Pfsense on a new HP Microserver GEN10

Tienie

Hi

Thank you John.

I did not really know that its not a good option. The only reason the hardware is reasonably priced. But I will def look into the netgate thank you.

My next step was exactly as you say to load ESXi and run a VM.

Don't really want to use it as something else other than a Firewall. So yes the additional drive bays is a waste.

Thank you for your help. I appreciate it. I was just hoping someone might have gotten past this issue.

Regards

johnpoz

Its prob very unlikely that anyone would try and install pfsense or even freebsd directly to such a machine.. That sort of hardware is gear for low end ma and pa shops that have a billy bob for their IT support and this server they install windows server on and run the little shop.

I have old gen I run as my esxi box because I got it really cheap, it has 4 bays and made a nice little esxi host for my lab with running as a nas as well.. I still use it - but I added a dual nic and a single nic.. And ran my pfsense as vm, along with plex and linux vms, etc.. It still runs a few vms I use locally, etc.

Its not a bad little server for the price - but its not a good choice for a box to be your firewall.

stephenw10

This fix will probably work:
http://www.virten.net/2017/10/fix-for-freenas-on-hpe-microserver-gen10-x3216-stuck-console-issue/

Interrupt the boot process to reach the boot loader prompt as described in many of the sections here:
https://doc.pfsense.org/index.php/Boot_Troubleshooting

Then enter:


set hw.pci.realloc_bars=1
boot

If that boots and successfully add it to /boot/loader.conf.local

Steve

SammyWoo

HP (a.k.a. Compaq) boxes are weird.

stephenw10

In this case is looks like some issue with the graphics hardware in that APU and FreeBSD 11. Though HP may have injected additional weirdness. ;)

Steve

Tienie

Hi. Thank you for all your input.

As I mentioned earlier, I am not a hardware expert but I still do think this microserver is not a bad option (apart from the issue I have) the pricing of this server is very low. I am in South Africa. So firstly I don't even think there are distributors of the netgate appliances in SA.

Secondly if I look at the pricing of the netgate sg-3100 it is $349. So with th4 ZAR TO USD exchange rate that is about R4500 then I will have to pay shipping and import duties which wil make the total cost +- R6000

I got the microserver brand new with 2 x drives for R4999 . So that was my deciding factor. The client we are implementing this firewall are 14 users. So the hardware will be sufficient.

Sammy you are correct. The Gen10 is fitted with an AMD cpu and not intel like the Gen8. And I think the graphics is causing the issue yes.

Nonetheless, I am going the ESXi option and run the FW as a vm. I gave John's suggestion some thought and if I add another 2 drives and maybe add 2 NICs also then I have available capacity for i.e. a NAS vm. Or even a windows VM that can be used as a jump box.

Cheers!

johnpoz

I show like 5 in SA
https://www.netgate.com/partners/locator.html#south-africa

Once you get atleast another nic you should be fine.. I personally would make sure you get atleast a dual so you can break out the vmkern from your other networks, put it on its own vswitch even if on the same actual layer 2 network as your lan, etc.

I would bump your ram up as well on the microserver. I have an OLD N40L and it still can run windows VMs - even windows 10 runs on it.. I wouldn't call it FAST ;) But it works and can use it for testing, etc. Got some windows 2012r2 that run on it without issue..

Mine is not long for this world though.. Its really showing its age, time to retire it for something with more umph..

Hmmm.. Most of those sites don't load.. But one shows sg3100 at R6790
https://getred.co.za/products/sg-3100-pfsense-firewall-appliance

That does seem high…

https://justechnologies.co.za/wp/

cert expired back in Feb... Not sure trust a tech company that can not even keep their websites ssl site current ;)

Tienie

Thank you John for your input. I did go and google.a bit for a supplier in SA. Like you said most of the websites I found did not load and I contacted one and their phone number is out of service..

And yes I think with import duties and the ZAR USD exchange rate the appliance is going to be more expensive.

I just cannot get the ACPI problem sorted. I tried all the suggestions with no luck. The server comes with 2 x NIC's. I am planning on installing a 3rd NIc to use as you mentioned for the VM host network. And the other 2 dedicated to the FW vm for WAN and LAN .

Server came with 8GB memory. So yes if I want to also load a windows 10 vm I will probably add more memory.

krom12

Hi ,

I am currently running Pfsense 2.4.2 on the HP microserver Gen10 as a vm (ESXI)
it comes with two nics onboard and i added 1x2 port intel card (cheap on ebay) ,

the reason i used the GEN10 is its cheaper (£180, mine was £130 with cashback from HP) than most of the PFSENSE Chinese boxes which support AEN-IS hardware cryptographic accelerator £ 200+ (future proof for pfsense 2.5).

this is my main firewall at home (adding snort/suricata IDS etc.) i can add any spare disk in the extra bays for logs etc without compromising performance

i think its the best of both i also have sophos, nas4free and zentyal (Directory services)

I think its the best bang for your buck PFSENSE platform for home/ Small business or PCLab

pfsense242.PNG_thumb

pfsense242_esx.PNG_thumb

johnpoz

Yeah I ran like that for years on way older hardware..

krom12

Hi,

Just saw this thread workaround, looks like its a known FreeBSD issue:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221350

I tried it in pfsense startup option 3

Set hw.pci.realloc_bars=1
boot

gets you past the boot screen error , hav not got the time to do a full setup as i am running Pfsense as a VM on my GEN10 as my home firewall/router, my son and wife want the internet back now.

will try a full install on friday when they are asleep :)

RenierViljoen

@krom12:

Hi,

Just saw this thread workaround, looks like its a known FreeBSD issue:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221350

I tried it in pfsense startup option 3

Set hw.pci.realloc_bars=1
boot

gets you past the boot screen error , hav not got the time to do a full setup as i am running Pfsense as a VM on my GEN10 as my home firewall/router, my son and wife want the internet back now.

will try a full install on friday when they are asleep :)

Thank you very much you saved me a lot of time and frustration :-)

bubbletop

has someone an idea wether the Gen10 has more horsepower than the SG 3100?

krom12

@krom12 Hi,
finally got the time to play with pfsense on the GEN10, was able to do a bare bones install to ssd from usb media, adding this at the initial boot-up, select option 3 then 'Set hw.pci.realloc_bars=1' , boot. (add this line to /boot/loader.conf to make it permanent), boots up and installs without any other errors.

its stable and works very well, , have just updated to 2.5 dev, also working well, throughput is much better than running pfsense as a VM on the same box and Nics :)

stephenw10

Add it to /boot/loader.conf.local to avoid it being overwritten during a firmware update.

Steve

JeGr

@bubbletop said in Pfsense on a new HP Microserver GEN10:

has someone an idea wether the Gen10 has more horsepower than the SG 3100?

The comparison is void as the SG3100 is ARM vs HPs little buddy is a low-cost Intel architecture. With all the Intel bugfixes etc. and Hypervisor in between, I'd guess the SG-3100 would be a faster solution (and cheaper/more power efficient) than HP. But it depends on the variant and CPU of the HP, there were various build on a G10 with different CPUs/APUs.