Anyone have pfSense installed on Stonesoft / Stonegate hardware?
-
Hi,
There seem to be quite a few Stonesoft / Stonegate firewall appliances on eBay these days - reasonable spec's for the price.
Has anyone had any luck installing pfSense on them? If so are there any guides around?
Thanks,
Steve
-
You have an example? Or any specs?
Steve
-
I am trying to do this i have a FW-1050. Here's datasheet for a 1030
SOFTWARE FEATURE SPECIFICATIONS See the Firewall/VPN datasheet www.stonesoft.com LICENSED PERFORMANCE FW-1030 FW-1030P Firewall throughput (UDP 1514 byte packets, no inspection) 1 Gbps 1.6 Gbps Throughput (UDP 1514 byte packets, with inspection) 450 Mbps 450 Mbps 64 byte packets per second (no inspection) 500 000 620 000 HTTP inspection (21 kB payload) 130 Mbps 130 Mbps SSL inspection client / server side 40 Mbps / - 40 Mbps / 40 Mbps New TCP connections/sec (no inspection) 15 000 20 000 New inspected HTTP connections (21 kB payload) 800 1000 Concurrent connections 700 000 1 million Concurrent connections (with inspection) 100 000 150 000 VLANs 150 250 VPN throughput (AES-128-GCM) 140 Mbps 220 Mbps VPN tunnels 1000 1000 Concurrent mVPN Clients 25 100 CONNECTORS 2 x USB, 1 x serial MEASUREMENTS Form factor 1U 19” rack unit Dimensions (W x H x D) 425 x 44 x 362 mm / 16.73 x 1.73 x 14.25 inches Net weight 5.5 kg / 12.13 lbs Gross weight 8.5 kg / 18.74 lbs SAFETY/EMC CERTIFICATIONS CE, FCC Class B, LVD, CB, Gost-R, RoHS POWER Power supply 180 W, AC input 100-240 VAC, 50-60 Hz Typical power consumption 65 W
-
I would bet money that the BIOS is probably locked up tight on these boxes, meaning it won't let you boot from anything that could install pfsense.
Jeff
-
Mmm, most are not locked that tight. But it certainly could be.
What is the CPU in it. How much RAM does it have? Is it upgradable?
Those things will determine if it's worth the attempt.It looks like a Supermicro device so there is probably quite a lot more info available. It has ps/2 ports so that implies old!
Steve
-
Looks like it's this:
https://www.supermicro.com/products/motherboard/Xeon3000/3000/PDSMi-LN4_.cfmSo socket 775. It's old (really old!) but will likely run 2.4.4 and can probably be upgraded for very little. It doesn't support any AES-NI capable CPUs though.
Steve
-
I had 2 stoneware FW-1050 devices with the supermicro motherboard.
Will not run newer pfsense as the cpu the board can take do not support aes-ni plus max FSB is 1066. Noisey as hell being a 1u server but you could put the board in another box. Nothing special firewall wise about the board. Just a normal intel cpu board with normal bios etc
-
I bet you could reduce the speed if those fans, most have some tunability.
Also it looks like 2.5 will not yet have the restconf API and hence not require AES-NI so you would be good for some time on this.
https://forum.netgate.com/topic/140586/heads-up-snapshots-moving-to-pfsense-2-5-0-on-freebsd-12-expect-initial-instability
Steve
-
Sadly not at least on the 1u version. The only fan was a cpu blower designed to pull from the cpu and motherboard and push the heat out which you can clock down but still noisey. I did buy some 1u silent Gelid fans as supermicro are always generous with connecting fans but still did not work well. The other issue is the very noisy (although labelled as silent) 1u PSU.
I've been on the periphery with pfsense for a while now so did not know that "aes-ni must have compatibility" was pushed back. I went out last year and dropped £200 on one of the fanless and silent qotom boxed. ALthough am very happy with it as against running a vm.
Cheers