Have just had a similar issue to this topic - setting up a DMZ using pfsense (v2.4.2) running on ESXi (6.5) - the DMZ was not passing traffic through, could not ping in or out of the DMZ etc., despite the addressing & routing appearing correct…
What I eventually noticed was that the DMZ interface had picked up the wrong network port - my setup has a PPOE connection for the WAN (BT Infinity FTTC in the UK) and this network port (em1) has two entries - works fine, not an issue but such is life...
To get the set up working again, I removed the interface from pfsense, I also removed the entire v-switch & v-nics from ESX (probably not required), then set up the new v-switch, port group, v-nics and pfsense configuration again - needed several reboots of pfsense but quicker than re-installing.
The issues I had appear to have been caused by my mis-configuration of the new interface in pfsense, but then the 'correction' not allowing traffic to route as expected - setting up the new interface from scratch using the same settings worked first time, took 5 mins after several hours of fault finding.
I probably made things harder for myself by not testing the firewall rules as I set them up first time round...
So in pfsense - once the new interface is presented & the system has been rebooted (if it's been added as a new interface to an existing setup), then
1. configure in interfaces / assignments
2. set up your firewall rules to allow DMZ access out - test - if not working then probably fault find before continuing
3. set up your firewall rules to restrict DMZ access out (e.g. block access to the LAN) - test
4. set up your firewall rules to allow e.g. DNS lookups to to the router (if required); may need a NAT rule; test e.g. by pinging 8.8.8.8 & www.google.com
5. set up port forwards to the DMZ from the WAN as required; test
6. check the firewall rules are in the correct order... & test