Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Successful Install on Watchguard Firebox X700!

    Scheduled Pinned Locked Moved Hardware
    690 Posts 151 Posters 982.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wallabybob
      last edited by

      @sevilla:

      Anyone are using bridge mode on pfsense 1.2.3?

      I have a wireless NIC bridged to LAN and it works very well.

      I don't understand your configuration. You have msk0 bridged to msk1?, msk0 bridged to LAN?
      What is connected externally to msk0 and msk1?

      Firewall rules apply on the input side of an interface so saying you have a firewall rule to permit all doesn't really provide enough information to be useful.

      It would probably help if you explained what you want to do. A configuration diagram would help that explanation.

      This discussion probably belongs in a new topic.

      1 Reply Last reply Reply Quote 0
      • 3
        3molo
        last edited by

        Hi,

        Just bought an x700 off ebay. I booted the pfsense live cd on a vmware fusion guest, with a 2GB CF card in a usb reader. Installation was successful, tried first without boot loader and second time with boot loader.

        Trying to boot the CF card on a laptop, but after mountroot> prompt I get uptime - then automatic reboot.
        Here's the terminal:

        panic: Root mount failed, startup aborted.
        cpuid = 0
        uptime: 11s
        Cannot dump. Device not defined or unavailable.
        Automatic reboot in 15 seconds - press a key on the console to abort
        –> Press a key on the console to reboot,
        --> or switch off the system now

        What might be the problem here? Someone suggested editing /etc/fstab, wouldnt I need to edit the equivalence of Linux/GRUB menu.lst?

        Looking at the data, /etc/fstabs root filesystem was ad1s01, on the firebox it's likely to be ad0s1a? And this is probably why the laptop won't boot it, cause it has a hdd and cd so the CF is more likely ad2 there?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Why not just download the embedded image and write it to the compact flash card?

          http://doc.pfsense.org/index.php/HOWTO_Install_pfSense#Embedded_.28Compact_Flash.29_Installation

          Steve

          Edit: I may have misunderstood your problem here.  ;)

          1 Reply Last reply Reply Quote 0
          • N
            ng12345
            last edited by

            Appreciate all the information on this; I just bought an x700 to try and hack pfsense onto it.

            When I turn the firewall on, the red and orange lights stay on constantly and there is a bar of black boxes on the top line of the lcd.

            it never reaches the booting stage.  i tried with the original CF card and the pfsense formatted laptop drive

            is my firewall fried?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              The orange, power, led and the red, unarmed, led stay on thats correct. The unarmed led is supposed to turn green when the system has booted correctly with the original OS. No one has ever figured out the correct command for bsd so pfsense  doesn't do that, yet!
              The lcd is written by the bios during boot so if it's only showing bars that's not good.
              Try clearing the CMOS.

              Steve

              Edit: I figured out the arm/disarm led!  ;D Check it out here.

              1 Reply Last reply Reply Quote 0
              • N
                ng12345
                last edited by

                thanks for the input.

                i popped out the cmos battery for 30s-1min and then stuck it back in.

                when i power on the 10 and 100 lights flash green for a millisecond on the last port, the red and orange ones turn on and it stays with the  black bars

                does it need an ethernet connection to post?

                any other way to clear the cmos? is there a cmos reset pin?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  I don't actually have one of these to hand anymore and my memory is a little vague.  ::)
                  I think that the ethernet port leds are driven directly such that they should light to indicate a link even of the board hasn't posted. Try connecting a PC or a switch, at least then you'd know if the board is powering up at all.
                  Have you tested the cmos battery? Usually after a reset the board will automatically boot into the bios so you can set it up. Without a pci graphics card or console redirection you wouldn't know that is happening. If the battery is flat it will do that on every boot!
                  It could be just the screen that's broken. It could be a faulty PSU (only one rail). Try swapping it for a standard atx if you have one.
                  If the battery is good then I'd try re-seating all the components including the cpu. The board requires the cpu and some ram to post.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • J
                    jonnytabpni
                    last edited by

                    Folks,

                    I've been following this large thread for quite some time now. I have a few posts a few pages back, where I commented on the fact that I aquired one of these boxes and tried pfsense. Of course, I got the timeout errors.

                    Today, I decided to try again with the latest 2.0 build (1/1/11). Low and behold, no timeouts!! The box has had an uptime of 9 hours with 4 ports (interfaces) configured as well as 3 or 4 IPSEC tunnels. It's also being used in production with no timeouts showing in system.log. The only issue I had was that I needed to remove the crypto card for IPSEC traffic to pass. No idea why, however I'm not too bothered as 1.2Ghz is plenty for me.

                    Have the watchdog timeouts been fixed, and are these cheap boxes excellent little pfsense gems?

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      @jonnytabpni:

                      Have the watchdog timeouts been fixed, and are these cheap boxes excellent little pfsense gems?

                      If that's true then it's great news. However I wouldn't get your hopes up just yet. Reading back through this and other threads on this issue, people have seemingly solved the timeout problem before only for it to come back after some time.
                      Have there been any changes to the re driver recently?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • I
                        iFloris
                        last edited by

                        @stephenw10:

                        If that's true then it's great news. However I wouldn't get your hopes up just yet. Reading back through this and other threads on this issue, people have seemingly solved the timeout problem before only for it to come back after some time.
                        Have there been any changes to the re driver recently?
                        Steve

                        There have not been changes to the driver, but rather in the way that pfsense 2.0 works.
                        By disabling device polling, hardware checksum offload, hardware tcp segmentation offload and hardware large receive offload, as well as changing the system tunables net.inet.tcp.tso and hw.bce.tso_enable to 0, watchdog timeouts are a thing of the past.

                        Except for one situation: When accessing the webgui on a macbook pro over a 2.4ghz wirelss N connection coming from a first generation Apple time capsule, timeouts are thrown up.
                        Attempts to replicate this through other wireless base stations, different connections and different devices have failed, which leads me to believe that this is a different issue entirely.
                        That laptop is never used for accessing the webgui, so it is irrelevant to me.

                        As usual, ymmv of course.

                        Edit: typo, shuffle sections

                        one layer of information
                        removed

                        1 Reply Last reply Reply Quote 0
                        • J
                          jonnytabpni
                          last edited by

                          @iFloris:

                          There have not been changes to the driver, but rather in the way that pfsense 2.0 works.
                          By disabling device polling, hardware checksum offload, hardware tcp segmentation offload and hardware large receive offload, as well as changing the system tunables net.inet.tcp.tso and hw.bce.tso_enable to 0, watchdog timeouts are a thing of the past.

                          Are you saying that these things are changed by default? I haven't touched any of those settings.

                          BTW, I don't have access to the serial console. If timeouts were being thrown, where would I see them? In system.log?

                          I've had the traffic graph up all night and no matter what I do, I have yet to see one timeout with this build. Even Windows CIFS transfers work between interfaces

                          1 Reply Last reply Reply Quote 0
                          • I
                            iFloris
                            last edited by

                            @jonnytabpni:

                            Are you saying that these things are changed by default? I haven't touched any of those settings.

                            BTW, I don't have access to the serial console. If timeouts were being thrown, where would I see them? In system.log?

                            A few settings have been changed by default, but I changed them all manually a while ago, just to be sure.
                            Timeouts are seen in console, system.log and felt by having a non-responsive internet connection / webgui.

                            one layer of information
                            removed

                            1 Reply Last reply Reply Quote 0
                            • J
                              jonnytabpni
                              last edited by

                              Which build are you running?

                              1 Reply Last reply Reply Quote 0
                              • I
                                iFloris
                                last edited by

                                @jonnytabpni:

                                Which build are you running?

                                At the moment, my pfsense version is 2.0-BETA5 (i386) built on Sat Jan 1 17:53:01 EST 2.
                                I usually update once a week on saturday.

                                one layer of information
                                removed

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jonnytabpni
                                  last edited by

                                  @iFloris:

                                  At the moment, my pfsense version is 2.0-BETA5 (i386) built on Sat Jan 1 17:53:01 EST 2.
                                  I usually update once a week on saturday.

                                  Im not far from you:
                                  2.0-BETA5 (i386) built on Sat Jan 1 19:56:40 EST 2011

                                  Have you seen timeouts at all with this current build?

                                  1 Reply Last reply Reply Quote 0
                                  • I
                                    iFloris
                                    last edited by

                                    @jonnytabpni:

                                    Im not far from you:
                                    2.0-BETA5 (i386) built on Sat Jan 1 19:56:40 EST 2011

                                    Have you seen timeouts at all with this current build?

                                    No.

                                    In fact, I haven't seen any timeouts whatsoever using any 2.0b4 build (ignoring an odd issue with a macbook pro) since this post:
                                    http://forum.pfsense.org/index.php/topic,25870.msg147085.html#msg147085

                                    one layer of information
                                    removed

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jonnytabpni
                                      last edited by

                                      @iFloris:

                                      In fact, I haven't seen any timeouts whatsoever using any 2.0b4 build (ignoring an odd issue with a macbook pro) since this post:
                                      http://forum.pfsense.org/index.php/topic,25870.msg147085.html#msg147085

                                      Did the MBP cause timeouts on the build you're using today?

                                      Also, reading your other post, I do experience the "went backwards" error at bootup, however it doesn't stop anything from working.

                                      I'm using an HP Procurve switch between my pfsense and machines. In my inital testing, I did have my laptop plugged directly into the FB, but still no timeouts were seen

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jonnytabpni
                                        last edited by

                                        Just to keep everyone updated, I ran some Windows CIFS tests with my laptop connected directly to a port on the Firebox. The CIFS servers is connected to another interface however there is a switch between server and FB.

                                        My first test was 5 or 6 files totalling around 1GB. My second test was lots of smallish (30MB) files totalling around 200MB. During the tests, I had a Traffic Graph open in Firefox on my desktop machine (connected to same interface as CIFS server).

                                        Not a single watchdog timeout happened. I have yet to see any timeouts on my current build (2.0-BETA5 (i386) built on Sat Jan 1 19:56:40 EST 2011), and the box has had an uptime of 1 day, 03:19 with 4 interfaces activated (5 during my CIFS tests).

                                        The only things I noticed during my CIFS tests was that it was capped at around 60Mbps, and as I removed the network cable from my laptop after the 2nd test (after a few hours of inactivity), I noticed that "check_reload_status: Linkup starting re5" was displayed in system.log, but this is probably normal.

                                        The capping issue could be due to some default config changed that has potentially stopped the timeouts. But that's ok as within our company, I have designated these boxes for use in "Medium Traffic Sites", or at least I will once we've had a few weeks of no timeouts.

                                        (Btw, The "Low Traffic Sites" have ALIX 2D3 and the "High Traffic Sites" have Supermicro Servers)

                                        What you all think?

                                        Thanks

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          It wouldn't surprise me to find that the 60Mbps cap is a result of the low quality Realtek NICs, especially since all the offloading options have been disabled.

                                          Edit: Thinking about it the offloading options are supposed to free up the cpu not the NIC so in fact, unless the cpu is maxxed out, this may be the faster setup.

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            jonnytabpni
                                            last edited by

                                            @stephenw10:

                                            It wouldn't surprise me to find that the 60Mbps cap is a result of the low quality Realtek NICs, especially since all the offloading options have been disabled.

                                            Yeah, you're probably right. The ALIX boards which are good quality parts cap at around 80Mbps, so 60Mbps on low quality hardware seems ok. I'm just interested to hear from anyone who is having timeout issues with the current 2.0 build. I may buy another x700 and deploy it at another office so at least we will have 2 real-life tests going on

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.