pfSense on Watchguard M370
-
Hello to all. Thanks to all the shared info.
I got recently a WG M470 HA.
I'm lay down here cuz the WG people, told me a HA unit cannot be activated by itself, no standalone license. And depends on other units on same network.
That was a subtle way to say from those F was a waste of money and cannot use it.
In any case I can't trough out the money, so I was looking the way to install Pfsense on it.
Replace the mSata for a TSMicro 128G, keep the original one aside for the future if needed, and install a Kinston 480G SSD
Here come some questions, hopefully i will get some ideas.
1- Is required a SSD and the mSata? Or only would do the job?
2- If not required, can the SSD be used aside for with purpose? Considering the mSata will be principal.
3- Is my first time using a console conection to manage a firewall, the WG had come with his own cable, how do I use that? need a serial port Pc capable of, but then how do I connect with Windows to make the installation
4- I already put the flash pfsense into a USB 32G with Rufus, waiting to see how I clear the installation procedure in my head.
Thanks in advance for your support and help.
-
You can use just mSATA. pfSense does not support two drives in any inclusive way unless you set them up as a mirror which is probably not what you want.
The M470 will not boot from USB into the installer. The default BIOS settings do not allow is and it is password locked so you can't change that. You need to install pfSense to the mSATA drive in something else and then move it across.
Nothing special is required after that. If there were no igb NICs in your install device you will need to reassign WAN and LAN at the serial console at first boot.
Have fun!
Steve
-
@stephenw10 said in pfSense on Watchguard M370:
You can use just mSATA. pfSense does not support two drives in any inclusive way unless you set them up as a mirror which is probably not what you want.
The M470 will not boot from USB into the installer. The default BIOS settings do not allow is and it is password locked so you can't change that. You need to install pfSense to the mSATA drive in something else and then move it across.
Nothing special is required after that. If there were no igb NICs in your install device you will need to reassign WAN and LAN at the serial console at first boot.
Have fun!
Steve
Hi, thanks for your answer.
Question, since I having a hard time to get a mSata adapter. Can I use the SSD only? Meaning, I install the SSD in a PC, and then connect it to the sata port, without the mSata connected.
Lets see how lucky I'm am.
Regards.
-
I have never tried that but it may well work. I know others have done it on the M400 for example.
Steve
-
I want to confirm. Thanks for all your advice.
I been capable to install it without any problem.
ibg0 was WAN, ibg1 was a dhcp lan which allow me to connect to the router a finish the installation process.
Just a bit of netgating (googling forum) give me the params for the serial connection (baud rate 115200)
And Voila!...
But find out later on the console connection is not required for installation, just deploy the installation in the disk, and insert it.
Wait some time for the funny bip sounds and ready to connect.
Also thanks to another user above, used the right file system during installation.
I may assume in theory, the M470 and the M470 HA are same way, hardware appliance Pfsense capable (which was my main worry).
Keep informed.
Cheers...
-
The HA hardware is identical as far as know.
It's good to have console access available even if you don't need it...yet.
-
Hi Bob, can u explain hot to I can install pfSense on my M370? I buyed in error this machine "High Availability (HA) Device" and I cant activate it without another M370. I think with pfSense I will have full functionality.
Thanks a lot -
@stephenw10 said in pfSense on Watchguard M370:
reassign WAN and LAN at the serial console
Hello, how I cano do? I need serial cable? I have only m370 ha and pc.
Thanks a lot -
Yes you need a serial console cable. You might be able to do something with pre-defined interfaces but use the console is going to be easier.
There is (currently) no way to boot from USB so you need to install to mSATA in something else and then move the card into the M370.
Steve
-
@stephenw10 said in pfSense on Watchguard M370:
Yes you need a serial console cable.
Ok... I will try with this cable
I can install directly pfSense with console cable on Firebox or I must attache mSata drive on my pc and after installation move drive to Firebox?
Thanks a lot
-
You still need to install in something else as there is no way to make it boot USB, the BIOS is locked.
You could potentially write the install image to mSATA and add a SATA drive to install to. But that still means writing the image to mSATA in something else. You might as well install to it dircetly at that point.
One you install to it, in the other device, you may need to boot into pfSense to enable the serial console if it's not a serial device and then it will configured with the NICs in that device. If they (or it) are not igb the interfaces will need to be re-assigned at the console in the m370 when the drive is moved across.Steve
-
@stephenw10 said in pfSense on Watchguard M370:
If they (or it) are not igb the interfaces will need to be re-assigned at the console
Can I re-assign NIC at the console with Putty (serial)? There is a how-to guide to do this at the console?
-
Yes, you can. There's a menu at the console and re-assigning the interfaces is an options on it. It's pretty self explanatory.
If you boot the first time pfSense will automatically assign igb0 as WAN and igb1 and LAN. You should have a console cable anyway though. It's much easier to recover from the console if you get locked out etc.For reference:
https://www.youtube.com/watch?v=lDqRIu2zhoQ&feature=youtu.be&t=1536Steve
-
@zero67 said in pfSense on Watchguard M370:
Hi Bob, can u explain hot to I can install pfSense on my M370? I buyed in error this machine "High Availability (HA) Device" and I cant activate it without another M370. I think with pfSense I will have full functionality.
Thanks a lotIs the same problem I face with them, trying to save some bucks, and realize that the HA devices are not self activated, need another device in the network to get the activation from them.
Really f... twisted license mechanism.
Since I've installed mine, had no issue so far using the firmware, add 16GB RAM to it, and is flying.
I even have 2 extra spare mSata with the firmware at a basic stage, in case I need to replace it in a future, for whatever reason. And a backup of the configs to deploy in case a disaster.
Regards.
-
I tryed to install version 2.4.5-p1 on my pc with new mSata but when I move SSD to firebox M370 freeze on boot:
On my pc pfSense boot and working fine. How I can do?
-
Did you enable the serial console as I said you would need to if the install machine is not using serial?
https://docs.netgate.com/pfsense/en/latest/book/config/advanced-admin.html#serial-terminalIf not boot it on the PC and do that first.
Steve
-
@stephenw10 said in pfSense on Watchguard M370:
Did you enable the serial console
Hi, all working fine now! Thanks a lot
-
Hi all,
I have found best installation mode for pfSense on Firebox M370. You need only mSata to Sata adapter and another mSata SSD (I buyed 2 mSata SSD Trascend 64GB to keep original):
download and install balenaEtcher for Windows here:
https://www.balena.io/etcher/attach adapter mSata to pc (with SSD1 mount on)
download latest version of pfSense:
https://www.pfsense.org/download/extract image
start balenaEtcher and press flash from file
choice pfSense-CE-memstick-serial-2.4.5-RELEASE-p1-amd64.img
select target and flash SSD1 (be carefully to choice SSD!)
remove SSD1 from adapter
mount SSD1 to Firebox M370 slot
mount SSD2 to mSata to Sata adapter
connect mSata to Sata adapter to SATA1 on Firebox M370 motherboard
connect serial port to pc and start Putty
switch on Firebox M370
install pfSense
switch off Firebox M370
remove SSD2 from adapter and mount to Firebox M370 slot
switch on Firebox M370That's all!
-
@stephenw10 said in pfSense on Watchguard M370:
./WGXepc64 -l green
Hi stephenw10, I try to do ./WGXepc64 -l green and all working fine (shield led become green). How I can do it on firebox startup?
thanks
-
Yes. Use a Shellcmd: https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html