Watchguard V60L pfsense Instalation issues
-
Hi everyone , i have a delicate issue with my firewall witch i can not resolve .
Let me start from the beginning :
I bought this watchguard firebox V60L on ebay , the owner have send me only the box itself (no cables , no cds , nothing additional , not even the power cord) .
When i turned on the firewall i could see "Ready" led fixed and i tough that using the trusted ports (1) on the firewall i could get to the configuration of it .
Crossover cable used , normal RJ45 cable and nothing , i could not get an ip from firewall on DHCP .
So , i contacted watchguard if they could send me the vcontroller application so i could get over serial console some kind of reset , they answer me that they did not had any cd to sell or to send me , and the best way was to participate in their trade program , witch i trade this firewall for a new recent model in exchange and with discount .
I did not even reply to them , because this here is not a company and i am not wiling to spend more money than i really had already over this issue .
After a few searches for alternatives firmwares i found monowall witch i had no success installing the firmware , i found pfsense over this page : http://anthony.zerosandones.co.uk/content/firebox-v60l-and-m0n0wall-pfsense .
I try everything to get this on , i opened the firewall and i saw it was only 64M memory , so i upgrade it to 128M to work with Pf-sense , i saw that CF memory card on it was only 128M , and most of new Pf-sense firmwares the minimum is 512M , i looked here at stores and the minimum i found was 8G , so i go to pf-sense , i downloaded the liveCD installer and i run it , 1st time i used the quick installation witch deleted my hard disk where i had all my stuff , i only notice it after , but i recover it and all the data using Active partition recovery software , i saved all my data except the OS , but that was a minor problem .
Then i disconnected all my hdds and leave only the CF card active on computer and i installed the latest image (no vga or keyboard) , had no success again .
using pf-sense or monowall the "ready" led stays blinking and do not get ready .
I try Putty to connect over console but i got no sucess .
I made a bunch of cables for this console (db9 -> RJ45 ) connection to test , Cisco cable , null modem , alcatel , using the net schematics of pinout and i just can not get into the firewall anyway .Anyone here can please send me the vcontroller application from watchguard , or explain me what did i did wrong , please ?
some help is very appriciated , i am lost .
If someone also knows witch cable console pinout for this model is used then can you send it to me ?
Thank you for everything .
-
update :
Finally i got the correct configuration for the cable to access the console .
The cable is this one : RJ45 to DB9 Crossover
Now i can get data from the console , but it is giving me and irq7 error , here it is the logfile :Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge g interrupt source
00 05 00 8086 1209 Ethernet 9 interrupt source
00 06 00 8086 1209 Ethernet 6 interrupt source
00 07 00 8086 7110 ISA Bridge g interrupt source
00 07 01 8086 7111 IDE Controller g interrupt source
00 07 02 8086 7112 Serial Bus 11interrupt source
00 07 03 8086 7113 PCI Bridge g interrupt source
00 08 00 13A3 0006 Co-Processor 10interrupt source
00 09 00 1617 0101 Ethernet 11interrupt source
General Software Pentium III Embedded BIOS Version 4.3
Copyright (C) 2000 General Software, Inc.
(C) 2000 General Software, Inc.
Pentium III-4.3-
/boot/config: -D
Consoles: internal video/keyboard serial port
BIOS drive C: is disk0
BIOS 638kB/64512kB available memoryFreeBSD/x86 bootstrap loader, Revision 1.1
(root@snapshots-8_3-i386.builders.pfsense.org, Wed Sep 11 18:29:12 EDT 2013)
Loading /boot/defaults/loader.conf
/boot/kernel/kernel data=0x9162bc data=0x51d734+0x9e0c4 syms=[0x4+0x9aa90+0x4+0x d51ab]
|▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
▒ ▒
▒ ▒
▒ ▒
▒ Welcome to pfSense! ▒
▒ ▒ ______
▒ ▒ /
▒ 1. Boot pfSense [default] ▒ / f
▒ 2. Boot pfSense with ACPI enabled ▒ / \ /
▒ 3. Boot pfSense using USB device ▒ / p _/ Sense
▒ 4. Boot pfSense in Safe Mode ▒ \ /
▒ 5. Boot pfSense in single user mode ▒ _____/
▒ 6. Boot pfSense with verbose logging ▒ \ /
▒ 7. Escape to loader prompt ▒ ______/
▒ 8. Reboot ▒
▒ ▒
▒ ▒
▒ ▒
▒ Select option, [Enter] for default ▒
▒ or [Space] to pause timer -1 ▒
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒Copyright 1992-2012 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 18:43:07 EDT 2013
root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc /src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel Pentium III (847.74-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x68a Family = 6 Model = 8 Stepping = 10
Features=0x387f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pa ="" t,pse36,pn,mmx,fxsr,sse="">real memory = 67108864 (64 MB)
avail memory = 42561536 (40 MB)
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /bo ot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc07330f0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /b oot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0733190, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw /.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0733230, 0) error 1
wlan: mac acl policy registered
ACPI Error: A valid RSDP was not found (20101013/tbxfroot-309)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <intel 82443bx="" host="" to="" pci="" bridge="" (agp="" disabled)="">pcibus 0 on motherboard
pci0: <pci bus="">on pcib0
fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xc0000000 -0xc0000fff,0xc0020000-0xc003ffff irq 9 at device 5.0 on pci0
miibus0: <mii bus="">on fxp0
inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
fxp0: [ITHREAD]
fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xf800-0xf83f mem 0xc0040000 -0xc0040fff,0xc0060000-0xc007ffff irq 6 at device 6.0 on pci0
miibus1: <mii bus="">on fxp1
inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
fxp1: [ITHREAD]
isab0: <pci-isa bridge="">at device 7.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel piix4="" udma33="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37 6,0xf400-0xf40f at device 7.1 on pci0
ata0: <ata channel="">at channel 0 on atapci0
ata0: [ITHREAD]
ata1: <ata channel="">at channel 1 on atapci0
ata1: [ITHREAD]
uhci0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">port 0xf000-0xf01f irq 11 at de vice 7.2 on pci0
uhci0: [ITHREAD]
usbus0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">on uhci0
piix0: <piix timecounter="">port 0x10a0-0x10af at device 7.3 on pci0
Timecounter "PIIX" frequency 3579545 Hz quality 0
pci0: <processor>at device 8.0 (no driver attached)
pci0: <network, ethernet="">at device 9.0 (no driver attached)
cpu0 on motherboard
atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
uart1: [FILTER]
Timecounter "TSC" frequency 847737580 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
interrupt storm detected on "irq7:"; throttling interrupt source
usbus0: 12Mbps Full Speed USB v1.0
ad0: 7623MB <cf card="" ver7.02k="">at ata0-master UDMA33
ugen0.1: <intel>at usbus0
uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
uhub0: 2 ports with 2 removable, self powered
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
ad0: FAILURE - READ_DMA timed out LBA=15613917
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source</intel></intel></cf></parallel></parallel></parallel></at></network,></processor></piix></intel></intel></ata></ata></intel></isa></pci-isa></i82555></mii></intel></i82555></mii></intel></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pa >And stays like this forever .
Any idea ? -
Update : Finally i got PFsense Installed using physdiskwrite and 512M 386 image from 2.01 version of PFsense writing the image directly on the 8G CF card , i can not get PCI card to run properly due to that IRQ7 conflict witch is the IRQ that PCI slot is using . I can use PFsense GUI , and actually the firewall is working properly using the HTA ports , 1 for wan and other for Lan .
Over the console using putty i still have the annoying issue "interrupt storm detected on "irq7:"; throttling interrupt source" .
If anyone one could help me to solve this issue that was awesome . -
Have you read the V80L thread here? http://forum.pfsense.org/index.php/topic,53277.0.html
I imagine the two boxes are very similar. It's an interesting box. The PCI attached daughter board is clearly more than a network card. It has it's own ram for example. It seems likely that it's a 5 port managed switch on a card with one port exposed to the main board and other four available on the front. Do you have a copy of the bootup messages? You can find one in /var/log/dmesg.boot. Can you post the output of
pcicconf -lv
Does your daughter board look like the one linked in the V80L thread? We need to know what each of those ICs on there are and that might involve removing the heatsink. It may be possible to get pfSense to recongnice the card and configure it to use the extra ports but it's not going to be quick and easy.
Steve
-
hi , thank you a lot for the feedback on help .
Yes , my pci card is almost exactly like V80L , mine is revision 1 and 2x memories of 32M each .
and the symptoms are just like the ones that V80L have in that thread .Note : i missed that thread on V80L before i post this topic .
pciconf -l -v
hostb0@pci0:0:0:0: class=0x060000 card=0x00000000 chip=0x71928086 rev=0x03 hdr=0x00
class = bridge
subclass = HOST-PCI
fxp0@pci0:0:5:0: class=0x020000 card=0x00000000 chip=0x12098086 rev=0x09 hdr=0x00
class = network
subclass = ethernet
fxp1@pci0:0:6:0: class=0x020000 card=0x00000000 chip=0x12098086 rev=0x09 hdr=0x00
class = network
subclass = ethernet
isab0@pci0:0:7:0: class=0x060100 card=0x00000000 chip=0x71108086 rev=0x02 hdr=0x00
class = bridge
subclass = PCI-ISA
atapci0@pci0:0:7:1: class=0x010180 card=0x00000000 chip=0x71118086 rev=0x01 hdr=0x00
class = mass storage
subclass = ATA
uhci0@pci0:0:7:2: class=0x0c0300 card=0x00000000 chip=0x71128086 rev=0x01 hdr=0x00
class = serial bus
subclass = USB
piix0@pci0:0:7:3: class=0x068000 card=0x00000000 chip=0x71138086 rev=0x02 hdr=0x00
class = bridge
none0@pci0:0:8:0: class=0x0b4000 card=0x00000000 chip=0x000613a3 rev=0x01 hdr=0x00
class = processor
none1@pci0:0:9:0: class=0x020000 card=0x00000000 chip=0x01011617 rev=0x00 hdr=0x00
class = network
subclass = ethernet$ cat /var/log/dmesg.boot
Copyright 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011
root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel Pentium III (847.74-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x68a Family = 6 Model = 8 Stepping = 10
Features=0x387f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>real memory = 134217728 (128 MB)
avail memory = 112218112 (107 MB)
netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0710010, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07100b0, 0) error 1
wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (wpi_fw, 0xc0883050, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0710150, 0) error 1
ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <intel 82443bx="" host="" to="" pci="" bridge="" (agp="" disabled)="">pcibus 0 on motherboard
pci0: <pci bus="">on pcib0
fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xc0000000-0xc0000fff,0xc0020000-0xc003ffff irq 9 at device 5.0 on pci0
fxp0: Enabling Rx lock-up workaround
miibus0: <mii bus="">on fxp0
inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: [ITHREAD]
fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xf800-0xf83f mem 0xc0040000-0xc0040fff,0xc0060000-0xc007ffff irq 6 at device 6.0 on pci0
fxp1: Enabling Rx lock-up workaround
miibus1: <mii bus="">on fxp1
inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: [ITHREAD]
isab0: <pci-isa bridge="">at device 7.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel piix4="" udma33="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf400-0xf40f at device 7.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata0: [ITHREAD]
ata1: <ata 1="" channel="">on atapci0
ata1: [ITHREAD]
uhci0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">port 0xf000-0xf01f irq 11 at device 7.2 on pci0
uhci0: [ITHREAD]
usbus0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">on uhci0
piix0: <piix timecounter="">port 0x10a0-0x10af at device 7.3 on pci0
Timecounter "PIIX" frequency 3579545 Hz quality 0
pci0: <processor>at device 8.0 (no driver attached)
pci0: <network, ethernet="">at device 9.0 (no driver attached)
cpu0 on motherboard
atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
uart1: [FILTER]
Timecounter "TSC" frequency 847737496 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
interrupt storm detected on "irq7:"; throttling interrupt source
usbus0: 12Mbps Full Speed USB v1.0
ad0: 7623MB <cf card="" ver7.02k="">at ata0-master PIO4
ugen0.1: <intel>at usbus0
uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
Root mount waiting for: usbus0
uhub0: 2 ports with 2 removable, self powered
Trying to mount root from ufs:/dev/ufs/pfsense0
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source
interrupt storm detected on "irq7:"; throttling interrupt source</intel></intel></cf></parallel></parallel></parallel></at></network,></processor></piix></intel></intel></ata></ata></intel></isa></pci-isa></i82555></mii></intel></i82555></mii></intel></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>Btw , i was finishing the reading on V80 and it stop when brian was going to look what chip description was behind the heat-sinker in that pci card , i can send you the original watchguard firmware from mine in case you want to give a look at it . i could only get the raw image copy of it , but if you still want it to check it out then tell me and i upload the file . it is 128M the raw image , if that avoids the removing of the heat sink .
PCI card Top image
PCI card Bottom Image
-
In previous Watchguard firmwares I've looked at the code for controlling proprietary hardware is in the form of a compiled module which doesn't help much. There have been some clues in various config files though. It might be completely different though because the V60 and V80 were basically made by Rapidstream before Watchguard absorbed them.
I notice your PCI device ID is different, presumably because of the revision difference?
What are the part numbers of the chips you can see? The two large ICs next to the SODIMMs and the heatsink.
Steve
Edit: The fact that the board is labelled 'SBC' has so much RAM for itself and has JTAG programming connectors leads me to believe it might well be an entirely separate computer. It could be a high powerd switch IC I guess. I think it's very unlikely I'll be able to do anything useful with it. :(
-
Thanks for the reply .
the chips ids are :
1 x AM29LV80088-120EC "AMD Chip" http://www.usbid.com/parts/AM29LV80088120EC
1 x 58L256L36P http://www.alldatasheet.com/datasheet-pdf/pdf/130167/MICRON/MT58L256L36P.html
4 x 825559ER "Intel PCI Controller" http://www.embeddedtechnology.com/doc/dual-fast-ethernet-interface-for-3u-compactpc-0001I will see if in next weekend i can take off the heat sink somehow without damaging the card .
I have look over the net for some techniques "how to do it" , and i may try . -
here it is the reference the the chip behind the heat sink :
Rapidcore RC10000 C -
Nice photo. :)
Hmm some custom IC, yikes!
In order to get the required throughput between the various local interfaces Rapidstream have used a custom ASIC in addition to the X86 board. The X86 cpu and PCI bus just wasn't up to the job in 2000. The code and specs for that will not be available. However it seems that the ASIC appears as a network device, it seems likely they would have simulated some well supported NIC (or does it?) in which case it may be possible to talk to it. :-\ On the other hand when those boxes were running the original OS the two fxp ports were only ever used to sync together several boxes in a high availability cluster. Actual network data never flowed through them. It may be that the X86 CPU only ever sent control messages to the ASIC over the PCI connection.
Whilst this would be a fascinating project it's way beyond my normal level of tinkering and the result would still be a fairly slow firewall. It would be much easier to replace the daughter board with a standard quad NIC.Steve
This is talking about a later, faster model but the idea is the same:
@http://www.checkpoint.com/press/partners/2002/rapidstream012202.html:RapidCore ASIC and Check Point Secure XL
RapidStream is the first to deliver breakthrough VPN-1 performance on a single appliance by leveraging the Check Point SecureXL performance framework. The security decisions made by Check Point software running on the main CPU are executed by one or more RapidCore chips, RapidStream's custom programmable security ASIC. RapidStream's architecture allows the company to linearly scale appliance performance to any desired level by adding additional RapidCore ASICs. RapidCore ASICs perform parallel processing of VPN-1 and FireWall-1 functions, Network Address translation (NAT), Denial of Service (DoS) attack protection, and Quality of Service (QoS) functions by using the embedded four RISC CPUS and embedded memory cache. "With RapidStream's architecture, the data path traffic 'cuts through' the RapidCore processor(s) and not the appliance's central CPU, eliminating a typical performance bottleneck: the system bus," said Vince Liu, RapidStream president and CEO. "The execution of Check Point Next Generation software on the RapidStream platform matches network wire speeds so users are not impeded by security measures, nor limited by the number of sessions that can be supported. Productivity is enhanced and bandwidth purchased by the organization is not wasted, improving the company's return on investment (ROI)." -
Thanks for the reply .
I understand the point of view , now i am between 2 paths :
1 st : i use the motherboard nics only and use PFSense witch have a very good GUI and can be updated freely and at lan i put a switch to connect my lan .2nd : i can use an outdated firmware from watchguard where i can use the PCI Ethernet Switch Card , but at same time i will be no secure and the configuration will be over the console (witch is a bit complicated at some points .)
I surely prefer the 1st one ;)
By the way , Stephen , do you have vcontroller application from watchguard so i can give a look the the original firmware from this firewall without using the console and putty manually ?
I do not have the original CD from this firewall because i buy it on ebay and the last owner did not had it .Thanks for everything .
-
I removed the ethernet PCI card from the firewall and i notice that the irq 7 issue still remains as error on putty and on pfsense .
Is there anyway to bypass this issue ? -
Try running 'vmstat -i' at the console. What is causing the storm?
Try 'top -SH'. Anything showing high CPU usage?
Steve
-
here are the results steven :
vmstat -i
interrupt total rate
irq0: clk 2090955 99
irq4: uart0 1380322 66
irq6: fxp1 983072 47
irq7: ppc0 1965927 94
irq8: rtc 2676708 127
irq9: fxp0 1666721 79
irq14: ata0 69918 3
Total 10833623 518
[2.1-RELEASE][root@pfSense.localdomain]/root(2)about the cpu usage everything is normal , it is 93% idle and have only
11 root -60 - 0K 112K istorm 24:34 4.98% intr{irq7: ppc0}
cat /var/log/dmesg.boot
Copyright 1992-2012 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 19:13:36 EDT 2013
root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.8.i386interrupt storm detected on "irq7:"; throttling interrupt source
i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel Pentium III (847.74-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x68a Family = 6 Model = 8 Stepping = 10
Features=0x387f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>real memory = 134217728 (128 MB)
avail memory = 108032000 (103 MB)
wlan: mac acl policy registered
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <intel 82443bx="" host="" to="" pci="" bridge="" (agp="" disabled)="">pcibus 0 on motherboard
pci0: <pci bus="">on pcib0
fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xc0000000-0xc0000fff,0xc0020000-0xc003ffff irq 9 at device 5.0 on pci0
miibus0: <mii bus="">on fxp0
inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
fxp0: [ITHREAD]interrupt storm detected on "irq7:"; throttling interrupt sourcefxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xf800-0xf83f mem 0xc0040000-0xc0040fff,0xc0060000-0xc007ffff irq 6 at device 6.0 on pci0
miibus1: <mii bus="">on fxp1
inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
fxp1: [ITHREAD]
isab0: <pci-isa bridge="">at device 7.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel piix4="" udma33="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf400-0xf40f at device 7.1 on pci0
ata0: <ata channel="">at channel 0 on atapci0
ata0: [ITHREAD]
ata1: <ata channel="">at channel 1 on atapci0
ata1: [ITHREAD]
uhci0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">port 0xf000-0xf01f irq 11 at device 7.2 on pci0
uhci0: [ITHREAD]
usbus0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">on uhci0
piix0: <piix timecounter="">port 0x10a0-0x10af at device 7.3 on pci0
Timecounter "Pinterrupt storm detected on "irq7:"; throttling interrupt source
IIX" frequency 3579545 Hz quality 0
pci0: <processor>at device 8.0 (no driver attached)
cpu0 on motherboard
atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
uart1: [FILTER]
Timecounter "TSC" frequency 847739792 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
interrupt storm detected on "irq7:"; throttling interrupt source
usbus0: 12Mbps Full Speed USB v1.0
ad0: 7623MB <cf card="" ver7.02k="">at ata0-master PIO4
ugen0.1: <intel>at usbus0
uinterrupt storm detected on "irq7:"; throttling interrupt source
hub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
Root mount waiting for: usbus0
uhub0: 2 ports with 2 removable, self powered
Trying to mount root from ufs:/dev/ufs/pfsense1</intel></intel></cf></parallel></parallel></parallel></at></processor></piix></intel></intel></ata></ata></intel></isa></pci-isa></i82555></mii></intel></i82555></mii></intel></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>i am also trying to find how to activate the leds of the firewall , "ready,admin & alarm" or at least the "ready" led .
but most important than that is solve this issue with the irq .
I was wondering if the cause may be related to the 128M sdram memory installed on the firewall and i be using the 512M pfsense image ?
Can that affect this issue ?thank you for all your help on this , and as matter of fact this topic may be usefull for others users in future if they acquire a beast like this one , lol ;) .
Note : before posting here i notice on the start on the boot that disabling acpi may fix this issue and i disable it on the boot , but issue still remains .
-
So it appears to be having a problem with the parallel port (ppc0). Do you need the parallel port? Can it be disabled? About the only thing I can think it might be used for is the leds.
You can read about my own investigation into the front panel leds on other Watchguard boxes here:
http://forum.pfsense.org/index.php/topic,32013.0.htmlI also just noticed that there is another device shown in your pci listing. Vendor:13a3 Device:0006. This appears to be a Hi-fn crypto chip. It is supported by the lofn(4) driver in other BSDs but hasn't been ported to FreeBSD unfortunately.
Steve
-
Hi Steve , i can not understand why it says parallel port ?!!
Why it says parallel port if the hardware have none ?
can that port be related to the db9 ups port at back of the hardware ?
I will check your topic about the leds later , i have to go to work now . -
The UPS connector is almost certainly a serial port.
Just because there isn't a parallel port connector on the box does not mean it doesn't have one. It's standard PC hardware it probably uses a SuperIO chip to provide various services and it may provide a parallel port even if it's not connected to anything. Purely speculation but I could imagine an incorrectly terminated parallel interface generating way too many interrupts. On the later fireboxes the parallel port is used for the LCD.
Try looking in the BIOS, if you can, see if it can be disabled.Steve
-
how do i go to the bios settings on this firewall ?
i only have the console as an interface to communicate with the hardware !!!! -
Well I wasn't sure if you could. Many appliance style boxes use console-redirect to access the BIOS via the serial port. Often you have to press TAB to enter the setup. Otherwise we could try switching the serial port mode using a tunable.
Edit: Try adding the line:
hint.ppc.0.flags="0x24"
to the file /boot/loader.conf.local. You will have to create that file.
That line should disable the parallel port using an IRQ and force it to use EPP mode.Steve
-
Bingo , worked just fine , thanks
no more irq issues .
Tab does not work to get access to bios , you told about tuneable settings that i may can get access to it , how do i do it ?Thanks for everything
-
Ah sorry I wrote serial and meant parallel. That device hint is the sort of thing I was thinking of. There's probably no easy way of accessing the BIOS if console redirect isn't enabled. We had to do it on the firebox x-e box because you need BIOS access to boot pfSense on that. It was high risk initially though.
Steve