Watchguard Firebox M400/M500
-
@mh-0 said in Watchguard Firebox M400/M500:
@tsmalmbe Do you find the upgraded CPU makes much difference, we were running this M500 for a firm over nearly 400 users and didn't notice any particular speed or thoughput issues with the existing Firebox software, it never really seemed to be stressed, we only changed the box because we got a new one when we renewed.
Does PFSense have much of an overhead compared to the Firebox software?
Bearing in mind I'm planning to use this for home use so 4 users, my main use will be traffic management to ensure that the kids game downloads/Netflix don't affect Teams/Zoom and Citrix sessions.
Good questions - I do not have readily good answers for you. I run 2-3 end-users OpenVPN as well as 4 site2site OpenVPN's. This all works fine. The connection is 500M, but rarely do I stress it a lot. Now where I do appreciate the power is the fact that I have 7 LAN's + the VPN-connections which all have a separate Snort-profile. With this hardware, it is very smooth. The only times where I see something is when the vulnerability scanners kick in - it increases the temps by 10-15 degrees on the CPU's.
Comparisons to stock firebox-software I cannot do. I know these run on lesser specs when they come from the factory, however Watchguard have done their own perf tests and they seem reliable thouhg (have customers running similar with native software).
-
@eisenb11 Was a solution to the failure to reboot ever found?
-
I have never found one. I'd sure love to hear about it if you find it!
I have an i3-4160 in mine and with that it doesn't reboot.
Steve
-
I had a 4370 and it also couldn’t reboot. Eventually downgraded to a 4130 and reboot works as it should.
-
@stephenw10 I was looking at the spec sheets for all of the processors that didn't work. It may be tied to Intel's "Secure Key" Feature. I'm wondering if this is used for something on UEFI or if the bios behavior is different on a reboot. The key is used for the RDSEED and RDRAND instruction codes.
From https://www.intel.com/content/dam/support/us/en/documents/mini-pcs/BIOSGlossary_NUC.pdf "Generates a new Secure Boot Platform Key during next boot. The private half of the Platform Key Is discarded. This Requires the Intel Secure Key processor feature." It is used for the Secure Boot Feature. I looking through the settings and nothing stands out for use of that feature.
-
@deathwarror https://www.lanner-america.com/wp-content/uploads/Lanner-Secure-Boot-and-Secure-Flash.pdf Lanner Had this for the FW-7585 with the C226. I do not see the setting in the bios we have.
-
@deathwarror Mmm, not seeing anything that looks too promising.
Not clear why it would boot at all if that were the case...
There are so many options in the unlocked BIOS though, no way to test them all.
Steve
-
So I wanted to add 10gb networking to a couple of PCs and I thought since there's a PCIe slot on the M400, I could just throw a card on with a female to female pcie extender and presto chango, i'd be able to get 10GBe copper on my network for a fraction of a 4 port 10GBe switch.
Used a Dell Chesio 5MHDP that I know works and has tested in another machine.
extension is a cheap 20cm female-female extender. I can't test the extension cable, as I have no other boards with a male PCIe connector.
power basically flickers and it doesn't even turn on. I can confirm the card is getting power. Is it possible that there's a whitelist of devices that can be plugged in?
I'll look at the BIOS a bit more but was hoping this would work.
edit: I am running the stock BIOS, will try Zanthos's modded BIOS and post results, was hoping I wouldn't have to flash it.
-
@myst412
I have used the PCIe slot for an M.2 NVMe SSD on the M400 but I have since retired my M400 in favor of an M470 which offers native 10G connectivity -
It's more likely a power issue than the BIOS having a card whitelist. There would really be no reason for WatchGuard/Lanner to add that.
Especially with a Chelsio card, those run hot. I've never attempted to cgeck the power consumption but it will be high.Steve
-
@stephenw10 Going to try a separate PSU, PCIE card, and also flash tonight. Will post results.
-
You were right, it was the psu.,
I even tried a supposedly low power card and it still had the same issue. looking for a bigger 1u psu now.
-
Hmm, so nothing has worked? It is a standard (inverted) PCIe slot so I would start to suspect the cable/adapter.
If it was a power limitation it would be on the PCIe bus/slot. Using a different PSU in the box itself may not help at all.Steve
-
No. You were right and it was the internal psu capacity. Worked with a 450w atx just fine. I guess if it were blacklisted it would keep running but not boot. Looking for a 200-300w flexatx.
-
Will the @zanthos bios work on a M470?
Thanks -
No. The M470, and the M370/M570/M670, use a different board.
Steve
-
Hi all,
I'm first time on the forum and already read all pages here, wanted to make some questions more clear before I proceed to order more parts (M400 is on the way)
Already know the CPU i3-4130 works great but I wanted to install the i5-4590.
I know at topic 251 @iJay-XTM5 -Boot- it successfully but did not mention if -Reboot- is working normal or not.?
@stephenw10 Is this "HP Proliant DL580 G4 Front Panel VGA Video Display Header Cable 392250-002" the correct cable to get video and get the job done.? do I need to re-set the pins or is plug and play.? I plan to hook this M400 to a KVM I already have in the rack. would like the video active all the time (I read it needs to be enable in the Bios from the console and have a CPU with video chip)
seems like other 2013 works great but 2014 CPU do not reboot correctly.
Have SSD ready to go and its my first time doing PFsense. will post the findings as this will in my home where fiber get to me then to copper at 500/500.
Any test that you guys would like me to do I'm welcome to do.
Suggestions are appreciated
Thanks -
No idea on that header cable. If it's 2mm dot pitch rather than 0.1" it can probably be made to work if the pins can be swapped.
I can tell you an i3-4160 does not reboot and that's one of the 2014 models.
Steve
-
This post is deleted! -
Just want to list my experience with the M400.
-flashed unlocked bios
-removed CF, added SSD
-stock cpu, idle cpu temp ~53C, 35W , ambient 28C
max cpu 45W
