I have ESXi 6.7 running with pfSense on it as a virtualised router.
pfSense, ESXi and other devices are on management VLAN 10. User devices are on different VLANs (lets assume 20 for now).
pfSense has several interfaces, all with their own DHCP server. Note that ESXi's is statically set (on VLAN 10).
All port groups (incl the vmkernel) are connected to the same vSwitch which is connected to one physical NIC. THat NIC is connected to a managed switch.
When I try to access the ESXi web GUI from VLAN 10 this works perfectly from a wired connection to an access port on a switch (VLAN 10) or a wireless AP (VLAN 10).
But once I switch to an access port on VLAN 20 (or wireless on VLAN 20) I cannot access the web GUI anymore.
I can ping the ESXi host, SSH works (!) but the web GUI is not responding properly. I keep a blue screen and the browser appends /ui to the IP but thats all.
I did a pcap in pfSense and noticed that there is no traffic at all when on VLAN 10! On VLAN20 there is a lot and it seems that multiple ports are opened.
I added static routes in ESXi to the gateway of VLAN20 using the command line, but that did not help or changed anything.
My questions:
How is it possible that pfSense seems to be bypassed when on VLAN 10?
And more importantly why can't I connect to the GUI when on VLAN 20. Especially because I can ping and SSH the ESXi host.
Please advise.
