Watchguard XTM 5 Series
-
Some updates:
I've got my XTM 505 up and running. I replaced the CPU with a Core2Duo E4500, replaced the RAM with a couple 1GB sticks I had lying around, and installed a 2.5" HD which I also had lying around.
I mounted the HD to a modified Intel 2.5" to 3.5" converter cage. The cage is mounted to the XTM 505 right behind the LCD on risers.
The XTM successfully finds the SATA HD without any BIOS modification and I have SHELLCMD mounting it at boot time.
Pictures:
-
Nice! :)
I would recommend removing the VPN accelerator card. It's just using power and isn't doing anything useful, unfortunately.Steve
-
Any one have any luck locating or compiling a suitable driver for the
Cavium card? I believe a Linux one exists but no luck with BSD. -
I believe it's closed source driver in Linux or at least you have to sign an NDA before they'll give you access to the SDK. No driver like that would ever make it into FreeBSD so it would have to be reverse engineered. Not an easy task.
Steve
-
Yeah that pretty much sums that up.
Anyone wanna buy a Cavium VPN card cheap? ;D
-
You never know support for the low end cavium chips may yet appear once they are of no resale value.
It's a shame they chose to use a reversed pci-e connector, I've tried to find a female to female adapter bug failed. Having the pci-e bus terminated in an edge connector like that seems to be known as 'golden fingers'. Can turn up some interesting Google results! :PSteve
-
I'd say chances are pretty slim considering Cavium has already released several models newer than the one in this box (Nitrox CN1605). Still, you never know.
"Golden Fingers" you say?
Could always use a PCI-e to mini-pci card or wifi card. Or a 10GB Ethernet card and mod the box to have a cable permanently attached internally and fed out the back. Not the most elegant solution but would make use of the port. Seems like there is enough room left to do something with it.
-
That's just it, you can't use any of those things without some sort of adapter because the slot is on the card! I had thought a back plane style riser of the sort sued for single board computers might do it but I haven't found one of those either.
Steve
Edit: Like this maybe: http://www.onestopsystems.com/backplane_427.php
-
Hello,
We have successfully installed pfsense on a watchguard xtm 505.
Just letting you know that the Quad Core Q8200S is supported by this motherboard and runs beautifully.
This CPU actually runs cooler than the Celeron - sits between 37-40C. The "S" model is of smaller lithography and runs more efficiently / cooler.
http://ark.intel.com/products/40816/Intel-Core2-Quad-Processor-Q8200S-4M-Cache-2_33-GHz-1333-MHz-FSBOur specs are:
2GB RAM
Quad Core Q8200S
8GB Transcend CF Card (with 4GB image)Works great!
Thanks to everyone who contributed.
Scott
http://www.synergy8.com/ -
Ooo, nice!
The only reason I went for the E4500 (other than it was cheap on ebay) was that it matched the lithography and bus speed on the Celeron closely. If we can use 45nm and 1333MHz that opens up many other cpus.Are you using the original BIOS?
Steve
-
Hi Steve,
Yes - original BIOS. No changes or flashing needed.
I'm sure other faster CPUs will work. But! Id be wary of the power consumption with other CPUs. That PSU in the box is pretty small!
I would be pretty confident in saying that most of the CPUs in the "Compatible products" list of: http://ark.intel.com/products/36528/82G41-Graphics-and-Memory-Controller-Hub would work.But I can certainly confirm the stability and operation of the Q8200S. Power wise, we removed the VPN card and do not have a hard drive installed.
Here is a pic of the dashboard (some info removed).Cheers,
Scott
http://www.synergy8.com/
-
Regarding the LCDProc dev package not automatically starting at boot I'm trying StephenW's method for restarting the services with SHELLCMDs from here:
http://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513
-
Is the XTM 5 series powerful enough to run squid and anti virus package? does it work with the CF card or do i need an appliance with HDD Installation (e.g. Symantec 5420)?
-
Yes & yes. I'm running off CF now and I have read of people installing an HD, but I'm not sure about using it to boot.
Also, this unit is upgradeable. You can upgrade the proc to a C2D and RAM as well.
All in all, a great box (with intel NICs) if you can get a good deal on one.
-
The Xtm 510 has usually a Celeron 2Ghz CPU and 1Gb. Shouldn't this be enough power to run it with antivirus, proxy and content filter?
Does it make sense to use 8gb CF card or higher for installation or should 4 GB be enough?
Cu Hawk78
-
It certainly is for a small to medium network but every scenario is different, if you turn on all the bells & whistles, your mileage may vary.
-
Exactly. It depends what throughput you need. If you're running Squid, Havp and Squidguard/Dansguardian you're not going to see 1Gbps. Chances are you don't need that though.
There is no value in using an 8GB CF card. The largest image available is 4GB so the remaining space can never be used.
If you want to use Squid as caching proxy you must run it from hd. The continuous writes would kill flash media in short order, the package will prevent you doing it in Nanobsd.Steve
-
There is no value in using an 8GB CF card. The largest image available is 4GB so the remaining space can never be used.
If you want to use Squid as caching proxy you must run it from hd. The continuous writes would kill flash media in short order, the package will prevent you doing it in Nanobsd.I believe there is a ticket in for 8GB images due to there being more packages available, especially since adding support for PBI installs, but yeah 4GBs is the biggest now.
StephenW, ever try running Squid from CF with caching pointed to an NFS mount or HD mounted in cache directory path? I don't like the idea of running something as critical as a firewall from a HD.
-
Thanks for your reply menacingm & stephenw10! :)
I agree about the killing of flash media by caching. But what about the usb port. Could i use this for connecting a USB stick or USB HD for caching? What about SSD? Is there the same prob?
-
Ah I wasn't aware of the 8GB ticket. I have a hard time believing you could fill the space provided by the 4GB image slices though even with the PBI packages (which are a lot larger).
There are a number of people who have setup squid to cache to a separate HD but it's not handled by the webgui which presents some issues. Primarily you need to have a setup that survives a firmware update otherwise you'll have to re-make all your changes manually. Firstly there is no facility to mount an local drive but you can handle that via the shellcmd package. Then you have to manually configure squid to use you newly mounted slice forr it's cache. Lastly you need to know what happens if the hd fails. Does Squid fail to start? Does that result in no internet access for your clients?
Just running from a HD drive gets around these problems, HDs are pretty reeliable these days. I'm fairly sure there are more pfSense installs running from HD than flash. There is provision in the XTM5 for installing a 2.5" SATA drive.
There was a thread recently detailing this setup on a firebox X750e. That user used a script that ran at boot to check the HD status and mount /var accordingly:
http://forum.pfsense.org/index.php/topic,67823.0.htmlSteve
