ESXI can't ping LAN Netgate XG-7100 nor internet... but pings all network.

gigio

Hello everyone

I have a very simple environment, a netgate xg-7100 firewall with a public ip doing NAT and a lan ip 10.99.99.1
On the same switch I have an esxi 7.03 with ip 10.99.99.41 255.255.255.0
The switch has IP 10.99.99.5
I have created a VM with IP 10.99.99.100 and with internet access through a 1:1 firewall without problem
I have the VM hosted on a NAS with IP 10.99.99.10 to which the esxi accesses via ISCSI without problems

I have set up a Vcenter with ip 10.99.99.2 and it works correctly and is accessible
WAN (wan) -> lagg0.4090 -> v4: public_ip/28
LAN (lan) -> lagg0.4091 -> v4:10.99.99.1/24

Everything seems to work. I do not have vlans defined. At the ports of the switch there are two esxi fibers, one fiber from the NAS, and the two ports of the firewall, along with one port that is the exit to the internet.
From the internet I pin the public one without problems
The defined VM goes online without problems
Everything is at /24 on the inside, checked

I ssh to the esxi host, to l0.99.99.41 and I can ping anything... the vm ip... the nas ip... the vcenter ip... but I can't ping the lan ip from the 10.99.99.1 firewall nor can I ping the internet, for example 8.8.8.8
From the firewall I perfectly pin the host IP 10.99.99.1

I don't understand why I can't ping the firewall from ESXI

From the other machines and from the ips of the tunnel that I have against my office I ping it perfectly.
Even connecting a physical server on another side of the switch, I ping it perfectly if I give it an IP of 10.99.99.0/24

Why ONLY an esxi server cannot ping ONLY LAN interface and public internet address? ¿?¿?¿? Mystery for me...

Thank you all.

This is the firewall configuration (removing data that should not be seen)

<?xml version="1.0"?>
<pfsense>
<version>22.7</version>
<lastchange></lastchange>
<system>
<optimization>normal</optimization>
<hostname>solunetfw1</hostname>
<domain>solunet.datacenter</domain>
<group>
<name>all</name>
<description><![CDATA[All Users]]></description>
<scope>system</scope>
<gid>1998</gid>
</group>
<group>
<name>admins</name>
<description><![CDATA[System Administrators]]></description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>admin</name>
<descr><![CDATA[System Administrator]]></descr>
<scope>system</scope>
<groupname>admins</groupname>
<bcrypt-hash>$2y$10$lw5X558kCJCy.44IpEMDs3L.uloXD05qRA.EOI58NAO/QKDs5eTwft8G</bcrypt-hash>
<uid>0</uid>
<priv>user-shell-access</priv>
</user>
<user>
<scope>user</scope>
<bcrypt-hash>$2y99$10$AwZMpHn196ZNc0yNuO8wL.SJySrP/JyfWyPjY3l7jEMMQWI8b.cm2</bcrypt-hash>
<descr><![CDATA[Javier García Alarcón]]></descr>
<name>jgarcia</name>
<expires></expires>
<dashboardcolumns>2</dashboardcolumns>
<authorizedkeys></authorizedkeys>
<ipsecpsk></ipsecpsk>
<webguicss>pfSense.css</webguicss>
<cert>66f4832d51b1a</cert>
<uid>2001</uid>
</user>
<nextuid>2002</nextuid>
<nextgid>2000</nextgid>
<timeservers>pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<loginautocomplete></loginautocomplete>
<ssl-certref>66f4534b6393a</ssl-certref>
<dashboardcolumns>3</dashboardcolumns>
<port></port>
<max_procs>2</max_procs>
<webguicss>pfSense.css</webguicss>
<logincss>1e3f75;</logincss>
</webgui>
<disablesegmentationoffloading></disablesegmentationoffloading>
<disablelargereceiveoffloading></disablelargereceiveoffloading>
<maximumtableentries>400000</maximumtableentries>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<enableserial></enableserial>
<thermal_hardware>coretemp</thermal_hardware>
<crypto_hardware>aesni_cryptodev</crypto_hardware>
<already_run_config_upgrade></already_run_config_upgrade>
<timezone>Europe/Madrid</timezone>
<ssh>
<enable>enabled</enable>
</ssh>
<serialspeed>115200</serialspeed>
<primaryconsole>serial</primaryconsole>
<sshguard_threshold></sshguard_threshold>
<sshguard_blocktime></sshguard_blocktime>
<sshguard_detection_time></sshguard_detection_time>
<sshguard_whitelist></sshguard_whitelist>
<pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo-previous.conf</pkg_repo_conf_path>
<hn_altq_enable></hn_altq_enable>
<acb></acb>
<language>en_US</language>
<maximumstates></maximumstates>
<aliasesresolveinterval></aliasesresolveinterval>
<maximumfrags></maximumfrags>
<reflectiontimeout></reflectiontimeout>
<disablenatreflection>yes</disablenatreflection>
<dnsserver>8.8.8.8</dnsserver>
<dnsserver>1.1.1.1</dnsserver>
</system>
<interfaces>
<wan>
<enable></enable>
<if>lagg0.4090</if>
<switchif>switch0.port1</switchif>
<descr><![CDATA[WAN]]></descr>
<spoofmac></spoofmac>
<ipaddr>public_ip</ipaddr>
<subnet>28</subnet>
<gateway>WANGW</gateway>
</wan>
<lan>
<enable></enable>
<if>lagg0.4091</if>
<descr><![CDATA[LAN]]></descr>
<spoofmac></spoofmac>
<ipaddr>10.99.99.1</ipaddr>
<subnet>24</subnet>
<switchif>switch0.port2</switchif>
</lan>
<opt1>
<if>ix0</if>
<descr><![CDATA[OPT1]]></descr>
<spoofmac></spoofmac>
</opt1>
<opt2>
<if>ix1</if>
<descr><![CDATA[OPT2]]></descr>
<spoofmac></spoofmac>
</opt2>
</interfaces>
<staticroutes></staticroutes>
<dhcpd>
<lan>
<range>
<from>10.99.99.10</from>
<to>10.99.99.245</to>
</range>
</lan>
</dhcpd>
<dhcpdv6>
<lan>
<range>
<from>::1000</from>
<to>::2000</to>
</range>
<ramode>disabled</ramode>
<rapriority>medium</rapriority>
<rainterface></rainterface>
<ravalidlifetime></ravalidlifetime>
<rapreferredlifetime></rapreferredlifetime>
<raminrtradvinterval></raminrtradvinterval>
<ramaxrtradvinterval></ramaxrtradvinterval>
<raadvdefaultlifetime></raadvdefaultlifetime>
<radomainsearchlist></radomainsearchlist>
<radvd-dns>disabled</radvd-dns>
</lan>
</dhcpdv6>
<snmpd>
<syslocation></syslocation>
<syscontact></syscontact>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat></ipv6nat>
</diag>
<syslog>
<filterdescriptions>1</filterdescriptions>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
<separator></separator>
<rule>
<source>
<any></any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<ipprotocol>inet</ipprotocol>
<protocol>tcp</protocol>
<target>10.99.99.1</target>
<local-port>443</local-port>
<interface>wan</interface>
<descr><![CDATA[Permite acceso desde Oficina Solunet por Internet al Web Interface. Mejor desconectado]]></descr>
<associated-rule-id>nat_66f51984544348.89310048</associated-rule-id>
<updated>
<time>1727338884</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</updated>
<created>
<time>1727338884</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</created>
</rule>
<rule>
<source>
<any></any>
</source>
<destination>
<address>Tanhoiser_pub</address>
<port>1-65535</port>
</destination>
<protocol>tcp</protocol>
<target>Tanhoiser_priv</target>
<local-port>1</local-port>
<interface>wan</interface>
<descr><![CDATA[Redirección pública a privada Tanhoiser para que se vea fuera]]></descr>
<associated-rule-id>nat_66f45d667d05e1.10393651</associated-rule-id>
<updated>
<time>1727290726</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</updated>
<created>
<time>1727290726</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</created>
</rule>
</nat>
<filter>
<rule>
<id></id>
<tracker>1727291372</tracker>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>udp</protocol>
<source>
<address>Oficina_Solunet_pub</address>
</source>
<destination>
<network>wanip</network>
<port>2000</port>
</destination>
<descr><![CDATA[Permite que se conecte Oficina Solunet tunel OpenVPN. OJO si se anula se pierde la conexión.]]></descr>
<created>
<time>1727291372</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</created>
<updated>
<time>1727291909</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</updated>
</rule>
<rule>
<id></id>
<tracker>1727290260</tracker>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>icmp</protocol>
<icmptype>any</icmptype>
<source>
<any></any>
</source>
<destination>
<any></any>
</destination>
<descr><![CDATA[Permite ping a la WAN y sus ips princ y virtuales desde fuera]]></descr>
<created>
<time>1727290260</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</created>
<updated>
<time>1727290819</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</updated>
</rule>
<rule>
<id></id>
<tracker>1727290726</tracker>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>tcp</protocol>
<source>
<any></any>
</source>
<destination>
<address>Tanhoiser_priv</address>
<port>1-65535</port>
</destination>
<descr><![CDATA[NAT Redirección pública a privada Tanhoiser para que se vea desde fuera]]></descr>
<associated-rule-id>nat_66f45d667d05e1.10393651</associated-rule-id>
<created>
<time>1727290726</time>
<username><![CDATA[NAT Port Forward]]></username>
</created>
<updated>
<time>1727290866</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</updated>
</rule>
<rule>
<source>
<any></any>
</source>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<protocol>tcp</protocol>
<destination>
<address>10.99.99.1</address>
<port>443</port>
</destination>
<descr><![CDATA[NAT Permite acceso desde Oficina Solunet por Internet al Web I]]></descr>
<associated-rule-id>nat_66f51984544348.89310048</associated-rule-id>
<tracker>1727338884</tracker>
<created>
<time>1727338884</time>
<username><![CDATA[NAT Port Forward]]></username>
</created>
</rule>
<rule>
<id></id>
<tracker>1727344702</tracker>
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>tcp</protocol>
<source>
<address>10.99.99.0/24</address>
</source>
<destination>
<any></any>
</destination>
<descr></descr>
<updated>
<time>1727344702</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</updated>
<created>
<time>1727344702</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</created>
</rule>
<rule>
<id></id>
<tracker>1727343297</tracker>
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<protocol>icmp</protocol>
<icmptype>any</icmptype>
<source>
<any></any>
</source>
<destination>
<any></any>
</destination>
<descr></descr>
<updated>
<time>1727343297</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</updated>
<created>
<time>1727343297</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</created>
</rule>
<rule>
<id></id>
<tracker>0100000101</tracker>
<type>pass</type>
<interface>lan</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<source>
<network>lan</network>
</source>
<destination>
<any></any>
</destination>
<descr><![CDATA[Default allow LAN to any rule]]></descr>
<updated>
<time>1727339002</time>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</updated>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
<interface>lan</interface>
<tracker>0100000102</tracker>
<source>
<network>lan</network>
</source>
<destination>
<any></any>
</destination>
<disabled></disabled>
</rule>
<rule>
<id></id>
<tracker>1727291813</tracker>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<tag></tag>
<tagged></tagged>
<max></max>
<max-src-nodes></max-src-nodes>
<max-src-conn></max-src-conn>
<max-src-states></max-src-states>
<statetimeout></statetimeout>
<statetype><![CDATA[keep state]]></statetype>
<os></os>
<source>
<any></any>
</source>
<destination>
<any></any>
</destination>
<descr><![CDATA[Permite todo por la VPN]]></descr>
<updated>
<time>1727291813</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</updated>
<created>
<time>1727291813</time>
<username><![CDATA[admin@10.99.99.155 (Local Database)]]></username>
</created>
</rule>
<separator>
<wan></wan>
<openvpn></openvpn>
<lan></lan>
</separator>
</filter>
<shaper>
</shaper>
<ipsec>
<vtimaps></vtimaps>
</ipsec>
<aliases>
<alias>
<name>Oficina_Solunet_pub</name>
<type>host</type>
<address>2.136.75.24</address>
<descr><![CDATA[Ip pública oficina]]></descr>
<detail><![CDATA[Pública de la oficina]]></detail>
</alias>
<alias>
<name>Tanhoiser_priv</name>
<type>host</type>
<address>10.99.99.39</address>
<descr><![CDATA[Tanhoiser Privada]]></descr>
<detail><![CDATA[Ip local Tanhoiser]]></detail>
</alias>
<alias>
<name>Tanhoiser_pub</name>
<type>host</type>
<address>public_VM_IP</address>
<descr><![CDATA[Tanhoiser Pública]]></descr>
<detail><![CDATA[Virtual IP de Tanhoiser Pública ]]></detail>
</alias>
</aliases>
<proxyarp></proxyarp>
<cron>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>30</minute>
<hour>12</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
</item>
<item>
<minute>1</minute>
<hour>0</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_pkg_metadata</command>
</item>
<item>
<minute>/1</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/usr/sbin/newsyslog</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command>/etc/rc.periodic daily</command>
</item>
<item>
<minute>15</minute>
<hour>4</hour>
<mday></mday>
<month></month>
<wday>6</wday>
<who>root</who>
<command>/etc/rc.periodic weekly</command>
</item>
<item>
<minute>30</minute>
<hour>5</hour>
<mday>1</mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command>/etc/rc.periodic monthly</command>
</item>
</cron>
<wol></wol>
<rrd>
<enable></enable>
<category>left=system-processor&right=&resolution=300&timePeriod=-1d&startDate=&endDate=&startTime=0&endTime=0&graphtype=line&invert=true&refresh-interval=0</category>
</rrd>
<widgets>
<sequence>system_information:col1:open:0,disks:col1:open:0,traffic_graphs:col2:open:0,interfaces:col2:open:0,log:col3:open:1,openvpn:col3:open:0</sequence>
<period>10</period>
<log-1>
<descr><![CDATA[Firewall Logs]]></descr>
<filterlogentries>20</filterlogentries>
<filterlogentriesinterval>2</filterlogentriesinterval>
<filterlogentriesacts>Block Reject</filterlogentriesacts>
</log-1>
</widgets>
<openvpn>
<openvpn-server>
<vpnid>1</vpnid>
<mode>p2p_shared_key</mode>
<protocol>UDP4</protocol>
<dev_mode>tun</dev_mode>
<interface>wan</interface>
<ipaddr></ipaddr>
<local_port>2000</local_port>
<description><![CDATA[Recibe túnel oficina Solunet]]></description>
<custom_options></custom_options>
<shared_key>CENSORED</shared_key>
<digest>SHA256</digest>
<engine>none</engine>
<tunnel_network>10.80.81.0/24</tunnel_network>
<tunnel_networkv6></tunnel_networkv6>
<remote_network>192.168.11.0/24,192.168.10.0/24</remote_network>
<remote_networkv6></remote_networkv6>
<gwredir></gwredir>
<gwredir6></gwredir6>
<local_network></local_network>
<local_networkv6></local_networkv6>
<maxclients>1</maxclients>
<compression>none</compression>
<compression_push></compression_push>
<passtos></passtos>
<client2client></client2client>
<dynamic_ip></dynamic_ip>
<topology>subnet</topology>
<serverbridge_dhcp></serverbridge_dhcp>
<serverbridge_interface>none</serverbridge_interface>
<serverbridge_routegateway></serverbridge_routegateway>
<serverbridge_dhcp_start></serverbridge_dhcp_start>
<serverbridge_dhcp_end></serverbridge_dhcp_end>
<username_as_common_name><![CDATA[disabled]]></username_as_common_name>
<exit_notify>none</exit_notify>
<sndrcvbuf></sndrcvbuf>
<netbios_enable></netbios_enable>
<netbios_ntype>0</netbios_ntype>
<netbios_scope></netbios_scope>
<create_gw>both</create_gw>
<verbosity_level>1</verbosity_level>
<ncp_enable>enabled</ncp_enable>
<ping_method>keepalive</ping_method>
<keepalive_interval>10</keepalive_interval>
<keepalive_timeout>60</keepalive_timeout>
<ping_seconds>10</ping_seconds>
<ping_push></ping_push>
<ping_action>ping_restart</ping_action>
<ping_action_seconds>60</ping_action_seconds>
<ping_action_push></ping_action_push>
<inactive_seconds>0</inactive_seconds>
<data_ciphers>AES-128-GCM,AES-128-CBC</data_ciphers>
<data_ciphers_fallback>AES-128-CBC</data_ciphers_fallback>
</openvpn-server>
</openvpn>
<dnshaper>
</dnshaper>
<unbound>
<enable></enable>
<dnssec></dnssec>
<active_interface></active_interface>
<outgoing_interface></outgoing_interface>
<custom_options></custom_options>
<hideidentity></hideidentity>
<hideversion></hideversion>
<dnssecstripped></dnssecstripped>
</unbound>
<laggs>
<lagg>
<members>ix2,ix3</members>
<descr><![CDATA[UPLINK]]></descr>
<laggif>lagg0</laggif>
<proto>loadbalance</proto>
</lagg>
</laggs>
<vlans>
<vlan>
<if>lagg0</if>
<tag>4090</tag>
<descr><![CDATA[WAN]]></descr>
<vlanif>lagg0.4090</vlanif>
</vlan>
<vlan>
<if>lagg0</if>
<tag>4091</tag>
<descr><![CDATA[LAN]]></descr>
<vlanif>lagg0.4091</vlanif>
</vlan>
</vlans>
<revision>
<time>1727344702</time>
<description><![CDATA[admin@192.168.11.125 (Local Database): Firewall: Rules - saved/edited a firewall rule.]]></description>
<username><![CDATA[admin@192.168.11.125 (Local Database)]]></username>
</revision>
<switches>
<switch>
<device>/dev/etherswitch0</device>
<vlanmode>DOT1Q</vlanmode>
<laggroups>
<laggroup>
<lgroup>0</lgroup>
<descr><![CDATA[Switch Uplink]]></descr>
<members>9 10</members>
</laggroup>
</laggroups>
<vlangroups>
<vlangroup>
<vgroup>0</vgroup>
<vlanid>1</vlanid>
<members>0</members>
</vlangroup>
<vlangroup>
<vgroup>1</vgroup>
<vlanid>4090</vlanid>
<descr><![CDATA[WAN]]></descr>
<members>9t 10t 1</members>
</vlangroup>
<vlangroup>
<vgroup>2</vgroup>
<vlanid>4091</vlanid>
<descr><![CDATA[LAN]]></descr>
<members>9t 10t 2 3 4 5 6 7 8</members>
</vlangroup>
</vlangroups>
<swports>
<swport>
<port>1</port>
<pvid>4090</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>2</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>3</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>4</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>5</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>6</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>7</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>8</port>
<pvid>4091</pvid>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>9</port>
<state><![CDATA[forwarding]]></state>
</swport>
<swport>
<port>10</port>
<state><![CDATA[forwarding]]></state>
</swport>
</swports>
</switch>
</switches>
<cert>
<refid>66f4534b6393a</refid>
<descr><![CDATA[webConfigurator default (66f4534b6393a)]]></descr>
<type>server</type>
<crt>CENSORED</cert>
<cert>
<refid>66f4832d51b1a</refid>
<descr><![CDATA[Javier CERT]]></descr>
<type>user</type>
<caref>66f4829b029ed</caref>
<crt>CENSORED</cert>
<gateways>
<gateway_item>
<interface>wan</interface>
<gateway>public_gateway</gateway>
<name>WANGW</name>
<weight>1</weight>
<ipprotocol>inet</ipprotocol>
<interval></interval>
<descr><![CDATA[Interface wan Gateway]]></descr>
</gateway_item>
<defaultgw4>WANGW</defaultgw4>
<defaultgw6>-</defaultgw6>
</gateways>
<ppps></ppps>
<virtualip>
<vip>
<mode>ipalias</mode>
<interface>wan</interface>
<uniqid>66fc7b00cb8</uniqid>
<descr></descr>
<type>single</type>
<subnet_bits>32</subnet_bits>
<subnet>public_ip</subnet>
</vip>
</virtualip>
<ca>
<refid>66f4829b029ed</refid>
<descr><![CDATA[CA Solunet]]></descr>
<crt>CENSORED<serial>1</serial>
</ca>
<installedpackages>
<package>
<name>OpenVPN Client Export Utility</name>
<internal_name>openvpn-client-export</internal_name>
<descr><![CDATA[Allows a pre-configured OpenVPN Windows Client or Mac OS X's Viscosity configuration bundle to be exported directly from pfSense.]]></descr>
<version>1.6_9</version>
<configurationfile>openvpn-client-export.xml</configurationfile>
<tabs>
<tab>
<name>Client Export</name>
<tabgroup>OpenVPN</tabgroup>
<url>/vpn_openvpn_export.php</url>
</tab>
<tab>
<name>Shared Key Export</name>
<tabgroup>OpenVPN</tabgroup>
<url>/vpn_openvpn_export_shared.php</url>
</tab>
</tabs>
<include_file>/usr/local/pkg/openvpn-client-export.inc</include_file>
</package>
<vpn_openvpn_export>
<config></config>
</vpn_openvpn_export>
</installedpackages>
<sshdata>
<sshkeyfile>
<filename>ssh_host_rsa_key</filename>
<xmldata>CENSORED</sshkeyfile>
<sshkeyfile>
<filename>ssh_host_rsa_key.pub</filename>
<xmldata>CENSORED</sshkeyfile>
<sshkeyfile>
<filename>ssh_host_ed25519_key</filename>
<xmldata>CENSORED</sshkeyfile>
<sshkeyfile>
<filename>ssh_host_ed25519_key.pub</filename>
<xmldata>CENSORED</xmldata>
</sshkeyfile>
</sshdata>
</pfsense>

gigio

From the firewall I perfectly pin the host IP 10.99.99.1 is an error... means... From the firewall I perfectly pin the ESXI host IP 10.99.99.41

gigio

I can ping LAN ip 10.99.99.1 from all devices if they dont have this ip as gateway.
If I create a VM and give 10.99.99.1 cannot ping it. If i give other ip as gateway, i can ping 10.99.99.1