Successful Install on Watchguard Firebox X700!
-
Thanks for your answer and the link. The cable I bought has DB9 on one end (to the Firebox) and a RJ45 on the other (to ethernet on my laptop). Hyperterminal says it's "connected" but I never get any output
-
Thanks for your answer and the link. The cable I bought has DB9 on one end (to the Firebox) and a RJ45 on the other (to ethernet on my laptop). Hyperterminal says it's "connected" but I never get any output
Oh… lol. This cannot work. You need DB9 -> USB. Like http://www.ebay.co.uk/itm/230584255185
-
Exactly. You can't use an ethernet port to talk serial. If your laptop, or any other machine you have, doesn't have a serial port then you will need a USB to serial converter in addition to the null modem cable. The one Doktornotor linked to above is what I'm using since most modern computers don't have a serial port.
Steve
-
A short while ago I ran some tests on the SafeXcell encryption card in most X-Core boxes. I was inspired by this thread in which it is claimed the card not only works but speeds up a VPN connection significantly.
There isn't any doubt that the card is supported to some extent by the safe(4) driver. If you run cryptotest from the console it reports the crypto framework correctly using the card and gives some test figures.
A simolar result can be seen by running openssl speed:Without the Safenet card
[2.0.3-RELEASE][root@pfSense.localdomain]/root(1): openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 4443103 aes-128-cbc's in 2.89s Doing aes-128-cbc for 3s on 64 size blocks: 1258138 aes-128-cbc's in 2.91s Doing aes-128-cbc for 3s on 256 size blocks: 318359 aes-128-cbc's in 2.87s Doing aes-128-cbc for 3s on 1024 size blocks: 80907 aes-128-cbc's in 2.89s Doing aes-128-cbc for 3s on 8192 size blocks: 10450 aes-128-cbc's in 2.98s OpenSSL 0.9.8y 5 Feb 2013 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 24627.37k 27709.88k 28411.35k 28646.12k 28707.23kWith the Safenet card:
[2.0.3-RELEASE][root@pfSense.localdomain]/root(13): openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 117285 aes-128-cbc's in 0.14s Doing aes-128-cbc for 3s on 64 size blocks: 110095 aes-128-cbc's in 0.05s Doing aes-128-cbc for 3s on 256 size blocks: 93032 aes-128-cbc's in 0.04s Doing aes-128-cbc for 3s on 1024 size blocks: 56316 aes-128-cbc's in 0.05s Doing aes-128-cbc for 3s on 8192 size blocks: 8643 aes-128-cbc's in 0.00s OpenSSL 0.9.8y 5 Feb 2013 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: cc available timing options: USE_TOD HZ=128 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 13690.32k 156398.83k 538937.61k 1147202.67k 70803456.00kThe number when using the card are far higher at 64bytes or higher. However at small sizes it's actually lower.
When running a real test using an site to site style OpenVPN connection with the X-Core box as one end the results are interesting. Using aes-128-cbc I was able to push ~25Mbps but after removing the card completely I was seeing ~33Mbps. This is perhaps understandable if VPN traffic is mostly small packets. It seems that to make use of the card would require tuning the VPN tunnel to use much larger packets.
In the wiki page I have said that the Safenet card does not work correctly. It would seem from my testing that better advise would be to remove it completely but I would like to get other opinions on that. Anyone seen similar results?
Steve
-
Hi all
I have just aquired a x700 and i have read all through this thread
i am having a real problem getting this to work. the original watchguard software boots up no problem, i've tried all the nano images at pfsense and none of them will boot the device. i've tried the live install with still no luck, i bought a new null female to female console cable and that doesn't show anything i've used putty and teraterm.
has anyone got any ideas or a image of thiers would be nice.
thanks in advance
Scalda
-
So you can see the bootup output from the watchguard OS via your cable?
What size cf card are you trying?Steve
-
So you can see the bootup output from the watchguard OS via your cable?
What size cf card are you trying?Steve
no i don't see it on the watchguard boot up either but the watchguard boots up and the arm light turns green, and displays the uptime
i am using a 4GB card
thanks
Scalda
-
Then you have a problem with your serial console setup. You should see something at 115200bps from the watchguard OS even if you're using a 3 wire serial cable.
In all likelihood the pfSense Nano images are booting ok and waiting at the initial interface setup menu.
You need to prove your serial setup with something.Steve
-
I recently purchased a Watchguard Firebox X500 and a pre-configured 2GB CF card with pfSense 2.1 and the various fixes for the X-Core Fireboxes. The system booted fine with the CF card and I was able to configure the LAN port via serial connection and enable DHCP. I upgraded the CPU to the 1.4 GHz SL6C6 model and upgraded the memory to 512MB. However, only 256MB was recognized as it wasn't one of the recommended RAM modules. I also replaced the rear fans with the Scythe Mini KAZE fans. While trying to remove the original CPU I managed to snap off the plastic lever on the CPU socket. I was able to rotate the stub enough to lock the CPU down and then install a new heatsink and fan.
I purchased a cheap PCI graphics card and right-hand PCI riser so I could monitor the video output while it booted. Unfortunately, when I plugged in the video card the CPU fan would just click and not rotate and the unit would not boot. I removed the video card and riser and the unit failed to boot initially, although it did completely power on as before. After a while and numerous attempts it finally decided to boot so it appeared I was back in business.
I picked up a socket 370 to slot 1 CPU adapter that had a plastic lever and I was able to replace the broken one on the CPU socket. Since then, I have not been able to get the unit to boot. I don't think I damaged anything in the CPU socket as the top plate just snaps into place and slides back and forth when actuated by a cam on the lever. It powers on OK and the Arm/Disarm LED flashes green right from the start and never comes on red. The 10 Mbps and 100 Mbps LEDs for port 5 are off initially, but eventually both come on green. The LCD display just shows a series of black boxes.
I picked up a 2nd X500 on ebay and it arrived today. I upgraded the CPU and memory on that unit and installed the CF card from the non-booting unit. It booted up into pfSense with no problems. I disconnected the power supply cables from the mainboards on each unit and was able to connect the PSU from the bootable unit to the non-booting one and power it up. The result was the same.
I can only assume that the video card did something to the mainboard, but I don't see any fried components or smell anything that would indicate this occurred. I'm hesitant to try the video card in a PC for fear that it might cause damage.
Any thoughts or suggestions would be appreciated.
-
Did you set the arm/disarm light to be green in the BIOS? that's not the normal behaviour. My own X700 did something similar before failing completely. There have been several cases of bad capacitors in these boxes that prevented boot. They are all now quite old and most have seen many hours.
It could be a corrupted cmos bios data, have you tried resetting it?Steve
-
I haven't done anything to the BIOS. I'm not even sure how to access it at this point. I see a jumper marked "CMOS" next to the battery. Do I remove the jumper or switch it to the other pins or what?
-
Yep. To be sure, power of the box, remove the battery and move the jumper. Wait 30 seconds then put
it back.Steve
-
OK, I tried that, but no change. I've tried reinstalling the original RAM, CPU, and CF card, but it still won't boot. I already tried swapping the power supplies, but that had no affect either. That pretty much leaves just the mainboard and the front panel circuits.
I didn't spend a fortune on this box, but I'd hate to see it go to waste. I picked up the 2nd X500 on ebay for just $26 plus shipping so at least I still have one working unit.
-
I never recovered my box either but I ended up using the LCD from it in another unit. The PSUs can fail so that's also useful spare.
Steve
-
I just picked up WatchGuard X750e off of Fleabay and working on getting extra parts for it. I've been thinking of trying out the SD to CF adapter since I have bunch of SD cards laying around. Even smaller one like 256MB that I can use to flash the BIOS with.
Anybody tried using it with the WG?
-
The adapter and SD card would have to be capable of working in IDE mode in oreder to appear like a HD. I'm not sure it would, but I haven't tried it. ;)
The X750e is part of the next generation X-e boxes covered by a different thread. This thread is for the original X-Core boxes.Steve
-
My bad. Thanks for pointing it out. :)
-
Looks like I could be wrong about the SD-CF adapter though:
https://forum.pfsense.org/index.php/topic,69618.0.htmlSteve
-
Is it safe to assume the fireboxes use type I CF cards (ie 3mm thick)?
-
Yes, they're type 1 though people have run Microdrives so I guess type 2 would also fit if you could find any.
Steve
