Good Old FW-1541 - Safe To Use?
-
I have 2 Netgate FW-1541's with Atom D525's that aren't officially supported any more and so are running:
2.3.5-RELEASE-p2
...and their update checker always says "The system is on the latest version." even though I know that isn't entirely true anymore.
These are great, quiet, hardy little beasts and we replaced them in our production racks with newer Netgate rackmounts, but I can't bring myself to just toss these older ones.
I've been using them in the home lab, and was considering handing them off to friends or family so their home networks could be more secure, putting it between a cable or phone company's provided modem/router and the home wifi router(s).
But I have never considered myself enough of a pfSense guru to really know how secure these are any more, now that they're not getting updates.
So I thought I'd ask a couple of questions here...
-
How dangerous is it to be using older hardware like this that doesn't get updates any more?
-
What do all y'all do with your older pfSense devices to extend their lives?
-
Could I perhaps put newer command-line BSDs on these with pf and forego the sexy web GUI of pfSense? Can anyone point me to preferred guides for that? (I will re-Google that, it's been a while since I last looked.)
-
What else should I be asking?
All feedback and insight welcome... thank you for your time!
-
-
-
@nachoguru said in Good Old FW-1541 - Safe To Use?:
How dangerous is it to be using older hardware like this that doesn't get updates any more?
Very. Many many many bugs and vulnerabilities since May 14, 2018. 22 updates since then: https://docs.netgate.com/pfsense/en/latest/releases/versions.html#id22
-
R rcoleman-netgate referenced this topic on
-
@nachoguru If you open a ticket with Netgate (which Ryan may answer
) there is a 23.01 installer for the 1541.Info on how: https://docs.netgate.com/pfsense/en/latest/solutions/xg-1541/reinstall-pfsense.html
2.3.x was the last 32 bit version of pfSense...could your 1541 have 32 bit and thus not see the 64 bit upgrade? In which case reinstalling would get it on the latest.
The hardware itself I don't see as a security issue just the software.
-
@steveits The FW-1541 never existed, but the 7541 did and it is not the same as the XG-1541. It is possible the system does not qualify for pfSense Plus: https://docs.netgate.com/pfsense/en/latest/solutions/fw-7541/index.html
-
@rcoleman-netgate Dang is this another competitor with a similar number... :( "Fool me seven times, shame on you. Fool me eight or more times, shame on me."
Well if not the Netgate hardware, then if it is a 64 bit CPU, OP can install 2.6. If 32 bit, then it's rather old...
-
Thanks all I will look into these upgrade paths.
Apologies for confusing the model numbers... the older two I'm referring to are actually these FW-7541's:
https://docs.netgate.com/pfsense/en/latest/solutions/fw-7541/index.html
...and we replaced them in production with XG-7100's:
https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/index.html
So I've been using the FW-7541's in the home lab and just figured I couldn't upgrade them any more.
But this is all BSD-based stuff so it finally occurred to me that there must be a way to get more life out of these, so I thought I'd ask what other people had done, likely many many years ahead of me.
These are built like tanks, so with efficient software, I figure my grandchildren's clone's android caregivers should be able to us them in 2049. :)
-
@nachoguru said in Good Old FW-1541 - Safe To Use?:
couldn't upgrade them any more
https://docs.netgate.com/pfsense/en/latest/solutions/fw-7541/reinstall-pfsense-ce.html doesn't say it won't work, it just says to use CE. As above if they had 32 bit pfSense then a reinstall is necessary to move to 64 bit.
-
The FW-7541 had an Atom D525 CPU which is 64-bit capable. That said, even that CPU was discontinued ~13 years ago so I'm not sure how much I'd trust it.
It may be possible to run the latest CE on there at least, but we haven't tested on those in years so there is no knowing if it will work (and how well it works) without trying.
Some of those older units required some fiddling with
gpartto get the USB memsticks to boot and/or the target disk itself post-install, but that's been so long ago it's possible that current versions of FreeBSD work fine on there. Only way to know though, again, is to try. -
Yup try 2.6 on there. I bet it will work fine.
Though obviously it's never going to be that fast.
-
Thanks all, I will give this a go when I get some quality home lab time, hopefully this weekend.
