Firebox x6500e
-
Greetings! I am wondering if anyone has had any direct experience with modding a Firebox x6500e? If so, are their any differences from the 5500 that I should be aware of before I tear into it? This will be my first attempt with a conversion like this (I openly blame a thread over at Spiceworks for leading me here), so any tips and easter egg reveals would be appreciated.
-
It's identical to the X5500e and basically the same as the X550e. You can install pfSense on it no problems. It's all explained here:
http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#X-Peak-eThere is an extra VPN card which isn't supported and caused trouble for me (in an X5500e), remove it.
Steve
-
So my first experience with moding a firebox has been an interesting experience. Before digging in, I did quite a bit of reading to see what would be needed, and I ordered a couple items to make life a bit easier.
(NOTE: Since this site does not allow PDF attachments, I have my self-aid PDF available here. If anyone is interested, I can also do a full inclusive writeup on the process instead of just linking to other sources.)
First up was to locate a PS/2 port bracket (similar to http://www.pccables.com/06010.html) on eBay. The pitch in the pin-out was wrong, but removing the connector allowed me to connect the lines directly.
Next I located a IDC16 with a 2mm pitch from Digi-Key (http://www.digikey.com/product-detail/en/2-111623-0/AKA16L-ND/765779). I salvaged an old VGA extender, cut off the DB15m end, identified the VGA pin-out/color’s with a volt meter, and manually connected (and tested) each of the 15 leads to the corresponding connection on the IDC16.
As advertised in other threads, I now had working display and KB!I moved on and flashed the BIOS (http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Flashing_the_BIOS), which was pretty straight forward and uneventful. I ended up using the 256Mb CF that came in the unit since the 32MB I had laying around turned out to be a brick, and I knew it would boot as it was. Just make sure to pay attention to the BIOS changes to be made after the update is completed before moving on to Installing_pfSense#Embedded (http://doc.pfsense.org/index.php/Installing_pfSense#Embedded). If you have already locked up the BIOS by lowering the fan below BB, no fears. There is a CMOS clear jumper just in front of the first heat sink from the front of the unit.
Now for getting fpSense on the CF card, which some guess work mixed with trial and error. Given that the available documentation was written for 1.2.3, I think a few update in the doc’s may be in order.
I ended up with pfSense-2.0.3-RELEASE-512mb-i386-nanobsd_vga-20130412-1022.img.gz so that I can use the VGA (after rebooting) if I ever need to. Also, since it is a CF and it has inherent lifespan issues with writes, anything over 512mb seems a bit of a waste.
After getting a working image loaded to the CF, I was immediately plagued by:
FAILURE - READ_DMA timed out LBA=7813117 TIMEOUT - READ_DMA retrying (1 retry left) LBA=7813119 FAILURE - READ_DMA timed out LBA=7813103 …
After some digging, I found the solution in another thread:
– Boot
-- Do not use the default boot but exit to prompt
-- Type:set hw.ata.ata_dma=0 boot
Continuing with setup as directed, I had issues with getting a shell command to do the following (as originally directed), so I used the web GUI to directly edit /boot/loader.conf and added:
hw.ata.ata_dma=0
(Make sure to save before moving on)
After editing it directly, it behaved more as advertised as a solution. And so far, that’s the gist of it.
Next steps depend on the answers to a few questions about possible options:
• In using a 44pin IDE adapter to add a HDD, is there additional wiring needed to provide power or is it already in the existing connector on IDE2?
• What benefit, if any, would there be in upgrading the existing 1GB (2x512) to 2GB (2x1024)?
• SpeedStep vs ACPI throttling?
• Has anyone experienced the watchdog timeout issues with the x6500e? -
Good to see you're up and running. :)
A couple of comments.
Normally the only reason to flash the modified bios is to avoid having to make up VGA and keyboard header cables. Since you had already done that you could have accessed the bios in the normal way to change the IDE parameters. Is there some other reason you did that?The NanoBSD+vga images do not have dma disabled as you found but the standard NanoBSD images do for exactly the reasons you found. You can also correctly instate the DMA lines to the CF card slot. See: http://forum.pfsense.org/index.php/topic,56572.0.html
You should add that line to /boot/loader.conf.local as that file is copied across a firmware update.
• In using a 44pin IDE adapter to add a HDD, is there additional wiring needed to provide power or is it already in the existing connector on IDE2?
Yes power is provided to the caddy connector, IDE2.
• What benefit, if any, would there be in upgrading the existing 1GB (2x512) to 2GB (2x1024)?
Deppends what, if any, packages you are running. Snort and Squid can be memory hungry. You'll almost certainly be fine with 1GB IMHO.
• SpeedStep vs ACPI throttling?
ACPI throttling does almost nothing. Speedstep provides a useful reduction in power consumption even at idle. You will find however that the 2GHz CPU in the X-Peak-e boxes is not directly supported.
• Has anyone experienced the watchdog timeout issues with the x6500e?
The boards are identical so there is no reason to think you won't experience it. Though I have still to reliably reproduce the problem which makes testing much more hit and miss. ::) I am fairly sure (no one has yet contradicted this) that the problem is resolved as described here:
http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Known_Issues_2Steve
-
Normally the only reason to flash the modified bios is to avoid having to make up VGA and keyboard header cables. Since you had already done that you could have accessed the bios in the normal way to change the IDE parameters. Is there some other reason you did that?
Being my first attempt, I'd rather have the tools and not need them than need them and be without. Also, it has been ages since I had to to any terminal work, and was not 100% certain I still had the cables, let alone knew where they were at.
The NanoBSD+vga images do not have dma disabled as you found but the standard NanoBSD images do for exactly the reasons you found. You can also correctly instate the DMA lines to the CF card slot. See: http://forum.pfsense.org/index.php/topic,56572.0.html
You should add that line to /boot/loader.conf.local as that file is copied across a firmware update.
I had noticed this before in my original searches, and was one reason I was debating looking into a HDD solution vs the CF. Being my first jaunt into this arena, I am still leaning toward the HDD just to be able to play with the different features that are offered without having to worry about burning out the CF. And thanks for the tip on the local file, I must have missed that in the other threads.
• In using a 44pin IDE adapter to add a HDD, is there additional wiring needed to provide power or is it already in the existing connector on IDE2?
Yes power is provided to the caddy connector, IDE2.
Ok, next is what kind of HDD tray are people using to mount in the available space? I have tried to find an actual mfg tray for this, but am so far coming up dry for even part numbers.
• What benefit, if any, would there be in upgrading the existing 1GB (2x512) to 2GB (2x1024)?
Deppends what, if any, packages you are running. Snort and Squid can be memory hungry. You'll almost certainly be fine with 1GB IMHO.
Well, if I can find or figure out a HDD addition, I will probably just up to 2GB and be done with it.
• SpeedStep vs ACPI throttling?
ACPI throttling does almost nothing. Speedstep provides a useful reduction in power consumption even at idle. You will find however that the 2GHz CPU in the X-Peak-e boxes is not directly supported.
Good to know, thanks.
• Has anyone experienced the watchdog timeout issues with the x6500e?
The boards are identical so there is no reason to think you won't experience it. Though I have still to reliably reproduce the problem which makes testing much more hit and miss. ::) I am fairly sure (no one has yet contradicted this) that the problem is resolved as described here: http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Known_Issues_2
Am i correct in assuming that "hw.msk.msi_disable=1" disables one or more of the last 4 ports?
-
was not 100% certain I still had the cables, let alone knew where they were at.
Ha! I feel your pain. probably time to sort out my cable bin.
Ok, next is what kind of HDD tray are people using to mount in the available space?
The caddy is the same as the X-Peak box so:
Although some X-peak boxes seem to have included the hard drive caddy most didn't. However it is possible to get one from a laptop that fits. One laptop that had a suitable caddy is an ECS-320. In the UK it was sold rebadged as an Advent 7081 and also Patriot 2005. Possible models that used the same caddy are Advent 7086, 7094, and ECS 321. You need the metal tray that holds the HD and also the adapter that fits the socket on the motherboard.
They are available on Ebay etc. I should add that to the docs.
E.g.: http://www.ebay.co.uk/itm/Advent-7081-G320-Patriot-2005-HDD-Caddy-Connector-/370379040455Note the difficulty that booting from the HD can cause. The 'quirky' bios does not like some disk geometries. There is a workaround described in the docs but it's ugly. ;)
Am i correct in assuming that "hw.msk.msi_disable=1" disables one or more of the last 4 ports?
Nope. It disables Message Signalled Interrupts just for the msk driver. All 4 ports continue to function normally, maybe slightly slower or greater CPU overhead but I haven't seen it.
Steve