I don't have VMWare-specific insight. But, we're doing this on another platform, with CARP syncing between the pfSense VMs. I would consider using a VLAN to isolate the Internet traffic from the servers. Depending on the amount of traffic there are settings for the number of firewall states and such but unless you're expecting a super high number of connections I would probably just turn it on and check the settings periodically.
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia Sent: Thursday, April 14, 2016 4:41 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] pfSense on vmware ESXi 6.0 Hello, I'm looking for advices and best practices when running pfSense (this time it will be 2.3) in a vmware VM. I'm offered to move some resources to a virtual datacenter made of dedicated hardware hosts in clusters, running ESXi 6.0 and vSphere. I have access to such an infrastructure for the next 3 weeks. I have used pfSense in a number of devices and hosts, but never inside a VM, except for experimenting with configurations of pfSense itself. I could build up a pfSense 2.3 VM without real difficulties. Installing the integration tools was easy through the included package. Now, what are the pitfalls I should look for? Any shared vmware experience from you will undoubtedly help fine tuning this. For now the pfSense VM I configured has these resources: OS declared to vSphere is FreeBSD 10.3 64 bits, 1 socket, 2 cores, 2 GHz reserved, 2 GB RAM, 10 GB HD, 2 network adapters. I'm generally resources-conservative but I could allow much more if it makes sense. For these adapters I have the choice between E1000, VMXNET 2, VMXNET 3. I have set them for VMXNET 3 but without background about this being the right-thing-to-do or not. At least it seems to work but I still need to stress test the VM (traffic-wise) a little bit. Are there tunings inside pfSense which you could recommend / not live without, based on your experience inside vmware virtual machines? Network interfaces settings? All are set for their default pfSense values, which means TCP segmentation offloading and large receive offloading are disabled. Would it make sense to enable those? Thanks for any insight you might want to share. -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold