PFS on a checkpoint 2200



  • hello

    I have done this installation yesterday.
    I have use this tuto
    the tuto is for an older release, just one or two screens are different

    the firewall is with pfsense  and all is ok.

    if you want more info, let me know.


  • Netgate Administrator

    That model had a Celeron M which is 32bit only but you should definitely use the 64bit image if it's an Atom D525.

    Steve



  • the hardware:

    AMIBIOS(C)2006 American Megatrends, Inc.
    CheckPoint Software Technologies LTD, BIOS Rev: T-110-1.0
    CPU : Intel(R) Atom(TM) CPU D525  @ 1.80GHz
    Speed : 1.80 GHz

    Yes, you can use the 64 bits version.

    You can find in attachment my install (screenshot)

    TutoPFSENSE.zip



  • Sorry for the delay guys. Nobody replied in 2 days since I posted so I carried along.

    I installed pfsense on the appliance using a usb with nanobsd. opted for the 32bit to mitigate possible issues. Install went pretty smooth. All seems to be functional and stable. I got my new isp service installed last weekend and had to do some new drops to accommodate 1G speeds. In case you wonder is Giga power from ATT @ Orlando. My clock speed with the pc at the modem is 970/999. I did some benchmark with the checkpoint and the cpu max @ 450mbps. Not to shabby for the appliance although checkpoint lists the device with 3G of raw power and 1.4G deployed. That is a far cry from what I'm getting. Hence the reason for buying one. So I'm wondering if pfsense cant use all the hardware enhancement bits and is just going on raw cpu power. After all pfsense was meant for pc hardware, not appliances. Tried Gaia but after the firewall got online it stopped to pass traffic. I assume is due licensing requirements.

    Now that I have the firewall running smoothly, will try the 64 bit version and see if it performs better. I have some extra memory and an ssd laying around if I decide to open it and upgrade it. I just wonder if the cpu will not let it move any faster. Its a shame, it is a great package, 6 ports, low power consumption, small, console port, quiet and aesthetically pleasing.


  • Netgate Administrator

    There may be some optimising you can do but you won't get 1Gbps from a D525 if that's what it is.
    What NICs does it have?

    Steve



  • @stephenw10:

    There may be some optimising you can do but you won't get 1Gbps from a D525 if that's what it is.
    What NICs does it have?

    Steve

    I traced the mac but returns that is from checkpoint. Is there a way on pfsense to see the hardware ID or hardware description?

    I will dig to see what I can find.



  • I found a way.

    em5@pci0:7:0:0: class=0x020000 card=0x000015bb chip=0x150c8086 rev=0x00 hdr=0x00
        vendor    = 'Intel Corporation'
        device    = '82583V Gigabit Network Connection'
        class      = network
        subclass  = ethernet

    So the nics are Intel. What I can do to optimize the firewall?

    Thanks



  • Well, installed the 64bit version of pfsense and did some tuning and now I get 506/522. the upload has gone as high as 846! But bounces a lot. I think this is as far it can go.


  • Netgate Administrator

    That probably is about all you can expect from a D525 with em NICs.

    It does depend how you're testing to a large degree. As you've seen sites like speedtest.net can prove inaccurate especially at high speeds like you have access to (no jealously here!  ;)).

    You might try a 2.4 snapshot that has newer drivers from FreeBSD 11 but I doubt much will have changed in em.

    Steve



  • I've also installed pfsense on this appliance and i had a celeron 440 2ghz. Guess it will perform about the same as the D525 so I did a test and swapped it to a Core2duo E6600 2,4ghz (dual core) and it booted fine.

    It will probably draw some more electricity since it has a higher TDP etc. but i guess it will be capable to make some more throughput. (I do not have a gigabit line so i dont know how to test this :))



  • @poluket hello can you share the document setup with me for check point t110, the attached zip file is not working.


  • Netgate Administrator

    What have you tried? How did it fail?



  • @stephenw10 check point t110 a pfsense can be installed? can you share documents.



  • @stephenw10 Capture.JPG
    Unable to download zip file in this post.


  • Netgate Administrator

    Unfortunately that file failed to import when we changed forum software and that user hasn't been online for over a year.

    What I meant was what have you tried to install pfSense on the T110 and how did it fail?

    Steve



  • @stephenw10 I'm thinking of buying a check point t110 so I want to know if pfsense can be built.



  • @torefloo said in PFS on a checkpoint 2200:

    @stephenw10 I'm thinking of buying a check point t110 so I want to know if pfsense can be built.

    Don't waste money on ancient hardware.



  • @Grimson but the new hardware is very expensive so I want to know if it can install t110.



  • @torefloo said in PFS on a checkpoint 2200:

    @Grimson but the new hardware is very expensive so I want to know if it can install t110.

    Even the SG-1100 is likely to perform better, and it's not really that expensive.


  • Netgate Administrator

    It's really old at this point. It would have to be very cheap or something that you are doing for the experience in my opinion.

    But you probably can install to it. Checkpoints other devices were not locked to prevent it on those I have seen. You may well need to swap out the boot media, I have no idea what that boots from but Nano no longer exists since this thread was started.

    Steve


Log in to reply