WatchGuard XTM 5 pfSense 2.4
-
Hello! I was wondering how the XTM 5 series does with pfSense 2.4, I saw only one YouTube video of an XTM 515 running pfSense and the guy said he had nothing but problems with the new pfSense (2.3) on his WatchGuard.
Is there anything I should look out for with the XTM 5 WatchGuards? I run pfSense virtualized right now and I was looking in running it hardware based for under $100, preferably around $60-80 which is what I found this WatchGuard at.
My average loads are a couple VPN connections (currently only get 20~ mbps throughput), 100Mbps uplink, game servers, Snort and some websites.
Thank you!
-
It really depends on what “issues” the YouTuber was having. I run a XTM 5 and it runs out the gate. Now it did take some additional work to get the lcd to work better but not something that would keep it from working. I do however run PfSense on a 2.5” hdd and not a CF card. I also upgraded the stock cpu to a q9550s and added 4Gb ddr2-800. The one thing to remember is that starting 2.5 there will be a requirement for aes-ni which the XTM 5 series does not have. You will need a m4/500 series or newer.
Edit: go here: https://forum.pfsense.org/index.php?topic=43574.0
-
No issues whatsoever on my XTM5 box here. I use all 7 interfaces and have 8 site to site VPN's active on it.
-
XTM 5 working fine for me.
My understanding is that the embedded version is a bit limited compared to an HDD install, but you can install a 2.5" drive in the XTM; there are two SATA ports on the mainboard, two SATA power connectors on the PS, and four standoffs in just the right place to put one. Gotta improvise a mounting bracket, though.
Flash pfSense to a CF, pop it into the CF socket on the mainboard, boot, use the console to install to a blank HDD, and you're in business. pfSense is smart enough to ignore the 10/100 port and uses the first two gigabit ports by default. Install the lcdproc package if you care about what shows on the front LCD during operation.
-
Thanks for the information everybody, I really do appreciate it!
I heard (I don't remember if it's the XTM 5 or older models) that the VPN accelerator card in it doesn't work with pfSense. Is this an issue with XTM 5 or if it even has a VPN/AES accelerator. I only have a 100Mbps uplink so if it can push that through a VPN then it'll be absolutely perfect.
One thing, will the XTM 5 survive the pfSense 2.5 update? It has AES acceleration but I don't think it was built into the CPU, I didn't find a whole lot of information on the XTM 5's. I hope this post helps future people too, thanks for all the responses.
-
One thing, will the XTM 5 survive the pfSense 2.5 update? It has AES acceleration but I don't think it was built into the CPU, I didn't find a whole lot of information on the XTM 5's.
No, it will not. The XTM 5 CPU does not have AES-NI. So when support for 2.4.x ends, you'll have to either upgrade the hardware, stay on 2.4.x unsupported, or find another firewall distro. (Not going to say more than that for fear of stepping on a landmine.)
I'm in the same boat, FWIW, and have been exploring options for the future.
-
I feared that, well I plan to use the XTM 5 as a stepping stone before I get money to build a better firewall. I've got an $80 budget and I try to keep low power consumption and high throughput it I can, I run Snort, VPNs, Squid and host game servers for people so I don't think many firewalls in that price range can do that throughput and be lower consumption.
I still wonder about that VPN accelerator if FreeBSD works with it
-
It's a Cavium NItrox chip. CN1605. I've not seen any support for any of those chips outside their own drivers which are not available without licensing/NDAs etc.
It's been a while since I looked, I'd love to be proved wrong. :)
Steve
-
Netgate release on their website the following :
"pfSense version 2.5.0 WILL NOT require AES-NI."
-
Indeed, see: https://www.netgate.com/blog/pfsense-2-5-0-development-snapshots-now-available.html
