Watchguard Firebox M440
-
Just setup a port forward to ssh on it on some random high port. Restrict it to my source IP only?
That's what I would do here. You have another pfSense box in front of it?Steve
-
Not sure how to do that. I will need to do some research to implement your suggestion.
-
Any instructions on how to set this up in pfSense?
-
Setting up a port forward? Sure: https://www.netgate.com/docs/pfsense/book/nat/port-forwards.html
If the m440 is using only the igb NIC and it's the LAN it might need it's default route setting to your upstream pfSense in order to reply though.
Steve
-
The M440 will have a default address of 192.168.1.1 on the LAN interface which is a valid IP address on my network. I will be able to access the device from any computer on my network.
So, can you provide details on how I would setup port forwarding in pfSense to allow you in?
-
Can you PM me your source IP address.
-
I got it.. Just need to restrict based on your IP address. I had to add some routing on the pfSense setup on the M440. It is working.
-
Were there any information in the WatchGuard OS boot log file that were useful?
-
Any update?
-
Sorry, busy day. I'll update when I can.
-
-
-
-
-
-
I had the same issue with the 24 ports not working on pfsense. This is from the WG boot:
99.449275] Intel(R) Gigabit Ethernet Network Driver - version 5.2.15 [ 99.769656] [ 99.456467] Copyright (c) 2007-2014 Intel Corporation. Running /etc/run[ 99.463239] igb_sw_init: sw0 Max Frame 1526 [ 99.829545] igb 0000:00:14.0: added PHC on eth0 [ 99.834127] igb 0000:00:14.0: Intel(R) Gigabit Ethernet Network Connection [ 99.841038] igb 0000:00:14.0: eth0: (PCIe:integrated:integrated) [ 99.847172] igb 0000:00:14.0 eth0: MAC: 00:a0:c9:00:00:00 [ 99.852680] igb 0000:00:14.0: eth0: PBA No: 001800-000 [ 99.857964] igb 0000:00:14.0: LRO is disabled [ 99.862358] igb 0000:00:14.0: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s) [ 99.870190] igb_sw_init: sw1 Max Frame 1526 [ 100.235046] igb 0000:00:14.1: added PHC on eth1 [ 100.239636] igb 0000:00:14.1: Intel(R) Gigabit Ethernet Network Connection [ 100.246548] igb 0000:00:14.1: eth1: (PCIe:integrated:integrated) [ 100.252679] igb 0000:00:14.1 eth1: MAC: 00:a0:c9:00:00:01 [ 100.258191] igb 0000:00:14.1: eth1: PBA No: 001800-000 [ 100.263472] igb 0000:00:14.1: LRO is disabled [ 100.267873] igb 0000:00:14.1: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s) [ 100.275729] igb_sw_init: sw2 Max Frame 1526 [ 100.640167] igb 0000:00:14.2: added PHC on eth2 [ 100.644739] igb 0000:00:14.2: Intel(R) Gigabit Ethernet Network Connection [ 100.651652] igb 0000:00:14.2: eth2: (PCIe:integrated:integrated) [ 100.657782] igb 0000:00:14.2 eth2: MAC: 00:a0:c9:00:00:02 [ 100.663301] igb 0000:00:14.2: eth2: PBA No: 001800-000 [ 100.668591] igb 0000:00:14.2: LRO is disabled [ 100.672986] igb 0000:00:14.2: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s) [ 100.680813] igb_sw_init: sw3 Max Frame 1526 [ 101.043999] igb 0000:00:14.3: added PHC on eth3 [ 101.048577] igb 0000:00:14.3: Intel(R) Gigabit Ethernet Network Connection [ 101.055512] igb 0000:00:14.3: eth3: (PCIe:integrated:integrated) [ 101.061679] igb 0000:00:14.3 eth3: MAC: 00:a0:c9:00:00:03 [ 101.067196] igb 0000:00:14.3: eth3: PBA No: 001800-000 [ 101.072482] igb 0000:00:14.3: LRO is disabled [ 101.076873] igb 0000:00:14.3: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s) [ 101.144488] igb 0000:01:00.0: added PHC on eth4 [ 101.149078] igb 0000:01:00.0: Intel(R) Gigabit Ethernet Network Connection [ 101.156009] igb 0000:01:00.0: eth4: (PCIe:2.5GT/s:Width x1) [ 101.161708] igb 0000:01:00.0 eth4: MAC: 00:90:7f:d0:44:27 [ 101.167189] igb 0000:01:00.0: eth4: PBA No: 000300-000 [ 101.172397] igb 0000:01:00.0: LRO is disabled [ 101.176791] igb 0000:01:00.0: Using MSI-X interrupts. 1 rx queue(s), 1 tx queue(s) [ 101.186125] Intel(R) 10 Gigabit PCI Express Network Driver - version 4.1.5 [ 101.193037] Copyright (c) 1999-2015 Intel Corporation. [ 102.359529] ixgbe 0000:03:00.0: PCI Express bandwidth of 32GT/s available [ 102.366384] ixgbe 0000:03:00.0: (Speed:5.0GT/s, Width: x8, Encoding Loss:20%) [ 102.373630] ixgbe 0000:03:00.0 eth5: MAC: 2, PHY: 1, PBA No: FFFFFF-0FF [ 102.380309] ixgbe 0000:03:00.0: 00:90:7f:d0:44:40 [ 102.385089] ixgbe 0000:03:00.0 eth5: Enabled Features: RxQ: 8 TxQ: 8 FdirHash RSC [ 102.392750] ixgbe 0000:03:00.0 eth5: Intel(R) 10 Gigabit Network Connection [ 103.568275] ixgbe 0000:03:00.1: PCI Express bandwidth of 32GT/s available [ 103.575119] ixgbe 0000:03:00.1: (Speed:5.0GT/s, Width: x8, Encoding Loss:20%) [ 103.582400] ixgbe 0000:03:00.1 eth6: MAC: 2, PHY: 1, PBA No: FFFFFF-0FF [ 103.589088] ixgbe 0000:03:00.1: 00:90:7f:d0:44:41 [ 103.593857] ixgbe 0000:03:00.1 eth6: Enabled Features: RxQ: 8 TxQ: 8 FdirHash RSC [ 103.601491] ixgbe 0000:03:00.1 eth6: Intel(R) 10 Gigabit Network Connection [ 107.620905] [ 107.620905] PEX: Marvell device fixup [ 107.626199] Configuring cross bar for xCat2 device 0xe7fe [ 107.637923] [ 107.640321] stub function bspPciFindDevReset returning MV_OK [ 107.652822] [ 107.652822] presteraSmi_init: Init OK! [ 107.658284] DMA - dma_area: 0xffffc9000d580000(v) ,dma_base: 0x80000000(p), dma_len: 0x200000 [ 107.667629] HSU - hsu_area: 0xffffc9000d800000(v) ,hsu_base: 0x88000000(p), hsu_len: 0x800000 [ 107.676642] [ 107.676642] wg_pss_init: Built Oct 17 2016 17:54:50 [ 107.683072] pss_create: eth0 -> sw0 [ 107.704448] pss_create: eth1 -> sw1 [ 107.737763] pss_create: eth2 -> sw2 [ 107.774455] pss_create: eth3 -> sw3 [ 107.804477] pss_create: eth4 -> eth0 [ 107.834500] pss_create: eth5 -> eth25 [ 107.871198] pss_create: eth6 -> eth26 [ 107.901833] pss_create: eth1 [ 9] sw0 tag 4064 [ 107.907367] pss_create: eth2 [10] sw1 tag 4065 [ 107.912905] pss_create: eth3 [11] sw2 tag 4066 [ 107.918452] pss_create: eth4 [12] sw3 tag 4067 [ 107.923973] pss_create: eth5 [13] sw0 tag 4068 [ 107.929497] pss_create: eth6 [14] sw1 tag 4069 [ 107.935028] pss_create: eth7 [15] sw2 tag 4070 [ 107.940572] pss_create: eth8 [16] sw3 tag 4071 [ 107.946104] pss_create: eth9 [17] sw0 tag 4072 [ 107.951637] pss_create: eth10 [18] sw1 tag 4073 [ 107.957199] pss_create: eth11 [19] sw2 tag 4074 [ 107.962739] pss_create: eth12 [20] sw3 tag 4075 [ 107.968302] pss_create: eth13 [21] sw0 tag 4076 [ 107.973851] pss_create: eth14 [22] sw1 tag 4077 [ 107.979379] pss_create: eth15 [23] sw2 tag 4078 [ 107.984912] pss_create: eth16 [24] sw3 tag 4079 [ 107.990457] pss_create: eth17 [25] sw0 tag 4080 [ 107.996015] pss_create: eth18 [26] sw1 tag 4081 [ 108.001548] pss_create: eth19 [27] sw2 tag 4082 [ 108.007063] pss_create: eth20 [28] sw3 tag 4083 [ 108.012600] pss_create: eth21 [29] sw0 tag 4084 [ 108.018141] pss_create: eth22 [30] sw1 tag 4085 [ 108.023685] pss_create: eth23 [31] sw2 tag 4086 [ 108.029240] pss_create: eth24 [32] sw3 tag 4087
As you can see watchguard uses a custom lib libwg_pss and some others to make this happen. I'm now trying to use the WG kernel and libs to create a linux distro where all the ports are accessible.
-
I have 2 of these units. It would be great to get the units working with pfSense. Let me know what help you need from me.
-
More eyes on this can't hurt.
Indeed WG loads a driver for the switch device and then configure it to accept the individual VLANs on the three igb NICs.
It would be good to get a second opinion on connecting the switch serial console header internally if you can try that.
If we can get any access to the switch that might help. It seem unlikely we would ever get a FreeBSD driver for the switch devise but if we can configure it via serial then we would only need an igb driver that recognises the phy (or lack thereof).Steve
-
Hi Stephen,
I just purchased a third M440 on Ebay for a cheap price. I know we worked on trying to get pfSense to recognize all the 1GB ports on this unit last year and were unsuccessful.
I'm willing to donate the third M440 to you if you would like to continue the effort to get this unit working with pfSense. I can ship the unit to you. Let me know what you think.
-
@stephenw10 Stephen I would be willing to donate one of these units as well