• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Successful Install on Watchguard Firebox X700!

Hardware
151
690
966.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    stephenw10 Netgate Administrator
    last edited by Dec 12, 2011, 3:27 PM

    What pfSense version are you running? Embedded? Nano?
    The serial connection works OK before you reboot?

    Steve

    1 Reply Last reply Reply Quote 0
    • M
      MartinD
      last edited by Dec 12, 2011, 4:01 PM

      Hi,

      It's new pfSense 2.0. Installed on IDE HDD from LiveCD (onother PC where all other devices where disconnected), embedded kernel as per advice.
      Serial connection was working fine before reboot.
      After I install I have changed LAN IP and restarted, reboot was fine. But when you create more complex changes like enabling SSH or putting virtual IPs.
      When rebooted, then same thing -  Jibberish as in my first post.
      Any idea what is going wrong?
      Thanks.

      MArtinD

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Dec 12, 2011, 5:05 PM

        And presumably it then fails to boot (no access via ssh or web gui)?

        To be honest I have no ideas.  :( I've not tried installing to HD on one of these boxes. I also haven't tried using the embedded kernel option.
        Is there an 'enable serial console' option in that configuration? It could be defaulting to VGA for some reason and then failing to find any VGA hardware (that shouldn't stop it booting though).
        There is no need to use the embedded kernel if you are installing to HD. However if you do a full install you will need to boot the install in another machine and select serial console in the web gui.

        Steve

        1 Reply Last reply Reply Quote 0
        • P
          PowerToTheUsers
          last edited by Dec 12, 2011, 10:08 PM

          @MartinD:

          Hi! I have a problem with pfsense on X700.
          I can install, boot, connect to webGUI - all perfect.
          If I do changes like enabling Secure SSH, reboot and I got this (on serial putty):

          ±ÿàþÙE1Àmõâþ-                 ?ûù5Þþ1TÂÛ
          ÿâüôðö¨ÿxzþøÀê ôéUòN)dÀGh,ý+øüQ
          cÝ.ûü|E)A84þ

          I thought is IDE HDD, I took another, did the same settings and bang  ??? :o

          Please help!!!

          TIA -  MartinD

          For what it's worth: I had a similar output when booting from the original firebox-card instead of the pfSense CF-card.

          1 Reply Last reply Reply Quote 0
          • D
            dig1234
            last edited by Dec 13, 2011, 2:12 AM

            Wow this unbelievable, I came to this thread looking for hardware recommendations to put pfSense 2.0 on, to REPLACE our firebox x500 and I see you guys are talking about putting pfSense ON the firebox. That's uber cool. Can someone tell me if this will work for 2.0 on the x500, all the instructs I see are for 1.2?
            I will trash that watchguard "OS" in no time.

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by Dec 13, 2011, 11:25 AM

              @dig1234:

              That's uber cool

              It is pretty sweet!  ;D

              2.0 works almost as well as 1.2.3 did. Some users have experience an odd bug where the serial console fails to come up after the bootup messages. There is work around for that though.
              The NICs in the Firebox X-Core are low quality Realtek and can cause problems. You may see 'watchdog timeout' in the logs and the NICs stop responding. This seems largely dependent on what you have it connected to. A good quality switch that only sends 'nice' packets seems least problematic.
              You may as well give it a go since you already have the box.  :)

              Steve

              1 Reply Last reply Reply Quote 0
              • M
                MartinD
                last edited by Dec 14, 2011, 1:52 PM

                @stephenw10:

                And presumably it then fails to boot (no access via ssh or web gui)?

                To be honest I have no ideas.  :( I've not tried installing to HD on one of these boxes. I also haven't tried using the embedded kernel option.
                Is there an 'enable serial console' option in that configuration? It could be defaulting to VGA for some reason and then failing to find any VGA hardware (that shouldn't stop it booting though).
                There is no need to use the embedded kernel if you are installing to HD. However if you do a full install you will need to boot the install in another machine and select serial console in the web gui.

                Steve

                Hi,

                I had to go with embedded kernel otherwise serial does not work when first time booted. Before first restart I edited /etc/fstab to mount after restart ad2s1a and ad2s1b partition.
                So now even though I still got unreadable serial connection, webGUI works fine and SSH as well.

                P.S. Steve, your LCD  instructions worked perfect :)

                Thank you all.

                1 Reply Last reply Reply Quote 0
                • U
                  Unubtanium
                  last edited by Jan 10, 2012, 6:07 PM

                  @stephenw10:

                  The NICs in the Firebox X-Core are low quality Realtek and can cause problems. You may see 'watchdog timeout' in the logs and the NICs stop responding. This seems largely dependent on what you have it connected to. A good quality switch that only sends 'nice' packets seems least problematic.

                  I can confirm this!!  Damn stupid cheap NIC's, someone did put a cheap D-link Swithc in on my opt3 and i did se  this  "problem", Changed it for a HP ProCurve so lets hope this fixes my "problem"…...  ;D

                  1 Reply Last reply Reply Quote 0
                  • D
                    dig1234
                    last edited by Jan 10, 2012, 6:35 PM

                    Interesting, anybody try it with 3com Superstack III's ?

                    @Unubtanium:

                    @stephenw10:

                    The NICs in the Firebox X-Core are low quality Realtek and can cause problems. You may see 'watchdog timeout' in the logs and the NICs stop responding. This seems largely dependent on what you have it connected to. A good quality switch that only sends 'nice' packets seems least problematic.

                    I can confirm this!!  Damn stupid cheap NIC's, someone did put a cheap D-link Swithc in on my opt3 and i did se  this  "problem", Changed it for a HP ProCurve so lets hope this fixes my "problem"…...   ;D

                    1 Reply Last reply Reply Quote 0
                    • U
                      Unubtanium
                      last edited by Jan 10, 2012, 8:34 PM

                      @dig1234:

                      Interesting, anybody try it with 3com Superstack III's ?

                      Will check tomorrow if i have one and test for u, but also let u all know if the ProCurve works fine, just changed it today so tomorrow will tell… ;D

                      1 Reply Last reply Reply Quote 0
                      • U
                        Unubtanium
                        last edited by Jan 12, 2012, 9:04 AM

                        The HP Procurve did the trick, no more "dead" OPT3 Nic.  Do not have a 3com so can not test it… But all points to Cheap shitty switches freak out the cheap realtek NIC

                        1 Reply Last reply Reply Quote 0
                        • S
                          stephenw10 Netgate Administrator
                          last edited by Jan 12, 2012, 12:54 PM

                          I remember reading about this some time ago unfortunately I have forgotten most of the detail and can't find the page now!  ::)
                          Anyway it had something to do with fragmented packets.
                          Basically a cheap 'dumb' switch send any old packet towards the firebox where as a smart switch does a much better job of reassembling bad packets correctly. However that really deppends on the switch software so some are better than others.

                          There has been a lot of work gone into this over the years. Hopefully with the first 2.1 builds based on FreeBSD 9 there may be some resolution.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • U
                            Unubtanium
                            last edited by Jan 12, 2012, 2:20 PM

                            @stephenw10:

                            I remember reading about this some time ago unfortunately I have forgotten most of the detail and can't find the page now!  ::)
                            Anyway it had something to do with fragmented packets.
                            Basically a cheap 'dumb' switch send any old packet towards the firebox where as a smart switch does a much better job of reassembling bad packets correctly. However that really deppends on the switch software so some are better than others.

                            There has been a lot of work gone into this over the years. Hopefully with the first 2.1 builds based on FreeBSD 9 there may be some resolution.

                            Steve

                            Lets hope 2.1 will do its magic, but for now i am looking for a x550e that i can test on because the other is in production environment  doing 3 wans with failover and load balance with 2 lans too  =)

                            Thanks again Steve for teaching me,, Did wish i had your Skills

                            1 Reply Last reply Reply Quote 0
                            • M
                              m4f1050
                              last edited by Jan 12, 2012, 3:22 PM

                              Trying to install this on X500, someone mentioned it being same hw as the other X seires, I read somewhere I had to flash new firmware to allow it to boot > 512mb CF card, is this correct?

                              http://documentation.dbernhardt.com/pfsense/article.html
                              

                              X750EB2.BIN or does it have to be X500?

                              1 Reply Last reply Reply Quote 0
                              • B
                                Brak
                                last edited by Jan 12, 2012, 3:34 PM

                                @m4f1050:

                                Trying to install this on X500, someone mentioned it being same hw as the other X seires, I read somewhere I had to flash new firmware to allow it to boot > 512mb CF card, is this correct?

                                http://documentation.dbernhardt.com/pfsense/article.html
                                

                                X750EB2.BIN or does it have to be X500?

                                No, an X500 should be able to boot from anything without any BIOS modifications. Just try installing a nanobsd image of pfSense onto a CF and give it a try.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  m4f1050
                                  last edited by Jan 12, 2012, 3:38 PM

                                  I will be trying to boot form 2gb CF card (or any size, I just need to know what is the highest size CF I can use on the X500)

                                  Thanks!

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    stephenw10 Netgate Administrator
                                    last edited by Jan 12, 2012, 4:24 PM

                                    Mmm, yes that article you linked to is a bit confusing. It doesn't specify which Firebox it's for.
                                    Like Brak said, there's no need to flash the bios. There should be no restriction on the CF size however there is no advantage to using a larger one. 1GB is fine.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      m4f1050
                                      last edited by Jan 12, 2012, 6:48 PM

                                      @stephenw10:

                                      Mmm, yes that article you linked to is a bit confusing. It doesn't specify which Firebox it's for.
                                      Like Brak said, there's no need to flash the bios. There should be no restriction on the CF size however there is no advantage to using a larger one. 1GB is fine.

                                      Steve

                                      Great news guys, thanks!  Will be doing this very soon when I get my 2gb CF in.  In re: to size, wouldn't it be better for logging if I had a bigger sized one?

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        stephenw10 Netgate Administrator
                                        last edited by Jan 12, 2012, 7:15 PM

                                        All logging in pfSense is done to RAM. In the NanoBSD install almost nothing is written to the CF card other than config changes. This done to preserve the card due to it's limited write cycles.
                                        If you need extensive logging or long term log storage you have to use a separate syslog server.

                                        From a personal point of view this is the one part of pfSense that I find lacking. At home I don't have another machine that's always on so running a syslog server is not an option.

                                        About the only possible advantage of using a bigger CF card is that there are more memory blocks to use for ware leveling. However since NanoBSD is especially designed to get around this it's not really a problem.

                                        You do get more space for packages but you won't fill it anyway.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          m4f1050
                                          last edited by Jan 12, 2012, 8:55 PM

                                          I agree with you.  Sucks we cant log to cf…  I prob wont be running any pckgs.  I do have an unRAID box I can store logs to.... Hmmmm...  And maybe I could run sickbeard, couchpotato, sabnzbd, transmizzion on the firebox..? Even still I wont fill up even a gig cf...

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.