Watchguard Firebox X Peak platform

stephenw10

Hi All,
Still playing here. ;D

I just swapped the processor for a Pentium 4-M (SL6FH). It's rated at 1.8GHz but because the board doesn't support speed step it defaults to it's lower speed of 1.2GHz. The board booted and ran fine using slightly less power, ~46W at idle.
It does seem that there may be some potential for a pin mod to make it run faster.
However looking at the output of mbmon the core voltage being supplied by the board is 1.57V when it should be 1.3V. ::) Not good! The chip does have a far higher rated junction temperature though so could be run hotter. Still 1.57 is actually higher than the voltage provided for the original P4 so I think we can assume that the bios knows nothing about the P4-M. A Shame. :(

Bios access is still defeating me. I can now semi-reliably get the first part of the POST which helps when swapping CPUs.
I am left thinking that the bios module that supports console access is basically knackered and was never meant to be used. I've tried every combination serial settings and several cables. I even installed a serial sniffer to watch what was actually being sent and received. It seems that the bios is just not receiving/interpreting what I'm sending correctly. Looking at instructions for other motherboards of the same era with the same bios modules and chipset it seems that it should just work with no problem.

Update: I got braver and went for the pin mod I linked to above. Removing pin AE1, or bending it as I have, reduces the core voltage by 0.4V. So far it seems stable and cooler. ~42W at idle.


[1.2.3-RELEASE]                                                                 
[root@pfSense.local]/usr/local/bin(17): ./mbmon
ioctl(smb0:open): No such file or directory

Temp.= 35.0,  7.5, 37.5; Rot.= 21093, 21093, 19852
Vcore = 1.15, 2.16; Volt. = 3.38, 5.05, 12.10, -12.04, -0.62

Should be able to fit quieter fans now for sure.

mericksonj

Still only getting 1.2 Ghz from that processor after the pin mod? How much is that chip going for on ebay?

stephenw10

Yep still running at 1.2GHz. I only tried the voltage mod though. By removing another pin you can set the bus speed to 133MHz (up from 100) giving 1.6GHz. I haven't tried that yet though. I paid £2 for it. ;D
However like it says in the article I linked to you'd be better off with the equivalent mobile celeron because they didn't have speedstep.
The way I look at it if I ever run out of processor headroom I can always swap back something more powerful. This is unlikely though as the box I'm replacing is an old Cyrix 333MHz running IPCop. A lot more interfaces on the Firebox though. :-\

Steve

stephenw10

My new fans arrived today so I fitted them straight in. The cables need shortening really I ended up having to stuff it all into the fan enclosure which can't be good for air flow. :P
I went for three Akasa AK-161BL-S which are a 40x40x20mm fan, narrower than the originals. They're are specced at 6.27CFM so quite a lot less than the originals.
The results are - great! ;D
They are so much quieter. I would say about the same level as the Shuttle XPC I'm typing this on, I would happily use a desktop PC this loud. They also seem to keep thigs plenty cool enough. I've had the firebox runing for the last few hours and:


[1.2.3-RELEASE]                                                                 
[root@pfSense.local]/root(15): /usr/local/bin/mbmon -I

Temp.= 38.0, 13.5, 37.5; Rot.= 5578, 5357, 5232
Vcore = 1.15, 2.19; Volt. = 3.38, 5.05, 12.10, -11.96, -0.62

I also have a thermocouple on the CPU heatsink which is stable at 30°C. This is in a 21° ambient with the case closed.

I have a feeling that both the temperatures measured by mbmon are chipset rather than cpu. Anyway to find out?

Here's a quick pic. I'm a sucker for a blue LED! ::)

jaime

looking nice, I would most likely use red LED instead to match the case and my other computer fans (I like to have some kind of color coordination and contrast lol) nice job!

stephenw10

Thanks Jamie. 8)

Oooo red, now there's an idea! It's a tough call though. Plenty of red led fans, plenty of 40mm fans, plenty of quiet fans but all three in one fan? I've not found one. To be honest you won't see it anyway once it's installed. :D

jaime

i know, but the glow in the dark room…thats worth it :)

mericksonj

I agree with the red LED, who ever heard of a blue firewall? that's preposterous! J/K

My preference? I want the fires of hades illuminating the wall behind my security devices.

jaime

how much did the fans and the firewall set you back?

stephenw10

The Firebox was £40 from Ebay. It was sold as faulty though because the root partition on the Watchguard CF card was corrupt. Bit of a risk but it paid off.
The P4-M processor I'm currently running was £2.
The fans were £3.50 each.
I'm not sure how much I paid for the wireless mini-pci card a while back but it was around £5.

2 weeks fun and tinkering, priceless! ;D

Steve

jaime

so really I should look for ones that have "software issues" then? for the best bang for my buck?

stephenw10

Yes, that would be best. Although since they are all now end of life they shouldn't be sold as anything more than hardware only.
Like I said it was a bit risky. People on Ebay often say things like; "this laptop is mint condition, it just has a small software issue. I'm sure anyone familiar with it could fix it in seconds. A bargin". And then when you get it you find it needs a new motherboard! >:( I thought it was worth a £40 gamble.

jaime

hmmmm…but for people like us who are building and rebuilding our own firewalls thats not that huge of an issue...well to me it would be more annoyance I think...

mericksonj

Steve,

Have you been able to use the USB port for anything fun/useful? I was thinking something like a thumb drive with an BSDNANO (since I'm running with HDD) but I think the Mobo has to support it first.

I also used my mni PCI slot for a crypto chip from an X700 I bricked, so a USB WLAN would be interesting.. maybe even try to get my 3G Mifi (verizon) connected to it for a secondary WAN connection.

–James

stephenw10

I tested it with a Belkin ethernet adapter I had to hand, I was recognised and came up as an interface no problem. Interestingly it was shown in dmesg as being connected to a USB 1 controller so the port on the front may be limited to 11Mbps. Or it maybe just a usb1 device, needs futher testing. There are certainly a number of usb conrollers in the firebox. Just next to the usb port on the board is what looks like another usb header with pins, could be interesting for internal usb.
There are options for USB booting in the bios (fdd,hdd,zip,ls120,cdrom). Maybe I'll pull out my usb zip drive! :D
By default it's set to try other boot devices so you could be in luck although it will try floppy, hdd0 and ls120 first.

Do you actually use the crypto card? The one that's built in is way more powerful but there's no drivers. :'(

Steve

mericksonj

I haven't set up any encryption services on the box yet (it's still in staging process until I get a kid's room painted and the storage room cleaned out). I do have some hopes that the X700 crytpo card will work however. It shows up in the Dmesg and I have run some tests with openssl as was described in one of the stickied forums here.. so as long as IPsec or whatever uses the correct engine it should use the crypto card without a problem.

Zip drive huh? ugh.. i used to work in the plant that made those disks.. ::Grin:: well good luck with that.. hope you haven't developed the "click of death" in storage.

–James

stephenw10

The idea of going back something that big that only hold 100MB seems ridiculous, yet I remember when I first got a zip drive it was the answer to all my storage problems. :P
The Saftenet 1141 from the X-core is working just fine and is supported by the safe(4) driver unlike the 1841 in the X-peak. But check out the difference in performance:

SafeXcel 1141
IPSec Performance
• 268 Mbps sustained ESP (AES,
SHA-1, 1500 byte packets)
• 160 Mbps sustained ESP (3-DES,
SHA-1, 1500 byte packets)

SafeXcel 1841
IPSec Performance
• Sustained ESP: SPI-3 (data) + EMI (SA)
AES/SHA-1:
2.0 Gbps (1500-byte packets)
1.9 Gbps (350-byte packets)
1.2 Gbps (64-byte packets)
• Sustained ESP: PCI-X (data) + EMI (SA)
AES/SHA-1:
1.3 Gbps (1500-byte packets)
900 Mbps (350-byte packets)
510 Mbps (64-byte packets)

Need to get onto the safe(4) maintainer with some bribes!

Steve

mericksonj

Nice.

Of course the 1141 fits my setup just right, no GigE on my network, but if this driver ever gets updated, I'll all over it!

stephenw10

My poor knowledge of USB is being shown up badly! :-[

I can't make it boot from a usb flash. The same stick boots in my shuttle fine, similar bios different chipset though. But I did have to set the bios manually to USB-HDD.

Important to note that the USB connector is recessed in the facia and a lot of things won't go into it properly. I had use a USB extension cable for everything that didn't have a cable connection.

Looking at dmesg it would seems that the board has 3 usb controllers, 6 ports in total. uhub0 and uhub1 are USB1 and uhub2 is USB2. I'm pretty vague on this. However here is some output generated by plugging and unplugging stuff from front USB port.

[root@pfSense.local]/root(2): unknown: at uhub2 port 1 (addr 2) disconnected

aue0: <admtek 0="" 2="" usb="" to="" lan="" converter,="" class="" 0,="" rev="" 1.10="" 1.01,="" addr="">on uhub0
miibus7: <mii bus="">on aue0
acphy0: <acxxx 10="" 100="" media="" interface="">PHY 1 on miibus7
acphy0:  100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
aue0: Ethernet address: 00:05:1b:00:52:fc

[1.2.3-RELEASE]                                                                
[root@pfSense.local]/root(2): aue0: at uhub0 port 1 (addr 2) disconnected
aue0: detached
acphy0: detached
miibus7: detached

The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.