I was having terrible Netflix performance when connecting through my pfSense 2.3 router (running on XenServer 6.5), but Netflix was fine when I bypassed pfSense altogether or when I connected to Netflix through my StrongVPN connection passing through pfSense.

After much research, investigations, and Wiresharking, I made the following three configuration changes that seem to have fixed the problem.

From the System / Advanced / Firewall & NAT config page:

ol li { margin-bottom: 2em}

  1. In the Firewall Advanced section, in the IP Do-Not-Fragment compatibility row, I selected the checkbox for Clear invalid DF bits instead of dropping the packets.
    pfSense Netflix fix - do not fragment
  2. In the Network Address Translation section, in the NAT Reflection mode for port forwards row, I selected the combo box item Pure NAT (was previously Disabled).
    pfSense Netflix fix - NAT reflection checkbox
  3. Also in the Network Address Translation section, in the Enable automatic outbound NAT for Reflection row, I selected the checkbox Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.
    pfSense Netflix fix - NAT reflection checkbox

Screenshot of changed settings:

pfSense Netflix Fix

I have no idea how well this may work for you, but give it a try.