Successful Install on Watchguard Firebox X700!

moogoom

Hi Steve !

Yes, first so it was connected via usb. And this was problem…

I want no special configuration: 1 WAN (4/2 Mbps with 5 used public IP)  and 2 LAN.
LAN 1: Network in my home and office - because i have office in home. ;-)
LAN 2: Network for my friends and neighbors. Unfortunately I live in block...
LAN 3: DMZ for my 2-3 servers: 1 - my machine (HTTP, mail, ftp, mail, etc.) 2 - machine for my frends/neighbors (mail, ftp, etc.), 3 - DNS (chroot) and ftp for my best friend, hi is computer science specialist. This machine is for him backups.

Networks LAN1 and LAN2  are NOT CONNECTED, but are have access to Internet.
LAN 3 - known...

Pawel

stephenw10

Maybe better to discuss this in a new thread since this is now a general configuration problem not specific to the firebox. This thread is already too long!  ;)

It doesn't look like a difficult config though.

Steve

moogoom

Of course. I have a request to the Moderator: Do You move my last 2 entries to a new topic: "Configure 1xWAN, 2xLAN and 1xDMZ of 5 IP addresses" ?
Thank You. :)

Steve - if you want help me understand pfSense rules - welcome to the new topic or my e-mail. Thank You for You fast helping.  ;D

Pawel

moogoom

Happy New 2013 Year!

Thank you for your help and kindness. At the beginning of 2013 I wish You all the best and fulfill their dreams. All the best!

Pablo

woc38

After upgrading from 2.0.1-RELEASE to 2.0.2-RELEASE the serial console stopped working again on my Firebox X700. The console shows the boot progress and then stops working after 'Bootup complete'.

In previous 2.0.x versions I used this solution.
After the upgrade to 2.0.2 the file "/usr/local/share/misc/serialbandaid.sh" was still available. The added lines to /etc/rc however, where gone. By simply adding the described lines again and a reboot the serial console works again!

stephenw10

If you use this solution instead it will survive a firmware update:
http://forum.pfsense.org/index.php/topic,7458.msg241783.html#msg241783

Also that is 'cleaner' since it doesn't involve editing any files or running scripts.

Steve

woc38

Thanks Steve! I thought I used that method before, but can't remind exactly… I will give it a new try.

vrocco

Does anyone have any information on the max processor that these boxes will support? I know some have replaced the processor with 1.4 Pentium M or Celerons, has anyone gone higher?

If I'm going to buy a replacement, I might as well go as big as possible since these processors are so cheap.

Thanks

stephenw10

On the X-Core boxes you can only use Pentium 3 (or equivalent Celeron chip). The fastest P3 was 1.4GHz.
http://en.wikipedia.org/wiki/List_of_Intel_Pentium_III_microprocessors#.22Tualatin.22_.28130_nm.29

I don't think anyone has ever tried one of the VIA Socket 370 CPUs. If those worked you would have the advantage of the on board encryption accelration (VIA Padlock):
http://en.wikipedia.org/wiki/List_of_VIA_C3_microprocessors#.22Nehemiah.22_.28130_nm.29

Steve

ChuckInAtl

jmcentire

Great post but you already know that :)

I have a WatchGuard Firebox X 1250e…I assume the motherboard are roughly the same.

I have a SATA 2.5 drive, I also have a 44 pin 2.5 hard drive that I want to 'adapt' to this box (I would prefer the SATA drive).

My question is... would/could you share where I could find the adapter(s), for either one??

Also could not find the caddy you recommend??

ChuckInAtl

stephenw10

@ChuckInAtl:

I have a WatchGuard Firebox X 1250e…I assume the motherboard are roughly the same.

That would be an incorrect presumption.  ;)
The X1250e is part of the X-Core-e series. See: http://www.watchguard.com/products/core-e/compare.asp?p1=x550e&p2=x750e&p3=x1250e
The relevant thread is here: http://forum.pfsense.org/index.php/topic,20095.0.html
Also see the wiki page: http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#X-Core-e

Steve

CuriousG

I currently have 2 WG FB X700 (both static IP) in production both running pfsense 2.03REL.  The main office has dual WAN connection due to them having issues with Comcast going down now and then.  Primary connection is Comcast and backup is AT&T setup for load balancing.

The satellite office has a single Comcast connection and rarely has any downtime.  They currently connect through an IPsec connection with AES-128 encryption.  I assume it would be using the SafeXcel 1141 card and I have the use glxsb option ticked on (should I turn this off?).  Reading the docs http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#X-Core now it appears it isn't using the card at all?  I guess I should be using Blowfish encryption instead?

Lately I've been having issues with the IPsec VPN connection where it loses the connection and restarting the racoon service doesn't fix the issue.  Would OpenVPN be more robust in reconnections?

My other issue is the old issue with the Web GUI not responding (thought this was fixed in 2.03).  When this happens, I try the reset webconfigurator (option 11) through a SSH connection and I get the endless … screen.

Restarting the firewall on either end (I usually just pick the one where the Web GUI stops responding) appears to fix the GUI and VPN connection.

stephenw10

Certainly I have failed to find any evidence that the Safenet card is used. It's doesn't seem to work via the FreeBSD crypto framework which is how it should work. There may be some software that talks to it directly without the framework.

I would choose OpenVPN for a pfSense-to-pfSense tunnel but that's probably because I have more experience with that (which isn't saying much!). I do believe that OpenVPN tends to be slower if your hardware is the limiting factor as it may well be with X700s.

Steve

cologuy

After my very successful re-flash of a x1250e last week I'm going to try to
resurrect a old X500 with pfSense.

A quick read of the docs and page one of this thread seems to indicate that you
boot a live CD on a laptop and install directly to the CF (I assume mounted via USB). Is
that still the recommended option? And what size CF card is needed for 2.x pfsense? Or
can I just write an image to the CF card as is done for the X-core-E models?

The docs appear to be a little sparse regarding these details :) :) :)

stephenw10

Just write the image to CF and boot it.  :)
It should mostly be covered in the doc page: http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Installing_pfSense
Feel free to suggest any improvements in the related forum thread: http://forum.pfsense.org/index.php/topic,59821.0.html

Steve

cologuy

Just write the image to CF and boot it.

It does not say that anywhere that succinctly  :) (The documentation is excellent, just missing that
small detail).

No size restrictions like the x-core-e models?  Can i use a 4gb?

stephenw10

There are no bios restrictions like the X-e boxes. Any card should boot.
The only thing to watch out for is the serial port quirk.

Steve

cologuy

Thanks, I've got to order another CF card and did not want to have problems.

cologuy

I got another 4gb CF card and copied a 2.0.3 1GB image on it and it boots fine.

I have read about the serial port baud rate issue but I'm not clear on when to
change it. I go through the setup and skip the vlan setup and assign re0 to the WAN and re1 to
the LAN (no option not to) and then the system boots to "Bootup complete" and hangs.

There is no chance that I see to assign IP's or access the webconfig command prompt to make
these changes:

console="comconsole"
comconsole_speed="115200"

Where is that supposed to happen?

stephenw10

The LAN interface will be on 192.168.1.1 with dhcp enabled by default. You should be able to access the box on that way to complete the setup wizard. In 2.0.3 you have the option of setting only WAN if you want to do it that way. Just press enter when it asks for the LAN interface.

Steve