Watchguard Firebox M440
-
Yes, it supports AES-NI. It's very low power consumption.... if that's a concern.
A much bigger issue with that box is that those ports are connected via an onboard switch, kind of similar to our own XG-7100. We put in a lot of development work to support that switch in FreeBSD/pfSense to be able to make changes to it etc. This one is not that.
http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/up-2010Steve
-
@stephenw10 said in Watchguard Firebox M400:
Yes, it supports AES-NI. It's very low power consumption.... if that's a concern.
A much bigger issue with that box is that those ports are connected via an onboard switch, kind of similar to our own XG-7100. We put in a lot of development work to support that switch in FreeBSD/pfSense to be able to make changes to it etc. This one is not that.
http://www.lannerinc.com/products/x86-network-appliances/x86-rackmount-appliances/up-2010Steve
Will the M440 be a good device for pfSense? I would hate to return them since I got a great deal for 2 units.
Unt -
I have no idea without testing one. Which would be fun!
But if the switch is controllable only via smbus for example it might be a challenge to say the least.
I'm sure you could install it but you might find only the 10GbE ports are available initially.
Can you try it and see?Steve
-
I guess the M400 device would have the better device to buy.
-
@stephenw10 said in Watchguard Firebox M400:
I have no idea without testing one. Which would be fun!
But if the switch is controllable only via smbus for example it might be a challenge to say the least.
I'm sure you could install it but you might find only the 10GbE ports are available initially.
Can you try it and see?Steve
I could send you 1 of the devices to work on.
-
I think you're in the US and I'm in the UK. It would likely have to wait until I'm next over there.
But the switch may be pre-configured in someway that allows you to use it anyway.
The best thing to do here would be start a new thread and document everything you find.
Steve
-
@stephenw10 said in Watchguard Firebox M400:
I think you're in the US and I'm in the UK. It would likely have to wait until I'm next over there.
But the switch may be pre-configured in someway that allows you to use it anyway.
The best thing to do here would be start a new thread and document everything you find.
Steve
Will do... the units are arriving on Friday.
-
Is the Atom CPU in the M440 a good CPU for pfSense?
-
Yes, it's pretty good. We used it in a number of models.
Though obviously it's part of the C2000 family with all that implies.
Steve
-
@stephenw10 said in Watchguard Firebox M400:
Yes, it's pretty good. We used it in a number of models.
Though obviously it's part of the C2000 family with all that implies.
Steve
I assume the M400 model would have been the preferred model to purchase right?
-
@stephenw10 said in Watchguard Firebox M400:
Yes, it's pretty good. We used it in a number of models.
Though obviously it's part of the C2000 family with all that implies.
Steve
What current models? -
Below is a link to the Lanner UP-2010. This may give you a preview of what the internal hardware may look like for the M440. I will receive the unit on Friday.
http://www.lannerinc.com/phocadownload/user-manuals/x86-network-appliances/UP-2010_manual_v1.1_20160304.pdf
Does anyone know if pfSense works with the Marvell Prestera 98DX3035 packet processor?
-
@stephenw10 said in Watchguard Firebox M400:
Yeah, I couldn't make it boot USB. It should boot CF or SATA if CF is not present. So you should be able to write the install image to CF, boot from it and install to SATA and then boot from that after pulling the CF card.
Or you can install to CF in something else and swap it into the m400.
Steve
Question... How do you install pfSense to a SATA drive after booting from a Compact Flash? In preparation for my M440 on Friday, I am installing pfSense on a CF now. Just trying to get ahead of the game.
Also can pfSense be installed on a 2GB CF?
-
I split these off into a new thread to avoid spamming the m400 thread.
@pglover19 said in Watchguard Firebox M440:
I assume the M400 model would have been the preferred model to purchase right?
It depends what you're looking for in terms of power consumption, throughput, ports etc. The M400 is proven though which makes it safer. (but less fun!)
@pglover19 said in Watchguard Firebox M440:
What current models?
No current models but it was used in the C2758, SG-8860 and XG-2758.
@pglover19 said in Watchguard Firebox M440:
Does anyone know if pfSense works with the Marvell Prestera 98DX3035 packet processor?
Almost certainly not. There are very few switches supported by etherswitchcfg. As I said we had to add support for the switches in the devices we ship currently.
@pglover19 said in Watchguard Firebox M440:
Question... How do you install pfSense to a SATA drive after booting from a Compact Flash? In preparation for my M440 on Friday, I am installing pfSense on a CF now. Just trying to get ahead of the game.
Also can pfSense be installed on a 2GB CF?
You can probably put the installer image on the CF card, boot that and install to SATA that way. I have also installed to SATA or CF in something else and moved the drive. That's what I did in the M400.
Yes it can be installed in 2GB though you would want to remove swap during the install.
Just to start poking about in the hardware you could always boot the 2GB 2.5.3 Nano image. You just need to write that to the card. Until you get the box you won't know locked down it is. You might be able to boot USB which removed all those issues.
Steve
-
Just received the M440 today and the internal hardware is exactly like the Lanner UP-2010. I would post some photos, but I don't know how.
-
More update. I was able to load pfSense from a SSD. The only interfaces it recognize on the M440 are:
igb0 - Intel Pro/1000 Network Connection
ix0 - Intel Pro/10Gbe PCI-Express Network Driver
ix1 - Intel Pro/10Gbe PCI-Express Network DriverThat is not good. I need help...
-
Ok I assume igb0 is what is labelled port 0 on the front? And ix0/1 are the 10G SFP ports?
I expect a C2000 SoC to appear as 4 igb ports normally, but they can be disabled. We need to see the boot log / dmesg. Also the output of
pciconf -lv
may be helpful. Both as attached text files if possible.
Do you have access to the bios setup?You can upload photos directly into the post using the 'Upload Image' button.
Steve
-
This post is deleted! -
I will be back home in the next 3 hours. Where is the log files located?
-
The boot log you could get from console, putty can log all output to a file or you can copy/paste it from the console window into a file.
Or the dmesg output can be found in /var/log/dmesg.boot
The pciconf output you can redirect to a file like:pciconf -lv > /tmp/pciconf.txt
or copy/paste it.Steve