Successful Install on Watchguard Firebox X700!
-
Purchased an X500 and will install pfSense shortly.
Are there any advantages (apart from capacity) to installing on a HD as opposed to a CF card?
Thanks,
-
Full unrestricted packages.
-
Has any one made embedded image with LCDproc included for x700?
I can make a ghost image for you if you want. ;D
-
Has any one made embedded image with LCDproc included for x700?
I can make a ghost image for you if you want. ;D
ok :)
-
Complete and utter noob here so please be gentle!!
I've managed to get lumped with a faulty X700. I'm guessing the OS is shafted so it'd make an ideal candidate for a pfsense install.
As I'm fairly Linux illiterate (about 6 months mild exposure), what would be better for me… a hdd install or a CF install?I'm wanted to use it to firewall and route with NAT my 50Mb cable connection, running Developement Web and Mail servers.
TIA
Pete
-
Definately the HDD option
I am currently in the process of writing a little guide with photos to make things easier for those that dont understand it all
Luckily I had an old external hard drive (USB powered one) which was faulty. Inside them there is basically an IDE laptop drive 2.5" and a tiny circuit board which connects the IDE HDD to a mini USB connector
I plugged this into a spare 80GB IDE Laptop drive I had and plugged in a USB to mini USB.
Connect the USB to a PC and disconnect any other hard drives then boot from CD and put the pfSense Live CD in, and once booted you can install to the HDD which is pretty easy if you just follow the steps
PC will need 2 network ports in it though
I was going to Ghost my drive, but the ghost tool I have just wanted to ghost the whole drive including empty space which was going to take hours
I havent yet but my plan is to put the LCD stuff on too
A further step for me is to reduce the noise of the X700 and so I researched and found the 3 fans in the back are 40mm x 10mm and the quietest ones I could find were 14DBa so I have ordered 3 of these:
https://www.overclockers.co.uk/showproduct.php?prodid=FG-029-SY
They will arrive tomorrow, however they will have the wrong connector on them so I will have to solder the old connectors on once I have tested them
I will take some more photos as I do this and once done I will post up the guide
-
Thanks for the info.
I've got a dead laptop with an IDE drive I can salvage and I'm a reg on the OCUK forums so I get free shipping from them so I'll might order up some of those fans - or maybe I'll get the Ultra version…. they are 19dBA over 14dBA (ie still pretty much silent) but they offer 20% more air throughput.
Might see if I can get some more RAM cheap too.
-
Damn it, I am a member on the OCUK forums and didnt know that… gutted
To be honest, even with the current fans and the watchguard sat on a carpet in a heated room near a radiator its not getting even warm at all
-
If you have more than 150 posts on there (I think) you get free shipping.
Managed to get a 512Mb double sided DIMM from a local store for £11 - Can't find my console cable atm tho.Update…. OK, looks like the X700 is duff.
To be fair, I'd not tried it before I popped the RAM in. When it boots the display stays blank and there is a rapid clicking coming from the speaker. I put the original ram back in, cleared the CMOS and swapped the CPU. Still the same. -
As of October 25, 2009, Watchguard's original X-core series (X500, X700, X1000, X2500) is end-of life. That means no more updates, so you should be able to find them cheap on eBay, although there are plenty of folks still trying to get full price. All these models were license-upgradable, so the hardware is identical. You should be paying under $100 US for one – which is way cheaper than a new alix -- and gets you six ethernet ports.
Watchguard's end-of-life announcements: http://www.watchguard.com/products/resources/end-of-life-policy.asp
Photos of my X700's guts: http://cw.sampas.net/gallery2/v/Firebox/
Boot log (dmesg): http://cw.sampas.net/watchguardTerminal.TXTWhile the Safenet crypto card is recognized in pfsense, it isn't used. I tried replacing it with the Soekris crypto card that works fine in Alix but it doesn't work on the X700. (I'm still running down that error.)
-
While the Safenet crypto card is recognized in pfsense, it isn't used. I tried replacing it with the Soekris crypto card that works fine in Alix but it doesn't work on the X700. (I'm still running down that error.)
Interesting. If you look at the DMESG from /status.php does it just recognize it, or does it load the safe driver and that is not working? If the driver is not loaded, you could always try kldloading the module from FBSD 7.2.
P.S. Nice Airhead -
I'm loving my pfGuard. Here's some truncated dmesg output. It seems that that safenet card has a driver handling it at least. I'm pretty noobish still wrt the BSD's, though, so I'm not sure how helpful this is.
# dmesg -a Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.2-RELEASE-p4 #0: Tue Oct 6 00:56:14 UTC 2009 sullrich@FreeBSD_7.2_pfSense_1.2.3_snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense.7 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Celeron(TM) CPU 1200MHz (1202.73-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6b4 Stepping = 4 Features=0x383f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,mmx,fxsr,sse>real memory = 268435456 (256 MB) avail memory = 248655872 (237 MB) wlan: mac acl policy registered kbd1 at kbdmux0 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) cryptosoft0: <software crypto="">on motherboard pcib0: <intel 82815="" (i815="" gmch)="" host="" to="" hub="" bridge="">pcibus 0 on motherboard pir0: <pci 11="" interrupt="" routing="" table:="" entries="">on motherboard $PIR: Using invalid BIOS IRQ 9 from 2.13.INTA for link 0x63 pci0: <pci bus="">on pcib0 agp0: <intel 82815="" (i815="" gmch)="" host="" to="" pci="" bridge="">on hostb0 pcib1: <pci-pci bridge="">at device 1.0 on pci0 pci1: <pci bus="">on pcib1 pcib2: <pcibios pci-pci="" bridge="">at device 30.0 on pci0 pci2: <pci bus="">on pcib2 safe0 mem 0xe7bfe000-0xe7bfffff irq 3 at device 6.0 on pci2 safe0: [ITHREAD] safe0: SafeNet SafeXcel-1141 rng des/3des aes md5 sha1 null</pci></pcibios></pci></pci-pci></intel></pci></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,mmx,fxsr,sse>
On another note, I just want to show off my hard disk mounting hack. With a dremel, drill, hammer, and an anvil, I made this sweet "cold-swap" bay for a spare laptop hard drive. The first blurry pic is the bottom of just the tray, and the second is the back of the tray locked into the tray's carrier (removed from the watchguard of course).
Important note, you can't see it in these pictures but I put a piece of clear plastic film under the hard drive to keep anything from shorting on the hard drive's controller board. Otherwise you would want to have washers under the drive at the mount points to create a gap (I didn't have washers of that size).
-
Well, I finally got an x700 off ebay for cheap. anyone have a spare set of rack ears?
I currently have an ip330 running pfsense, looking forward to the extra power under the hood.
Plan is to get a microdrive and get pfsense up and running, then do the 512meg ram and p3 1.4 upgrade.
-
Thanks tehtrk for the pictures. I currently have my drive mounted inside the box without the drive caddy in, however the frame is still there.
My plan was to just cut out the back of the tray and use it just for support, the 80GB HD that I sourced was from an old Laptop and is still in a very thin caddy itself so is protected from shorts
I have received my new CPU heatsink and fan today, so will be planning on replacing that when I get chance this evening and hopefully should have a much quieter firewall. If the fan is still too loud, I may do some temperature testing with the fan running at a slower speed either 5V or controlled with a variable resistor
I am also looking to replace the memory for the 512MB option, but really dont see the potential gains from upping the chip to a 1.4… can anyone advise?
-
Hi all,
Very excited about this Firebox, as I have loads of ISPs (don't ask). I was trying to follow the timeout thread but wasn't clear on whether the patch is in the latest RC or if I have to run the alpha 2.0 snapshots to see that.
Also, was thinking I would run this off a cf card (not microdrive) with a hdd as swap space – is this possible or am I going to make life too hard for myself? Any advice on best approach to this?
-
Got another one coming now from Ebay for £48.
Will be able to give it a go when I get back from diving on Saturday. -
I'm running pfsense 1.2.2, full installation on IDE HD using embedded kernel.
I am/was getting watchdog timeouts reliably when trying to access the queue status page for the traffic shaper.
-I'm running PFsense with 2 physical connections to our switching environment.
-Carp is configured and in use on all interfaces.
-There are 3 subnets/interfaces using vlan tagging. Switching infrastructure is HP procurve.In an attempt to fix this I did the following.
-Disabled ACPI - issue persists.
-Changed switch configuration from auto to 10/100-full - issue persists.After some thought it seemed like the timouts would happen when a "lot" (burst) of traffic would try to come through, so on a whim I enabled "device polling" in system->advanced to see what would happen.
The firewall reloaded states and a test showed that the issue persisted. Since I didn't see any mention of polling under status->interfaces I went to ifconfig to see what was happening.
ifconfig output showed no mention of polling at all. I verified that freebsd 7 supports polling on the re driver and issued this command for each physically connected interface on the system:
ifconfig INT_NAME polling
ifconfig output then showed "polling" under the "options" section for the interface.
A quick test of status->queues worked and I can see queue status without issues. I beat on the web interface for awhile and only caused a single watchdog timeout to happen in the last 20 minutes at the status -> queues page (used to happen reliably every time)
I'm hoping that I won't see random watchdog timeouts pop up during the day anymore when the gui isn't in use but only time will tell.
If anyone has had success in resolvign these issues PLEASE let us know, I'm almost ready to virtualize pfsense on vmware to fix this permanently but would rather use the cool red boxes!
-
Nice to see more watchguards being converted!
I'm still trying to get a keyboard to work on mine to do a bit more of an advanced project.
I've had one guy email me with some great information but this hasn't worked.
Can anyone give an exact pinout of the keyboard header?
Thanks
Andy
-
Hi,
i have done it, i connected a keyboard and it works, i opened a new topic here :
http://forum.pfsense.org/index.php/topic,20242.0.htmlI also improved the lcdproc sdeclcd from ridnhard19 bay adding a keyboard support here:
http://forum.pfsense.org/index.php/topic,7920.30.htmlJean Jacques :)
-
Hi,
i have done it, i connected a keyboard and it works, i opened a new topic here :
http://forum.pfsense.org/index.php/topic,20242.0.htmlI also improved the lcdproc sdeclcd from ridnhard19 bay adding a keyboard support here:
http://forum.pfsense.org/index.php/topic,7920.30.htmlJean Jacques :)
You are a super star! Thank you very much.
I will give this a try tonight! Thanks!