand side. I am on Firefox 31.4.0ESR

Uhm… is there something wrong with the RRD graphs?

Given you have a VMWare stack available, have you tried installing a test pfSense system in parallel to see whether you can duplicate these effects on a different guest on the same VM environment? It might be worth setting this up using NICs defined within the VM config instead and see whether the same issue arises. I've heard of a number of issues concerning upgrading to 2.2 and maybe a clean install would be a useful way to establish if the problem is down to the (in-place?) upgrade.

@johnpoz: doesn't make any difference to the rule..  but just makes it look cleaner ;) I like things to look clean ;) btw im going rethink my whole network, sketch it first. Thank you guys for you time and help

:P :P :P

Keep an eye on that file, if it has anything in it, post back with its contents.

This was also reported some time ago: https://redmine.pfsense.org/issues/2901 I guess you have some traffic shaper set up. What is in /tmp/rules.debug?