Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Watchguard Firebox X Peak platform

    Scheduled Pinned Locked Moved Hardware
    155 Posts 18 Posters 109.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Hi All,
      Still playing here.  ;D

      I just swapped the processor for a Pentium 4-M (SL6FH). It's rated at 1.8GHz but because the board doesn't support speed step it defaults to it's lower speed of 1.2GHz. The board booted and ran fine using slightly less power, ~46W at idle.
      It does seem that there may be some potential for a pin mod to make it run faster.
      However looking at the output of mbmon the core voltage being supplied by the board is 1.57V when it should be 1.3V.  ::) Not good! The chip does have a far higher rated junction temperature though so could be run hotter. Still 1.57 is actually higher than the voltage provided for the original P4 so I think we can assume that the bios knows nothing about the P4-M. A Shame.  :(

      Bios access is still defeating me. I can now semi-reliably get the first part of the POST which helps when swapping CPUs.
      I am left thinking that the bios module that supports console access is basically knackered and was never meant to be used. I've tried every combination serial settings and several cables. I even installed a serial sniffer to watch what was actually being sent and received. It seems that the bios is just not receiving/interpreting what I'm sending correctly. Looking at instructions for other motherboards of the same era with the same bios modules and chipset it seems that it should just work with no problem.

      Update: I got braver and went for the pin mod I linked to above. Removing pin AE1, or bending it as I have, reduces the core voltage by 0.4V. So far it seems stable and cooler. ~42W at idle.

      
      [1.2.3-RELEASE]                                                                 
      [root@pfSense.local]/usr/local/bin(17): ./mbmon
      ioctl(smb0:open): No such file or directory
      
      Temp.= 35.0,  7.5, 37.5; Rot.= 21093, 21093, 19852
      Vcore = 1.15, 2.16; Volt. = 3.38, 5.05, 12.10, -12.04, -0.62
      

      Should be able to fit quieter fans now for sure.

      1 Reply Last reply Reply Quote 0
      • M
        mericksonj
        last edited by

        Still only getting 1.2 Ghz from that processor after the pin mod?  How much is that chip going for on ebay?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yep still running at 1.2GHz. I only tried the voltage mod though. By removing another pin you can set the bus speed to 133MHz (up from 100) giving 1.6GHz. I haven't tried that yet though. I paid £2 for it.  ;D
          However like it says in the article I linked to you'd be better off with the equivalent mobile celeron because they didn't have speedstep.
          The way I look at it if I ever run out of processor headroom I can always swap back something more powerful. This is unlikely though as the box I'm replacing is an old Cyrix 333MHz running IPCop. A lot more interfaces on the Firebox though.  :-\

          Steve

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            My new fans arrived today so I fitted them straight in. The cables need shortening really I ended up having to stuff it all into the fan enclosure which can't be good for air flow.  :P
            I went for three Akasa AK-161BL-S which are a 40x40x20mm fan, narrower than the originals. They're are specced at 6.27CFM so quite a lot less than the originals.
            The results are - great!  ;D
            They are so much quieter. I would say about the same level as the Shuttle XPC I'm typing this on, I would happily use a desktop PC this loud. They also seem to keep thigs plenty cool enough. I've had the firebox runing for the last few hours and:

            
            [1.2.3-RELEASE]                                                                 
            [root@pfSense.local]/root(15): /usr/local/bin/mbmon -I
            
            Temp.= 38.0, 13.5, 37.5; Rot.= 5578, 5357, 5232
            Vcore = 1.15, 2.19; Volt. = 3.38, 5.05, 12.10, -11.96, -0.62
            

            I also have a thermocouple on the CPU heatsink which is stable at 30°C. This is in a 21° ambient with the case closed.

            I have a feeling that both the temperatures measured by mbmon are chipset rather than cpu. Anyway to find out?

            Here's a quick pic. I'm a sucker for a blue LED!  ::)

            1 Reply Last reply Reply Quote 0
            • J
              jaime
              last edited by

              looking nice, I would most likely use red LED instead to match the case and my other computer fans (I like to have some kind of color coordination and contrast lol) nice job!

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Thanks Jamie.  8)

                Oooo red, now there's an idea! It's a tough call though. Plenty of red led fans, plenty of 40mm fans, plenty of quiet fans but all three in one fan? I've not found one. To be honest you won't see it anyway once it's installed.  :D

                1 Reply Last reply Reply Quote 0
                • J
                  jaime
                  last edited by

                  i know, but the glow in the dark room…thats worth it :)

                  1 Reply Last reply Reply Quote 0
                  • M
                    mericksonj
                    last edited by

                    I agree with the red LED, who ever heard of a blue firewall?  that's preposterous! J/K

                    My preference? I want the fires of hades illuminating the wall behind my security devices.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jaime
                      last edited by

                      how much did the fans and the firewall set you back?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        The Firebox was £40 from Ebay. It was sold as faulty though because the root partition on the Watchguard CF card was corrupt. Bit of a risk but it paid off.
                        The P4-M processor I'm currently running was £2.
                        The fans were £3.50 each.
                        I'm not sure how much I paid for the wireless mini-pci card a while back but it was around £5.

                        2 weeks fun and tinkering, priceless!  ;D

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • J
                          jaime
                          last edited by

                          so really I should look for ones that have "software issues" then? for the best bang for my buck?

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Yes, that would be best. Although since they are all now end of life they shouldn't be sold as anything more than hardware only.
                            Like I said it was a bit risky. People on Ebay often say things like; "this laptop is mint condition, it just has a small software issue. I'm sure anyone familiar with it could fix it in seconds. A bargin". And then when you get it you find it needs a new motherboard!  >:( I thought it was worth a £40 gamble.

                            1 Reply Last reply Reply Quote 0
                            • J
                              jaime
                              last edited by

                              hmmmm…but for people like us who are building and rebuilding our own firewalls thats not that huge of an issue...well to me it would be more annoyance I think...

                              1 Reply Last reply Reply Quote 0
                              • M
                                mericksonj
                                last edited by

                                Steve,

                                Have you been able to use the USB port for anything fun/useful?  I was thinking something like a thumb drive with an BSDNANO (since I'm running with HDD) but I think the Mobo has to support it first.

                                I also used my mni PCI slot for a crypto chip from an X700 I bricked, so a USB WLAN would be interesting..  maybe even try to get my 3G Mifi (verizon) connected to it for a secondary WAN connection.

                                –James

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  I tested it with a Belkin ethernet adapter I had to hand, I was recognised and came up as an interface no problem. Interestingly it was shown in dmesg as being connected to a USB 1 controller so the port on the front may be limited to 11Mbps. Or it maybe just a usb1 device, needs futher testing. There are certainly a number of usb conrollers in the firebox. Just next to the usb port on the board is what looks like another usb header with pins, could be interesting for internal usb.
                                  There are options for USB booting in the bios (fdd,hdd,zip,ls120,cdrom). Maybe I'll pull out my usb zip drive! :D
                                  By default it's set to try other boot devices so you could be in luck although it will try floppy, hdd0 and ls120 first.

                                  Do you actually use the crypto card? The one that's built in is way more powerful but there's no drivers.  :'(

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    mericksonj
                                    last edited by

                                    I haven't set up any encryption services on the box yet (it's still in staging process until I get a kid's room painted and the storage room cleaned out). I do have some hopes that the X700 crytpo card will work however.  It shows up in the Dmesg and I have run some tests with openssl as was described in one of the stickied forums here..  so as long as IPsec or whatever uses the correct engine it should use the crypto card without a problem.

                                    Zip drive huh?  ugh..  i used to work in the plant that made those disks..  ::Grin::  well good luck with that.. hope you haven't developed the "click of death" in storage.

                                    –James

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      The idea of going back something that big that only hold 100MB seems ridiculous, yet I remember when I first got a zip drive it was the answer to all my storage problems.  :P
                                      The Saftenet 1141 from the X-core is working just fine and is supported by the safe(4) driver unlike the 1841 in the X-peak. But check out the difference in performance:

                                      SafeXcel 1141
                                      IPSec Performance
                                      • 268 Mbps sustained ESP (AES,
                                      SHA-1, 1500 byte packets)
                                      • 160 Mbps sustained ESP (3-DES,
                                      SHA-1, 1500 byte packets)

                                      SafeXcel 1841
                                      IPSec Performance
                                      • Sustained ESP: SPI-3 (data) + EMI (SA)
                                      AES/SHA-1:
                                      2.0 Gbps (1500-byte packets)
                                      1.9 Gbps (350-byte packets)
                                      1.2 Gbps (64-byte packets)
                                      • Sustained ESP: PCI-X (data) + EMI (SA)
                                      AES/SHA-1:
                                      1.3 Gbps (1500-byte packets)
                                      900 Mbps (350-byte packets)
                                      510 Mbps (64-byte packets)

                                      Need to get onto the safe(4) maintainer with some bribes!

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        mericksonj
                                        last edited by

                                        Nice.

                                        Of course the 1141 fits my setup just right, no GigE on my network, but if this driver ever gets updated, I'll all over it!

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by stephenw10

                                          My poor knowledge of USB is being shown up badly!  :-[

                                          I can't make it boot from a usb flash. The same stick boots in my shuttle fine, similar bios different chipset though. But I did have to set the bios manually to USB-HDD.

                                          Important to note that the USB connector is recessed in the facia and a lot of things won't go into it properly. I had use a USB extension cable for everything that didn't have a cable connection.

                                          Looking at dmesg it would seems that the board has 3 usb controllers, 6 ports in total. uhub0 and uhub1 are USB1 and uhub2 is USB2. I'm pretty vague on this. However here is some output generated by plugging and unplugging stuff from front USB port.

                                          [root@pfSense.local]/root(2): unknown: at uhub2 port 1 (addr 2) disconnected
                                          
                                          aue0: <admtek 0="" 2="" usb="" to="" lan="" converter,="" class="" 0,="" rev="" 1.10="" 1.01,="" addr="">on uhub0
                                          miibus7: <mii bus="">on aue0
                                          acphy0: <acxxx 10="" 100="" media="" interface="">PHY 1 on miibus7
                                          acphy0:  100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
                                          aue0: Ethernet address: 00:05:1b:00:52:fc
                                          
                                          [1.2.3-RELEASE]                                                                
                                          [root@pfSense.local]/root(2): aue0: at uhub0 port 1 (addr 2) disconnected
                                          aue0: detached
                                          acphy0: detached
                                          miibus7: detached
                                          

                                          The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.

                                          More reading needed!  ;)

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • W
                                            wallabybob
                                            last edited by

                                            @stephenw10:

                                            The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.

                                            USB controllers capable of USB 2 speeds (480Mbps) automatically switch devices to different hubs depending on the speed capability of the device (480Mbps or 12Mbps).

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.