PFS on a checkpoint 2200
-
Hi guys, I'm on a pinch and need your guidance. I purchased a CP 2200 on ebay @ a good price. But when tried to set it up the web wizard does not lunch. I can ping the mgmt interface and can log to the console. So hardware seems to be ok. Due to having the appliance already and got it at a good price, I wonder if I can install PFS on the appliance?
Plus I have a couple of other questions
Does PFS take advantage of crypto hardware?
How does UTM packages gets installed?
Does ports can be grouped by zones?
PFS can use multicore efficiently?My other choice is to return it, but if the hardware works with PFS I rather keep the unit. Is for my home and need some throughput for the new fiber coming this Saturday. My current SonicWALL cant move the new bandwidth.
Thanks in advance
Dr3X
-
Hi Dr3X
I'd also be interested to know the outcome of this.
I successfully installed PFSense on an old CheckPoint UTM appliance, but it does not quite have the CPU I need too.
I just used a bootable USB, cnnected via console and triggered the boot menu at boot time.
Can you not do the same with the 2200 appliance?
Dave
-
The CP2200 appears to be an Intel Atom D525 so it might.
What have you tried so far?
What boot media is it using internally?
If the bios is locked down then it's probably more trouble than it's worth. Unless you like a challenge. ;)
Steve
-
hello
I have done this installation yesterday.
I have use this tuto
the tuto is for an older release, just one or two screens are differentthe firewall is with pfsense and all is ok.
if you want more info, let me know.
-
That model had a Celeron M which is 32bit only but you should definitely use the 64bit image if it's an Atom D525.
Steve
-
the hardware:
AMIBIOS(C)2006 American Megatrends, Inc.
CheckPoint Software Technologies LTD, BIOS Rev: T-110-1.0
CPU : Intel(R) Atom(TM) CPU D525 @ 1.80GHz
Speed : 1.80 GHzYes, you can use the 64 bits version.
You can find in attachment my install (screenshot)
-
Sorry for the delay guys. Nobody replied in 2 days since I posted so I carried along.
I installed pfsense on the appliance using a usb with nanobsd. opted for the 32bit to mitigate possible issues. Install went pretty smooth. All seems to be functional and stable. I got my new isp service installed last weekend and had to do some new drops to accommodate 1G speeds. In case you wonder is Giga power from ATT @ Orlando. My clock speed with the pc at the modem is 970/999. I did some benchmark with the checkpoint and the cpu max @ 450mbps. Not to shabby for the appliance although checkpoint lists the device with 3G of raw power and 1.4G deployed. That is a far cry from what I'm getting. Hence the reason for buying one. So I'm wondering if pfsense cant use all the hardware enhancement bits and is just going on raw cpu power. After all pfsense was meant for pc hardware, not appliances. Tried Gaia but after the firewall got online it stopped to pass traffic. I assume is due licensing requirements.
Now that I have the firewall running smoothly, will try the 64 bit version and see if it performs better. I have some extra memory and an ssd laying around if I decide to open it and upgrade it. I just wonder if the cpu will not let it move any faster. Its a shame, it is a great package, 6 ports, low power consumption, small, console port, quiet and aesthetically pleasing.
-
There may be some optimising you can do but you won't get 1Gbps from a D525 if that's what it is.
What NICs does it have?Steve
-
There may be some optimising you can do but you won't get 1Gbps from a D525 if that's what it is.
What NICs does it have?Steve
I traced the mac but returns that is from checkpoint. Is there a way on pfsense to see the hardware ID or hardware description?
I will dig to see what I can find.
-
I found a way.
em5@pci0:7:0:0: class=0x020000 card=0x000015bb chip=0x150c8086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
device = '82583V Gigabit Network Connection'
class = network
subclass = ethernetSo the nics are Intel. What I can do to optimize the firewall?
Thanks
-
Well, installed the 64bit version of pfsense and did some tuning and now I get 506/522. the upload has gone as high as 846! But bounces a lot. I think this is as far it can go.
-
That probably is about all you can expect from a D525 with em NICs.
It does depend how you're testing to a large degree. As you've seen sites like speedtest.net can prove inaccurate especially at high speeds like you have access to (no jealously here! ;)).
You might try a 2.4 snapshot that has newer drivers from FreeBSD 11 but I doubt much will have changed in em.
Steve
-
I've also installed pfsense on this appliance and i had a celeron 440 2ghz. Guess it will perform about the same as the D525 so I did a test and swapped it to a Core2duo E6600 2,4ghz (dual core) and it booted fine.
It will probably draw some more electricity since it has a higher TDP etc. but i guess it will be capable to make some more throughput. (I do not have a gigabit line so i dont know how to test this :))
-
@poluket hello can you share the document setup with me for check point t110, the attached zip file is not working.
-
What have you tried? How did it fail?
-
@stephenw10 check point t110 a pfsense can be installed? can you share documents.
-
@stephenw10
Unable to download zip file in this post. -
Unfortunately that file failed to import when we changed forum software and that user hasn't been online for over a year.
What I meant was what have you tried to install pfSense on the T110 and how did it fail?
Steve
-
@stephenw10 I'm thinking of buying a check point t110 so I want to know if pfsense can be built.
-
@torefloo said in PFS on a checkpoint 2200:
@stephenw10 I'm thinking of buying a check point t110 so I want to know if pfsense can be built.
Don't waste money on ancient hardware.