Help on config for pfSense installed on ESXi, network ports especially


  • Hey there,

    I don't believe I am getting the best out of my network and having had pfSense installed for about a month or so I am questioning my configuration of my network as a whole. I have been reading a few posts that have got my head spinning and thinking twice about my configuration.

    My current VMWare ESXi 6.5 networking switch looks like this:
    4d74a9eb-b5dc-47c3-a4f6-d177fb8135fd-image.png

    WAN vSwitch:
    73770371-ab6f-425f-aa8e-7118ca288e24-image.png

    And my pfSense interfaces look like this:
    2a8db3fc-af15-4630-bd29-1b42bc3fbdd1-image.png

    Whilst everything seems to be working, I am getting some issue with my wireless devices, especially those on vLANs. My other hardware is a HP 1920S managed switch and a Unifi Edgemax 190w 8port POE switch. Now there could be issue at the Edgemax and my Unifi controller end, so for completeness here are the settings from my Unifi controller.

    Wireless Networks:
    30788a40-1d3b-4c24-aaba-dada8e06abba-image.png

    Unifi Network config (reading not sure I need to define these here?):
    ce03733b-4463-432c-a7b7-b978a4a3a349-image.png

    So I would appreciate the collective wisdom of the pfSense and netgate community to help me out and straighten out my network, before my Wife kills me for the network not working or being slow.

    Cheers, yours in pleading,

    Garth


  • This looks like a complex setup. Over my head. I'm not even level 1 support, more like level 0.5, but I'll get the conversation started with the question, what is the issue? Do you lose connection sometimes?


  • Hi @Raffi_ thanks for chiming in, I appreciate someone taking the time to read through my post.

    The issue is on the wireless side predominately in that my Wifi controller reports issues with DNS and DHCP issues especially on vLANs.

    I suppose my configuration is a little complex and could do with some smoothing out, thus the reason for my detailed post, hoping that someone may be able to provide some guidance to tidy it up a bit. There was no plan going in and this is how it has sort of evolved into.

    Cheers


  • Hi Girkers,
    I'm not an expert in these matters either but it looks as if you're asking if your network is setup optimally and looking for help to fix your wifi connectivity issues.

    What AP are you using? is it a Unifi AP? What are your settings? Do you use bandwidth steering or 5G preference? Can you expand on the connection issues a bit more?

    I have to admit all my performance issues have nearly always been the result of either my cat6 cables, my unifi WiFi controller settings or disabling VQM on my nics in VM's.

    For what its worth, in my opinion for home use you have over complicated things. I would personally go back to simple WAN / LAN and setup something like PFBlockerNG . Test network performance and Wife Approval Level. Then since you are using VM and are familiar with Vlans, setup a lab and test all this out on a virtual network behind the scenes and add more security like Suricata / snort after testing and removing all false positives roll it out to your true network bit by bit as each change passes.


  • Agree with @sheen73 on simplifying the setup especially for home use. Expand later with VMs once the basics are working. Another reason being power use, I would imagine a box capable of running multiple VMs would require significantly more power to run than a little box (e.g., SG-1100) running pfSense alone. I understand the urge to play around with a setup like the one you have above. Most of us on here like playing around with stuff like that, but doing so behind the scenes as suggested might be better.

    The unifi is reporting DNS and DHCP problems? I'm assuming you tried the unifi forums as well since the unifi logs might not be very helpful here. What makes you think it is a setting in pfSense which could be the issue if the problem is only on the wifi? Are there wired VLAN devices that are working perfectly fine? If so, which specific application(s) or site is running on wired clients which is not running on the wireless clients?