Installing on a Firebox X700

stephenw10

Check you have the correct update URL.
Go to System: Firmware: Settings: and select pfSense i386 stable updates from the drop down.
It should then say: http://updates.pfsense.org/_updaters in the base URL box.
Save the setting.

The arm/disarm LED can be controlled, I wrote a program to do it.  ;D
You can read about my efforts in this thread.
Download the most recent version from this post. Remove the .png extension from it, that's just so the forum will accept it.
Now you need to copy it to somewhere permanent on your firebox and make it run at boot up with whatever LED setting you require.
There are a number of ways to do this but here's what I do.
Connect to your firebox console (via serial or ssh) and type:

/etc/rc.conf_mount_rw

This will allow you to write the file, by default the filesystem in read only.
Now copy WGXepc to /conf, I use WinSCP to do this. Normally you wouldn't ever put anything in /conf but WGXepc is a very small file and /conf survives a firmware update.
Change the file permissions so it is executable, you can do that in WinSCP or using chmod at the console.
Now at the console type:

echo '/conf/WGXepc -l green' > /usr/local/etc/rc.d/WGXepc.sh

This will create the file WGXepc.sh in /usr/local/etc/rc.d which is run at boot. Make sure it's file permissions are set to excecutable:

chmod 0755 /usr/local/etc/rc.d/WGXepc.sh

Now remount the file system back to read only:

/etc/rc.conf_mount_ro

You can experiment with the different LED settings, if you call the program with no arguments it gives some help.

fmertz is currently incorporating the led code into the lcd driver so we should soon have this all packaged nicely. That will also open the possibility of using the LED to indicate something useful.

Steve

Edit: If someone wants to tell me a better location that survives a firmware update I'm open to suggestions!  ;)

GOBIGRED

Do you have a idea when the package is going to come out?
Im still having troube with your last post!!

stephenw10

@GOBIGRED:

Do you have a idea when the package is going to come out?

When it's ready!  ;)

You keep an eye on this thread for updates. In this post fmertz has the new test driver with led support. There's no GUI option yet. Unfortunately my X-Core box has died completely and no longer posts (I think one of the capacitors has died) so I can't test it.

Which part of my previous post are you having trouble with?

Steve

GOBIGRED

I just got one that had the same problem i found them on ebay real cheap and replaced them its very easy, i would reccomend that you try to fix it for the 10 bucks instead of buying a new one lol!! What models of the FB do you have?

stephenw10

@GOBIGRED:

What models of the FB do you have?

I keep an eye on Ebay UK for cheap boxes. I use an X-Peak box (X6000) as my main firewall here and also have an X750 and an X5500. I'll have to try changing the caps on the X500. None of them look bad though, other bad caps I've had had stuff leaking from them or at least bulging tops.  :-\

Steve

GOBIGRED

Steve,
Im now looking for a peak box do you know the diffrent x core peak models?

And is there any word on the package:fmertz is currently incorporating the led code into the lcd driver so we should soon have this all packaged nicely. That will also open the possibility of using the LED to indicate something useful.?

Thanks

stephenw10

The X-Peak had three models: X5000, X6000 and X8000.
See: http://www.watchguard.com/products/peak.asp
I don't know how many Watchguard sold in relation to the X-Core but it must have been a low ratio, they hardly ever come up on Ebay.

No news on the driver I'm afraid though I just aquired a replacement X-Core for some more testing.

Steve

GOBIGRED

Ok thanks does pfsense had built in wireless? If so what firebox do i cant seem to find any info?

Thanks

stephenw10

pfSense supports any wifi card that is supported by FreeBSD 8.1 (2.0.1) or 8.3 (2.1). That is a lot of cards but it's not as good as wifi support in Linux. For example there is no support at all for 802.11N.

I'm running an Atheros 2413 based mini-PCI card as an access point in my X-Peak.

None of the Watchguard X86 based hardware had wifi built in.

Steve

GOBIGRED

I have a on WAN 3 LAN config how do allow the LAN's to talk to each other?

stephenw10

You have to add firewall rules (or modify the existing rules) to allow access between LANs.
For example the default rule on the LAN interface is Source: LAN net and Destination: any. This destination, any, includes all your other subnets on other interfaces so traffic can reach them. This default rule doesn't exist on any other interfaces so you have to add it.

Steve

GOBIGRED

so i need to make a rule saying destination any and source any? also what are some good steps to secure pfsense and my network?

stephenw10

pfSense is secure by default.  ;)
In order to make it as secure as possible you should use rules that only open ports and interfaces you need. For example you should use, source: LANnet (or equivalent interface), in your rules to restrict what machines are allowed out.
You can restrict this further but only allowing ports you need, http, ssh, pop3 etc. Though it's easy to overlook something and end up blocking your own traffic.

Steve

GOBIGRED

just got a e series firebox upon receiving it doing research on pfsense and it said special tools required to get pfsense working is that correct?

stephenw10

Yes you need to do a workaround in the bios to make it boot a CF card larger than 512MB. In order to do that you can either make up cables to connect a monitor and keyboard or reflash the bios with one that allows console redirect.
See:
http://forum.pfsense.org/index.php/topic,20095.msg190456.html#msg190456

Which e series model do you have?

Steve

GOBIGRED

i got x750e 1250e and some peak models. I plan on listing the x750e since i got a lot for a great price.

stephenw10

Nice!  :)
The peak-e models are actually less good for pfSense as the CPU is not correctly picked up by the speedstep driver and hence they run much hotter. The Core-e has a Celeron which doesn't have speedstep but can be replaced by a pentium-m for very little.

Steve

Nico621

Hello,

Does anyone know what 512 sticks of ram will work in these boxes, some people say they get it to work and others don't. I am currently looking at the ones on newegg and see they have three brands to choose from and they're all double sided dimms, any suggestions or specific models that are known to work?

Thanks,
Nico

stephenw10

You mean the X700 series?
They seem to be very fussy, so much so that I'm just sticking with 256MB.  ::)
The best person to comment on this would be Brak since he has upgraded many of these boxes.

Steve

Sleeps

@Nico621:

Hello,

Does anyone know what 512 sticks of ram will work in these boxes, some people say they get it to work and others don't. I am currently looking at the ones on newegg and see they have three brands to choose from and they're all double sided dimms, any suggestions or specific models that are known to work?

Thanks,
Nico

Purchased this memory module "Kingston KVR133X64C3/512 512mb SDRAM 133 MHz 168pin" from ebay and it works fine in the X700

Sleeps