Anyone have pfSense installed on Stonesoft / Stonegate hardware?



  • Hi,

    There seem to be quite a few Stonesoft / Stonegate firewall appliances on eBay these days - reasonable spec's for the price.

    Has anyone had any luck installing pfSense on them?  If so are there any guides around?

    Thanks,

    Steve


  • Netgate Administrator

    You have an example? Or any specs?

    Steve



  • I am trying to do this i have a FW-1050. Here's datasheet for a 1030

    SOFTWARE FEATURE SPECIFICATIONS
    See the Firewall/VPN datasheet www.stonesoft.com
    LICENSED PERFORMANCE FW-1030 FW-1030P
    Firewall throughput
    (UDP 1514 byte packets, no inspection)
    1 Gbps 1.6 Gbps
    Throughput
    (UDP 1514 byte packets, with inspection)
    450 Mbps 450 Mbps
    64 byte packets per second
    (no inspection)
    500 000 620 000
    HTTP inspection
    (21 kB payload)
    130 Mbps 130 Mbps
    SSL inspection client / server side 40 Mbps / - 40 Mbps / 40 Mbps
    New TCP connections/sec
    (no inspection)
    15 000 20 000
    New inspected HTTP connections
    (21 kB payload)
    800 1000
    Concurrent connections 700 000 1 million
    Concurrent connections
    (with inspection)
    100 000 150 000
    VLANs 150 250
    VPN throughput (AES-128-GCM) 140 Mbps 220 Mbps
    VPN tunnels 1000 1000
    Concurrent mVPN Clients 25 100
    CONNECTORS
    2 x USB, 1 x serial
    MEASUREMENTS
    Form factor 1U 19” rack unit
    Dimensions (W x H x D) 425 x 44 x 362 mm / 16.73 x 1.73 x 14.25 inches
    Net weight 5.5 kg / 12.13 lbs
    Gross weight 8.5 kg / 18.74 lbs
    SAFETY/EMC CERTIFICATIONS
    CE, FCC Class B, LVD, CB, Gost-R, RoHS
    POWER
    Power supply 180 W, AC input 100-240 VAC, 50-60 Hz
    Typical power consumption 65 W
    


  • I would bet money that the BIOS is probably locked up tight on these boxes, meaning it won't let you boot from anything that could install pfsense.

    Jeff


  • Netgate Administrator

    Mmm, most are not locked that tight. But it certainly could be.

    What is the CPU in it. How much RAM does it have? Is it upgradable?
    Those things will determine if it's worth the attempt.

    It looks like a Supermicro device so there is probably quite a lot more info available. It has ps/2 ports so that implies old!

    Steve


  • Netgate Administrator

    Looks like it's this:
    https://www.supermicro.com/products/motherboard/Xeon3000/3000/PDSMi-LN4_.cfm

    So socket 775. It's old (really old!) but will likely run 2.4.4 and can probably be upgraded for very little. It doesn't support any AES-NI capable CPUs though.

    Steve



  • I had 2 stoneware FW-1050 devices with the supermicro motherboard.

    Will not run newer pfsense as the cpu the board can take do not support aes-ni plus max FSB is 1066. Noisey as hell being a 1u server but you could put the board in another box. Nothing special firewall wise about the board. Just a normal intel cpu board with normal bios etc


  • Netgate Administrator

    I bet you could reduce the speed if those fans, most have some tunability.

    Also it looks like 2.5 will not yet have the restconf API and hence not require AES-NI so you would be good for some time on this.

    https://forum.netgate.com/topic/140586/heads-up-snapshots-moving-to-pfsense-2-5-0-on-freebsd-12-expect-initial-instability

    Steve



  • Sadly not at least on the 1u version. The only fan was a cpu blower designed to pull from the cpu and motherboard and push the heat out which you can clock down but still noisey. I did buy some 1u silent Gelid fans as supermicro are always generous with connecting fans but still did not work well. The other issue is the very noisy (although labelled as silent) 1u PSU.

    I've been on the periphery with pfsense for a while now so did not know that "aes-ni must have compatibility" was pushed back. I went out last year and dropped £200 on one of the fanless and silent qotom boxed. ALthough am very happy with it as against running a vm.

    Cheers