Symantec Security Gateway 5420

jmcentire

Just got my 5420, got everything running.  I think I have the deal with ACPI and the LCD figured out:

When booting with ACPI enabled the LCD is COM 1 (/dev/cuad0) and the embedded kernel outputs console to COM 1 automatically, and your console port is COM 2 (/dev/cuad1).

When booting with ACPI disabled the console port is now COM 1 (/dev/cuad0) and the LCD is now COM 2 (/dev/cuad1).

So with ACPI disabled I was able to use lcdproc with the EyeboxOne driver to get the lcd working…mostly...it displays everything but sometimes the text gets jumbled together.  I'm gonna keep working on it and I'll let you know my progress.

In the meantime does anyone know how to force the embedded kernel to output console to COM 2 instead of COM 1?

jmcentire

The lcterm driver works better except only the bottom line of the display works, recorded a video for you(cell phone so quality sucks):

Youtube Video

Here are the instructions if you want to get to this point:
1. Disable ACPI (see earlier post)
2. Install lcdproc package
3. Edit "/usr/local/pkg/lcdproc.inc" (you can use the edit file option under diagnostics in the web ui)
      Find this section:

/* lcdproc default driver definitions */
switch($lcdproc_config[driver]) {

Then add the following right below that(between the switch statement and the first case statment):
case "lcterm":
$config_text .= "[{$lcdproc_config['driver']}]\n";
$config_text .= "Device=/dev/cuad1\n";
break;
4. Services -> LCDproc - Check Enable, and choose "lcterm" for the driver(port and display size won't make a difference).  Save.  Then go to the screens tab and enable the information you want. Save.
5. Reboot!

jmcentire

Just tried 2GB of mem…worked just fine:

Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.2-RELEASE-p5 #0: Sun Dec  6 23:05:10 EST 2009
   sullrich@FreeBSD_7.2_pfSense_1.2.3_snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.7.i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.00GHz (1992.62-MHz 686-class CPU)
 Origin = "GenuineIntel"  Id = 0xf29  Stepping = 9
 Features=0xbfebf9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x4400 <cnxt-id,xtpr>real memory  = 2139029504 (2039 MB)
avail memory = 2083807232 (1987 MB)</cnxt-id,xtpr></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>

jmcentire

If you want to use a pci video card, hook up a usb keyboard and do the following:

1. Right after turning on power, press delete several times(to get into the bios)
2. wait a minute or two(for it to get into the bios)
3. press the down arrow once
4. enter
5. down arrow 5 times
6. right arrow once
7. F10
8. enter

Now it should reboot and use the pci video card.  FYI - my backup battery was dead so when i turned the main power off I lost my bios changes.

focalguy

Hey jmcentire, thanks for all the tips! I will definitely try to get some time to try the LCDproc later this week. Would be really nice to have that working.

jmcentire

If you want ACPI enabled and console redirected to the console port you have to disable the serial port for the lcd, plug in a usb keyboard and do the following:

1. Right after turning on power, press delete several times(to get into the bios)
2. wait a minute or two(for it to get into the bios)
3. press the down arrow 6 times, to get to the peripherals menu
4. enter
5. down arrow 2 times, to get to Serial Port 1
6. enter
7. up arrow 2 times, to select Disabled
8. enter
9. F10, to bring up exit menu
10. enter, to save and exit

Only downside is you won't be able to use the LCD on the front.

jmcentire

FYI - if your bios changes are not sticking, change the bios backup battery.  I now have 15 of these 5420s and so far 4 have needed new batteries.

ddavis

So are these pretty reliable?  No issues with lockups when connecting via the web interface (ala  Watchguard)?
I'm thinking about picking some up for use in remote offices that have 10 users or so connected to our main office via wireless bridges…

focalguy

Yea, great reliability for me. I have a second just in case but this one has been running with no problems for probably close to a year now. About 20 remote sites connected via IPSec and 4 via OpenVPN so it gets plenty of use.

jmcentire

So far so good, I have 8 in production use and a couple test boxes.  All have been running with no problems.

bradfordgiosa

Yup still running here!
I have 3 of them, all with 2gb of RAM.

(2) are running Symantec Endpoint Protection Manager ( ;D) on Win Server 2008.
(1) is a VM host for development.

Bradford Giosa

JDPisano

I feel silly posting this, but I having a tough time with the serial port connection. Do I have to do anything special to get a serial connection going? I have tried Hyperterm and Putty with a DB9 cable with no success.

focalguy

@emerio:

Fantastic, worked like a charm!  For any others curious, it is pretty much exactly as focalguy described.  I used HyperTerminal with 9600 8-N-1.  Make sure you disable ACPI and have your hard drive plugged in to Primary!!  I had it plugged in to Secondary and it failed.

The settings listed there should work. You need to follow the instructions though and do an embedded install so that output goes to the serial port and not VGA.

netserver

hi guys!!

I'm trying to put him on 2.0 Beta 5 and I think I have something wrong because it does not start :-), I can put your device.hints?

%cat /boot/device.hints

many thanks

focalguy

$ cat /boot/device.hints
# $FreeBSD: src/sys/i386/conf/GENERIC.hints,v 1.16.8.1 2009/04/15 03:14:26 kensmith Exp $
hint.fdc.0.at="isa"
hint.fdc.0.port="0x3F0"
hint.fdc.0.irq="6"
hint.fdc.0.drq="2"
hint.fd.0.at="fdc0"
hint.fd.0.drive="0"
hint.fd.1.at="fdc0"
hint.fd.1.drive="1"
hint.ata.0.at="isa"
hint.ata.0.port="0x1F0"
hint.ata.0.irq="14"
hint.ata.1.at="isa"
hint.ata.1.port="0x170"
hint.ata.1.irq="15"
hint.adv.0.at="isa"
hint.adv.0.disabled="1"
hint.bt.0.at="isa"
hint.bt.0.disabled="1"
hint.aha.0.at="isa"
hint.aha.0.disabled="1"
hint.aic.0.at="isa"
hint.aic.0.disabled="1"
hint.atkbdc.0.at="isa"
hint.atkbdc.0.port="0x060"
hint.atkbd.0.at="atkbdc"
hint.atkbd.0.irq="1"
hint.psm.0.at="atkbdc"
hint.psm.0.irq="12"
hint.vga.0.at="isa"
hint.sc.0.at="isa"
hint.sc.0.flags="0x100"
hint.vt.0.at="isa"
hint.vt.0.disabled="1"
hint.apm.0.disabled="1"
hint.apm.0.flags="0x20"
hint.sio.0.at="isa"
hint.sio.0.port="0x3F8"
hint.sio.0.flags="0x10"
hint.sio.0.irq="4"
hint.sio.1.at="isa"
hint.sio.1.port="0x2F8"
hint.sio.1.irq="3"
hint.sio.2.at="isa"
hint.sio.2.disabled="1"
hint.sio.2.port="0x3E8"
hint.sio.2.irq="5"
hint.sio.3.at="isa"
hint.sio.3.disabled="1"
hint.sio.3.port="0x2E8"
hint.sio.3.irq="9"
hint.ppc.0.at="isa"
hint.ppc.0.irq="7"
hint.ed.0.at="isa"
hint.ed.0.disabled="1"
hint.ed.0.port="0x280"
hint.ed.0.irq="10"
hint.ed.0.maddr="0xd8000"
hint.cs.0.at="isa"
hint.cs.0.disabled="1"
hint.cs.0.port="0x300"
hint.sn.0.at="isa"
hint.sn.0.disabled="1"
hint.sn.0.port="0x300"
hint.sn.0.irq="10"
hint.ie.0.at="isa"
hint.ie.0.disabled="1"
hint.ie.0.port="0x300"
hint.ie.0.irq="10"
hint.ie.0.maddr="0xd0000"
hint.fe.0.at="isa"
hint.fe.0.disabled="1"
hint.fe.0.port="0x300"
hint.le.0.at="isa"
hint.le.0.disabled="1"
hint.le.0.port="0x280"
hint.le.0.irq="10"
hint.le.0.drq="0"

netserver

many thanks  ;)