pfSense on Watchguard M370
-
Here's why I'm an idiot:
The installation was correct. I was plugged into the WAN port.
pfSense is good to go. Thanks, Steve.
-
If you install from a CD image you won't have the serial console enabled by default. You can do so (and set it as the primary console) from System > Advanced > Admin Access. You could do that in whatever you installed in before you swap the drive back.
Steve
-
This setup has been running smooth so far (minus my mistakes) and performance has been really good.
An 'instant-on' IPSec VPN running the highest level encryption at or beyond my Internet service speeds is super nice. Native iOS/MacOS support is a treat. I wish Windows 10 had native IPSec support - any chance for pfSense PPTP support? (I kid!)
I replaced the stock 40mm fans with three Noctua NF-A4x20 units. The fans' connectors weren't going to match up with those on the mainboard, so I used my flush cutters to remove their physical keying. It's whisper-quiet now and I've measured no meaningful increase in temperature.
Following a power outage and during my fan replacement testing, I learned that I made the mistake of originally installing pfSense with the UFS file system instead of ZFS. A few reboot loops later, recovery became simple enough to handle, but I'm still going to reinstall.
There's also a Core i3-6100T lying around that I'm eager to drop in to replace the included Celeron G3900. Higher clocks, lower TDP, more cache, and SMT can't hurt. Thinking and writing - is there a way to test VPN and overall performance before / after?
This has been a fun project. Thanks again for the help, Steve!
-
I usually use iperf3 for a basic throughput test. You would want to run it on a client at each end of the VPN, not on the firewall itself if possible though you can install it on pfSense. It only tests full size TCP so you see the biggest number you could get which is often not representative of real traffic but it will give you a good comparison between the two CPUs.
Steve
-
Just gonna leave this here:
[2.4.4-RELEASE][root@m470.stevew.lan]/root: ./WGXepc64 -l green Found Firebox M370/470/570/670. [2.4.4-RELEASE][root@m470.stevew.lan]/root: ./WGXepc64 -f Found Firebox M370/470/570/670. Current fanspeed is c, minimum fanspeed is ahttps://github.com/stephenw10/WGXepc
Binary for anyone wanting to test. I've seen no problems but messing with the cooling system is potentially dangerous. You should test any new settings at full load etc.
Steve
-
Hi @stephenw10
This Works perfect, combined with ShellCMD on startup.
BTW
Im running M370 with installed Celeron G3900 and only changed mSATA 16g to mSATA120g that it was on my techstuff. Using it with 4Gb but i tested up to 16Gb with Crucial nonECC Memory.
The Thing is i tried a Xeon E3-1225 v5 that i bought for a server (The same listed for M570) and doesnt boot at all, maybe Motherboard or BIOS limitations.
Do you thing a i3 6100 non T model would work ?
Is there any Chance to Find the BIOS password?
Maybe unlock the BIOS as the one on M400 or X Series ?What do you think?
Regards.
-
Ah, good info! I would expect a 6100 i3 to work there. I just haven't seen one at a price I can justify.... yet.
Unlocking the BIOS is non-trivial. Finding the password is probably never going to happen.
Steve
-
I have a few M370 models 470, 570, 670, 10 g card
-
@nicknitro I have been trying to remove the BIOS password, but have not been successful.
I install the E3-1240 l V5, 4 * 10 g CARDS. -
Oh nice! Those 10G cards are still waaay outside my price range.
I do have one of the older Lanner style for the XTM800/1500 which works fine.
Steve
-
I removed your other thread, it has nothing to do with firewalling.
If you look 5 posts up though you will see that WGXepc can now detect and set the fan speed on that board. I don't have access to an M670 to test with but they are all the same board AFAIK so it should work. Give it a try.
Steve
-
@stephenw10 In my here is very cheap, 650 yuan; 100 dollars.
-
@stephenw10 BIOS password has been unable to clear, the research for many days.
4 * 10 g network card is very cheap, less than $100, China's 650 yuan. -
I haven't seen one for less than £1000 here. So I don't have one.
-
@stephenw10 This equipment is our China Taiwan production, all is very cheap in China.
-
@networkBob I buy is M670, has been looking for a BIOS password.
-
If it's just the fan issue try WGXepc. I only have an m470 to test with but it's reported working with the m370 also and I believe they are all the same board so included the description for all of them in the code.
Steve
-
@stephenw10 How do you do you have a way of regulating M470 fan speed, speed is too high, it's very noisy.
-
Yes, download WGXepc from here https://forum.netgate.com/post/861920 and run it. You should be able to set the fan speed and the arm/disarm LED.
I've never tested a 670 as I don't have one but we know it works on the 370 and 470 and they are the same as far as I know.Be sure to test it under load etc with whatever fan speed you choose as the CPU in the m670 has a higher TDP.
Steve
-
Hello to all. Thanks to all the shared info.
I got recently a WG M470 HA.
I'm lay down here cuz the WG people, told me a HA unit cannot be activated by itself, no standalone license. And depends on other units on same network.
That was a subtle way to say from those F was a waste of money and cannot use it.
In any case I can't trough out the money, so I was looking the way to install Pfsense on it.
Replace the mSata for a TSMicro 128G, keep the original one aside for the future if needed, and install a Kinston 480G SSD
Here come some questions, hopefully i will get some ideas.
1- Is required a SSD and the mSata? Or only would do the job?
2- If not required, can the SSD be used aside for with purpose? Considering the mSata will be principal.
3- Is my first time using a console conection to manage a firewall, the WG had come with his own cable, how do I use that? need a serial port Pc capable of, but then how do I connect with Windows to make the installation
4- I already put the flash pfsense into a USB 32G with Rufus, waiting to see how I clear the installation procedure in my head.
Thanks in advance for your support and help.
