Watchguard Firebox X Peak platform
-
looking nice, I would most likely use red LED instead to match the case and my other computer fans (I like to have some kind of color coordination and contrast lol) nice job!
-
Thanks Jamie. 8)
Oooo red, now there's an idea! It's a tough call though. Plenty of red led fans, plenty of 40mm fans, plenty of quiet fans but all three in one fan? I've not found one. To be honest you won't see it anyway once it's installed. :D
-
i know, but the glow in the dark room…thats worth it :)
-
I agree with the red LED, who ever heard of a blue firewall? that's preposterous! J/K
My preference? I want the fires of hades illuminating the wall behind my security devices.
-
how much did the fans and the firewall set you back?
-
The Firebox was £40 from Ebay. It was sold as faulty though because the root partition on the Watchguard CF card was corrupt. Bit of a risk but it paid off.
The P4-M processor I'm currently running was £2.
The fans were £3.50 each.
I'm not sure how much I paid for the wireless mini-pci card a while back but it was around £5.2 weeks fun and tinkering, priceless! ;D
Steve
-
so really I should look for ones that have "software issues" then? for the best bang for my buck?
-
Yes, that would be best. Although since they are all now end of life they shouldn't be sold as anything more than hardware only.
Like I said it was a bit risky. People on Ebay often say things like; "this laptop is mint condition, it just has a small software issue. I'm sure anyone familiar with it could fix it in seconds. A bargin". And then when you get it you find it needs a new motherboard! >:( I thought it was worth a £40 gamble. -
hmmmm…but for people like us who are building and rebuilding our own firewalls thats not that huge of an issue...well to me it would be more annoyance I think...
-
Steve,
Have you been able to use the USB port for anything fun/useful? I was thinking something like a thumb drive with an BSDNANO (since I'm running with HDD) but I think the Mobo has to support it first.
I also used my mni PCI slot for a crypto chip from an X700 I bricked, so a USB WLAN would be interesting.. maybe even try to get my 3G Mifi (verizon) connected to it for a secondary WAN connection.
–James
-
I tested it with a Belkin ethernet adapter I had to hand, I was recognised and came up as an interface no problem. Interestingly it was shown in dmesg as being connected to a USB 1 controller so the port on the front may be limited to 11Mbps. Or it maybe just a usb1 device, needs futher testing. There are certainly a number of usb conrollers in the firebox. Just next to the usb port on the board is what looks like another usb header with pins, could be interesting for internal usb.
There are options for USB booting in the bios (fdd,hdd,zip,ls120,cdrom). Maybe I'll pull out my usb zip drive! :D
By default it's set to try other boot devices so you could be in luck although it will try floppy, hdd0 and ls120 first.Do you actually use the crypto card? The one that's built in is way more powerful but there's no drivers. :'(
Steve
-
I haven't set up any encryption services on the box yet (it's still in staging process until I get a kid's room painted and the storage room cleaned out). I do have some hopes that the X700 crytpo card will work however. It shows up in the Dmesg and I have run some tests with openssl as was described in one of the stickied forums here.. so as long as IPsec or whatever uses the correct engine it should use the crypto card without a problem.
Zip drive huh? ugh.. i used to work in the plant that made those disks.. ::Grin:: well good luck with that.. hope you haven't developed the "click of death" in storage.
–James
-
The idea of going back something that big that only hold 100MB seems ridiculous, yet I remember when I first got a zip drive it was the answer to all my storage problems. :P
The Saftenet 1141 from the X-core is working just fine and is supported by the safe(4) driver unlike the 1841 in the X-peak. But check out the difference in performance:SafeXcel 1141
IPSec Performance
• 268 Mbps sustained ESP (AES,
SHA-1, 1500 byte packets)
• 160 Mbps sustained ESP (3-DES,
SHA-1, 1500 byte packets)SafeXcel 1841
IPSec Performance
• Sustained ESP: SPI-3 (data) + EMI (SA)
AES/SHA-1:
2.0 Gbps (1500-byte packets)
1.9 Gbps (350-byte packets)
1.2 Gbps (64-byte packets)
• Sustained ESP: PCI-X (data) + EMI (SA)
AES/SHA-1:
1.3 Gbps (1500-byte packets)
900 Mbps (350-byte packets)
510 Mbps (64-byte packets)Need to get onto the safe(4) maintainer with some bribes!
Steve
-
Nice.
Of course the 1141 fits my setup just right, no GigE on my network, but if this driver ever gets updated, I'll all over it!
-
My poor knowledge of USB is being shown up badly! :-[
I can't make it boot from a usb flash. The same stick boots in my shuttle fine, similar bios different chipset though. But I did have to set the bios manually to USB-HDD.
Important to note that the USB connector is recessed in the facia and a lot of things won't go into it properly. I had use a USB extension cable for everything that didn't have a cable connection.
Looking at dmesg it would seems that the board has 3 usb controllers, 6 ports in total. uhub0 and uhub1 are USB1 and uhub2 is USB2. I'm pretty vague on this. However here is some output generated by plugging and unplugging stuff from front USB port.
[root@pfSense.local]/root(2): unknown: at uhub2 port 1 (addr 2) disconnected aue0: <admtek 0="" 2="" usb="" to="" lan="" converter,="" class="" 0,="" rev="" 1.10="" 1.01,="" addr="">on uhub0 miibus7: <mii bus="">on aue0 acphy0: <acxxx 10="" 100="" media="" interface="">PHY 1 on miibus7 acphy0: 100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto aue0: Ethernet address: 00:05:1b:00:52:fc [1.2.3-RELEASE] [root@pfSense.local]/root(2): aue0: at uhub0 port 1 (addr 2) disconnected aue0: detached acphy0: detached miibus7: detachedThe Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.
More reading needed! ;)
Steve
-
The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.
USB controllers capable of USB 2 speeds (480Mbps) automatically switch devices to different hubs depending on the speed capability of the device (480Mbps or 12Mbps).
-
Ah. Thanks! :)
I knew it would be something like that but I couldn't find it.
Conclusion: the usb port on the front of the firebox is capable of USB2 speeds. -
Yeh, I have bios access! ;D
I have concluded that the console redirect portion of the bios code in my firebox was so buggy it's unuseable. Certainly Watchguard never intended it to be used or they would have enabled it by default. Of course it could still be a number of bad cables. Anyway I was investigating the posssibility of adding usb port with an internal header. What I originally thought was USB turns out to be a PS2 header, under the ribbon cable to the LCD board. I have labled it in the photo on the first page of this thread, CN24. It is a standard pinout (I pulled a cable out of an ancient PC and was already wired correctly) as detailed in the other threads on the forum:7 1
–------------
! o o !
! o o o o !
--------------
8 6 4 2pins 3 and 5 doesn't exist!
here is the wiring between firebox and PS/2:
Firebox PS/2
1 : CLK ----- 5
2 : GND
4 : DATA-----1
6 : nc
7 : GND------3
8 : +5VDC---4Anyway I didn't think this would work but it seems that if you can get into the bios via the console you can still use a keyboard attached to the PS2 port. I would have thought it would only accept input from the serial console. So now I can view the bios via the serial console whilst operating the attached keyboard, great. ;D
Some interesting things reveal themselves:
The values in the PC Health Status screen exactly match those shown by mbmon.
The system is set to boot hdd-0 then hdd-1 and nothing else.
It's not possible to enable ACPI as the entire power management section of the bios is disabled.
There is no possiblity to alter the CPU voltage or frequency.I did try setting the bios to boot from USB-HDD but still couldn't boot it from my USB flash drive.
Anyone else with an X-peak care to post which bios version they have? Anyone got anything newer than 10/21/2004?
Steve
-
I have modified the bios again to enable the power management setup menu. By default everything is disabled, HDD spindown, suspend mode etc.
I enabled ACPI. Now it won't boot. ::) It seems to stall at 'Starting device manger (devd)….'. It doesn't hang as the system still returns information with Ctrl-T. This seems like the exact behaviour described for the Alix single port boards described here. Unfortunately although the thread is marked solved the solution is to disable ACPI! >:(
Same behaviour with pf2 beta.It seems as though it is possible to adjust the cpu frequecy (presumably FSB) from 100 to 132 but it seems to have no effect on the processor speed.
Still haven't manged to make it boot from USB. It looks as though it doesn't power up the ports untill after it has POSTed.
Investigating the internal USB ports, or lack thereof, there is what looks to be an unpopulated 9 pin usb header just behind the front usb port. Also there is a 5 pin header just next to that that seems to have data tracks coming from the same place. Unfortunately the data lines for all four ports pass through a row of components marked CK1 to CK4 or which only CK4 is present connecting up the front port. Not sure what they are, isolators perhaps? There are other headers to ivestigate
Steve
-
I'm no further with the usb headers (or any others) besides noting that J3 is almost certainly clear cmos.
I've been wanting to stress test my firebox since I have dramatically reduced the cooling and the CPU power.
After some looking I stumbled across cpuburn. It's a bit old so it's not optimised for anything modern, even the relatively old processors I'm using. It seems to do the job though and it's easy to use./etc/rc.conf_mount_rw pkg_add -r cpuburn /etc/rc.conf_mount_ro /usr/local/bin/burnP6 &This will install the package and run it i the background. I'm using the P6 burn but there are others for other CPUs.
Check that it's running with top:74 processes: 2 running, 72 sleeping CPU: 100% user, 0.0% nice, 0.0% system, 0.0% interrupt, 0.0% idle Mem: 20M Active, 11M Inact, 35M Wired, 128K Cache, 29M Buf, 420M Free Swap: PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 49772 root 1 118 0 132K 28K RUN 37:19 98.97% burnP6 48816 root 1 76 20 3656K 1360K wait 0:01 0.00% sh 23590 root 1 44 0 3316K 1240K select 0:01 0.00% apinger 28658 root 1 44 0 7996K 3568K select 0:01 0.00% sshdKeep an eye on the system temperatures:
[root@pfSense.localdomain]/root(13): /usr/local/bin/mbmon -I Temp.= 39.0, 27.5, 40.0; Rot.= 5672, 5443, 5232 Vcore = 1.15, 2.21; Volt. = 3.38, 5.03, 12.10, -12.04, -0.67As I've said before I don't think the actual cpu core temp is listed here. I'm pretty sure that T1 and T2 are both system/chipset sensors as they get hotter if you remove the case (reducing the airflow across the board). T2, although obviously miscalibrated, could be cpu as it rises when you run cpuburn and it tracks the heatsink temp. I have a thermocouple on the cpu heatsink and it seems to have leveled off at 40°C. I'm quite happy with that especially because under 'normal' conditions the cpu usage barely registers! :D
Steve
Update: I ran it today for 6 hours with the cpu pegged at 100%, the heatsink got up to 41°C at one point but the room temperature fluctuated a little. Also the power meter shows the firebox draws 37W at idle and 51W at 100% cpu.
