Watchguard Firebox M440

pglover19

I got it.. Just need to restrict based on your IP address. I had to add some routing on the pfSense setup on the M440. It is working.

pglover19

Were there any information in the WatchGuard OS boot log file that were useful?

pglover19

Any update?

stephenw10

Sorry, busy day. I'll update when I can.

pglover19

pglover19

pglover19

pglover19

pglover19

apocalyps3736

I had the same issue with the 24 ports not working on pfsense. This is from the WG boot:

99.449275] Intel(R) Gigabit Ethernet Network Driver - version 5.2.15
[   99.769656] [   99.456467] Copyright (c) 2007-2014 Intel Corporation.
Running /etc/run[   99.463239] igb_sw_init: sw0
 Max Frame 1526
[   99.829545] igb 0000:00:14.0: added PHC on eth0
[   99.834127] igb 0000:00:14.0: Intel(R) Gigabit Ethernet Network Connection
[   99.841038] igb 0000:00:14.0: eth0: (PCIe:integrated:integrated)
[   99.847172] igb 0000:00:14.0 eth0: MAC: 00:a0:c9:00:00:00
[   99.852680] igb 0000:00:14.0: eth0: PBA No: 001800-000
[   99.857964] igb 0000:00:14.0: LRO is disabled
[   99.862358] igb 0000:00:14.0: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s)
[   99.870190] igb_sw_init: sw1 Max Frame 1526
[  100.235046] igb 0000:00:14.1: added PHC on eth1
[  100.239636] igb 0000:00:14.1: Intel(R) Gigabit Ethernet Network Connection
[  100.246548] igb 0000:00:14.1: eth1: (PCIe:integrated:integrated)
[  100.252679] igb 0000:00:14.1 eth1: MAC: 00:a0:c9:00:00:01
[  100.258191] igb 0000:00:14.1: eth1: PBA No: 001800-000
[  100.263472] igb 0000:00:14.1: LRO is disabled
[  100.267873] igb 0000:00:14.1: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s)
[  100.275729] igb_sw_init: sw2 Max Frame 1526
[  100.640167] igb 0000:00:14.2: added PHC on eth2
[  100.644739] igb 0000:00:14.2: Intel(R) Gigabit Ethernet Network Connection
[  100.651652] igb 0000:00:14.2: eth2: (PCIe:integrated:integrated)
[  100.657782] igb 0000:00:14.2 eth2: MAC: 00:a0:c9:00:00:02
[  100.663301] igb 0000:00:14.2: eth2: PBA No: 001800-000
[  100.668591] igb 0000:00:14.2: LRO is disabled
[  100.672986] igb 0000:00:14.2: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s)
[  100.680813] igb_sw_init: sw3 Max Frame 1526
[  101.043999] igb 0000:00:14.3: added PHC on eth3
[  101.048577] igb 0000:00:14.3: Intel(R) Gigabit Ethernet Network Connection
[  101.055512] igb 0000:00:14.3: eth3: (PCIe:integrated:integrated)
[  101.061679] igb 0000:00:14.3 eth3: MAC: 00:a0:c9:00:00:03
[  101.067196] igb 0000:00:14.3: eth3: PBA No: 001800-000
[  101.072482] igb 0000:00:14.3: LRO is disabled
[  101.076873] igb 0000:00:14.3: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s)
[  101.144488] igb 0000:01:00.0: added PHC on eth4
[  101.149078] igb 0000:01:00.0: Intel(R) Gigabit Ethernet Network Connection
[  101.156009] igb 0000:01:00.0: eth4: (PCIe:2.5GT/s:Width x1)
[  101.161708] igb 0000:01:00.0 eth4: MAC: 00:90:7f:d0:44:27
[  101.167189] igb 0000:01:00.0: eth4: PBA No: 000300-000
[  101.172397] igb 0000:01:00.0: LRO is disabled
[  101.176791] igb 0000:01:00.0: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s)
[  101.186125] Intel(R) 10 Gigabit PCI Express Network Driver - version 4.1.5
[  101.193037] Copyright (c) 1999-2015 Intel Corporation.
[  102.359529] ixgbe 0000:03:00.0: PCI Express bandwidth of 32GT/s available
[  102.366384] ixgbe 0000:03:00.0: (Speed:5.0GT/s, Width: x8, Encoding Loss:20%)
[  102.373630] ixgbe 0000:03:00.0 eth5: MAC: 2, PHY: 1, PBA No: FFFFFF-0FF
[  102.380309] ixgbe 0000:03:00.0: 00:90:7f:d0:44:40
[  102.385089] ixgbe 0000:03:00.0 eth5: Enabled Features: RxQ: 8 TxQ: 8 FdirHash RSC
[  102.392750] ixgbe 0000:03:00.0 eth5: Intel(R) 10 Gigabit Network Connection
[  103.568275] ixgbe 0000:03:00.1: PCI Express bandwidth of 32GT/s available
[  103.575119] ixgbe 0000:03:00.1: (Speed:5.0GT/s, Width: x8, Encoding Loss:20%)
[  103.582400] ixgbe 0000:03:00.1 eth6: MAC: 2, PHY: 1, PBA No: FFFFFF-0FF
[  103.589088] ixgbe 0000:03:00.1: 00:90:7f:d0:44:41
[  103.593857] ixgbe 0000:03:00.1 eth6: Enabled Features: RxQ: 8 TxQ: 8 FdirHash RSC
[  103.601491] ixgbe 0000:03:00.1 eth6: Intel(R) 10 Gigabit Network Connection
[  107.620905]
[  107.620905] PEX: Marvell device fixup
[  107.626199] Configuring cross bar for xCat2 device 0xe7fe
[  107.637923]
[  107.640321] stub function bspPciFindDevReset returning MV_OK
[  107.652822]
[  107.652822] presteraSmi_init: Init OK!
[  107.658284] DMA - dma_area: 0xffffc9000d580000(v) ,dma_base: 0x80000000(p), dma_len: 0x200000
[  107.667629] HSU - hsu_area: 0xffffc9000d800000(v) ,hsu_base: 0x88000000(p), hsu_len: 0x800000
[  107.676642]
[  107.676642] wg_pss_init: Built Oct 17 2016 17:54:50
[  107.683072] pss_create:  eth0    ->   sw0
[  107.704448] pss_create:  eth1    ->   sw1
[  107.737763] pss_create:  eth2    ->   sw2
[  107.774455] pss_create:  eth3    ->   sw3
[  107.804477] pss_create:  eth4    ->   eth0
[  107.834500] pss_create:  eth5    ->   eth25
[  107.871198] pss_create:  eth6    ->   eth26
[  107.901833] pss_create:  eth1   [ 9]  sw0    tag 4064
[  107.907367] pss_create:  eth2   [10]  sw1    tag 4065
[  107.912905] pss_create:  eth3   [11]  sw2    tag 4066
[  107.918452] pss_create:  eth4   [12]  sw3    tag 4067
[  107.923973] pss_create:  eth5   [13]  sw0    tag 4068
[  107.929497] pss_create:  eth6   [14]  sw1    tag 4069
[  107.935028] pss_create:  eth7   [15]  sw2    tag 4070
[  107.940572] pss_create:  eth8   [16]  sw3    tag 4071
[  107.946104] pss_create:  eth9   [17]  sw0    tag 4072
[  107.951637] pss_create:  eth10  [18]  sw1    tag 4073
[  107.957199] pss_create:  eth11  [19]  sw2    tag 4074
[  107.962739] pss_create:  eth12  [20]  sw3    tag 4075
[  107.968302] pss_create:  eth13  [21]  sw0    tag 4076
[  107.973851] pss_create:  eth14  [22]  sw1    tag 4077
[  107.979379] pss_create:  eth15  [23]  sw2    tag 4078
[  107.984912] pss_create:  eth16  [24]  sw3    tag 4079
[  107.990457] pss_create:  eth17  [25]  sw0    tag 4080
[  107.996015] pss_create:  eth18  [26]  sw1    tag 4081
[  108.001548] pss_create:  eth19  [27]  sw2    tag 4082
[  108.007063] pss_create:  eth20  [28]  sw3    tag 4083
[  108.012600] pss_create:  eth21  [29]  sw0    tag 4084
[  108.018141] pss_create:  eth22  [30]  sw1    tag 4085
[  108.023685] pss_create:  eth23  [31]  sw2    tag 4086
[  108.029240] pss_create:  eth24  [32]  sw3    tag 4087

As you can see watchguard uses a custom lib libwg_pss and some others to make this happen. I'm now trying to use the WG kernel and libs to create a linux distro where all the ports are accessible.

pglover19

I have 2 of these units. It would be great to get the units working with pfSense. Let me know what help you need from me.

stephenw10

More eyes on this can't hurt.

Indeed WG loads a driver for the switch device and then configure it to accept the individual VLANs on the three igb NICs.

It would be good to get a second opinion on connecting the switch serial console header internally if you can try that.
If we can get any access to the switch that might help. It seem unlikely we would ever get a FreeBSD driver for the switch devise but if we can configure it via serial then we would only need an igb driver that recognises the phy (or lack thereof).

Steve

pglover19

Hi Stephen,

I just purchased a third M440 on Ebay for a cheap price. I know we worked on trying to get pfSense to recognize all the 1GB ports on this unit last year and were unsuccessful.

I'm willing to donate the third M440 to you if you would like to continue the effort to get this unit working with pfSense. I can ship the unit to you. Let me know what you think.

jrhymer

@stephenw10 Stephen I would be willing to donate one of these units as well

i_am_a_Fred

@jrhymer
Hi, i can access to WebUI or proprietary interface (via WSM), can this help ?
Regards.

Fred.

stephenw10

In the Watchguard OS? I doubt it would tell us much. The boot logs, which we already have, are quite revealing.

Steve

sevrix

@stephenw10 Hello, I'm really invested in this as well but I have gotten nowhere, I know lots been a few years but I'm guessing there is no update on this? I'm based in UK/London I have a m440 and gotten nowhere with pfsense

stephenw10

You should be able to boot pfSense fairly easily, you just end up with only 3 working ports; the two SFP ports and the management port. It would be nice to have the other 24 ports accessible.
Did you reach that point?

Steve