Watchguard Firebox M440

pglover19

Below is a link to the Lanner UP-2010. This may give you a preview of what the internal hardware may look like for the M440. I will receive the unit on Friday.

http://www.lannerinc.com/phocadownload/user-manuals/x86-network-appliances/UP-2010_manual_v1.1_20160304.pdf

Does anyone know if pfSense works with the Marvell Prestera 98DX3035 packet processor?

pglover19

@stephenw10 said in Watchguard Firebox M400:

Yeah, I couldn't make it boot USB. It should boot CF or SATA if CF is not present. So you should be able to write the install image to CF, boot from it and install to SATA and then boot from that after pulling the CF card.

Or you can install to CF in something else and swap it into the m400.

Steve

Question... How do you install pfSense to a SATA drive after booting from a Compact Flash? In preparation for my M440 on Friday, I am installing pfSense on a CF now. Just trying to get ahead of the game.

Also can pfSense be installed on a 2GB CF?

stephenw10

I split these off into a new thread to avoid spamming the m400 thread.

@pglover19 said in Watchguard Firebox M440:

I assume the M400 model would have been the preferred model to purchase right?

It depends what you're looking for in terms of power consumption, throughput, ports etc. The M400 is proven though which makes it safer. (but less fun!)

@pglover19 said in Watchguard Firebox M440:

What current models?

No current models but it was used in the C2758, SG-8860 and XG-2758.

@pglover19 said in Watchguard Firebox M440:

Does anyone know if pfSense works with the Marvell Prestera 98DX3035 packet processor?

Almost certainly not. There are very few switches supported by etherswitchcfg. As I said we had to add support for the switches in the devices we ship currently.

@pglover19 said in Watchguard Firebox M440:

Question... How do you install pfSense to a SATA drive after booting from a Compact Flash? In preparation for my M440 on Friday, I am installing pfSense on a CF now. Just trying to get ahead of the game.

Also can pfSense be installed on a 2GB CF?

You can probably put the installer image on the CF card, boot that and install to SATA that way. I have also installed to SATA or CF in something else and moved the drive. That's what I did in the M400.

Yes it can be installed in 2GB though you would want to remove swap during the install.

Just to start poking about in the hardware you could always boot the 2GB 2.5.3 Nano image. You just need to write that to the card. Until you get the box you won't know locked down it is. You might be able to boot USB which removed all those issues.

Steve

pglover19

Just received the M440 today and the internal hardware is exactly like the Lanner UP-2010. I would post some photos, but I don't know how.

pglover19

More update. I was able to load pfSense from a SSD. The only interfaces it recognize on the M440 are:

igb0 - Intel Pro/1000 Network Connection
ix0 - Intel Pro/10Gbe PCI-Express Network Driver
ix1 - Intel Pro/10Gbe PCI-Express Network Driver

That is not good. I need help...

stephenw10

Ok I assume igb0 is what is labelled port 0 on the front? And ix0/1 are the 10G SFP ports?

I expect a C2000 SoC to appear as 4 igb ports normally, but they can be disabled. We need to see the boot log / dmesg. Also the output of pciconf -lv may be helpful. Both as attached text files if possible.
Do you have access to the bios setup?

You can upload photos directly into the post using the 'Upload Image' button.

Steve

pglover19

This post is deleted!

pglover19

I will be back home in the next 3 hours. Where is the log files located?

stephenw10

The boot log you could get from console, putty can log all output to a file or you can copy/paste it from the console window into a file.
Or the dmesg output can be found in /var/log/dmesg.boot
The pciconf output you can redirect to a file like: pciconf -lv > /tmp/pciconf.txt or copy/paste it.

Steve

pglover19

I can’t remember how to access the BIOS. Also I don’t know what commands to execute to get what you are looking for. Please be very specific.

stephenw10

You can execute pciconf -lv > /tmp/pciconf.txt in Diag > Command prompt. Then download the file from the download field there.
You can also download /var/log/dmesg.boot from there.

Steve

pglover19

I get into the BIOS of the M440, do I use the DEL or TAB key?

stephenw10

Usually TAB when connecting via the serial console.

pglover19

Content of the Boot Log and PCIConf results.

0_1539385667815_BootLog.txt
0_1539385678756_pciconf results.txt

pglover19

@stephenw10 said in Watchguard Firebox M440:

Usually TAB when connecting via the serial console.

It is prompting me for password to enter the Setup.
0_1539385825142_Enter Setup.PNG

pglover19

Here is a look at the internal hardware.

pglover19

For some reason now, the unit will not boot from SSD. I put the CF Card back when I had the SSD drive. Maybe the SSD has been wiped now....

stephenw10

Hmm, OK.

So the BIOS is password protected and there's likely no way to remove that. Though the hardware does look identical to the Lanner default so the standard bios may work.

The expected 3 i354 NICs appear in the pciconf but are not attached to by the driver for some reason. The boot log doesn't show it failing but it also doesn;t show the igb or ix NICs, it appears incomplete. I assume that was copy/pasted from the console rather than the dmesg output? You could also look at the system log since there won't be anything else in it.

Looking at the block in the manual it shows the Marvell switch connected to system via SGMIIx4 and one additional PCIe device. Which is probably this:

none8@pci0:2:0:0:       class=0x020000 card=0x11ab11ab chip=0xe7fe11ab rev=0x03 hdr=0x00
    vendor     = 'Marvell Technology Group Ltd.'
    class      = network
    subclass   = ethernet

If the only way to configure that is via that PCIe device it would require a driver, likely something written from scratch, and that's unlikely to happen.
chip=0x1f418086 is the normal PCI device ID for the C2000 NIC so we need to see if the system log shows some error indicating why it's not attaching. Probably because it doesn't have a PHY in the expected way. Or perhaps it's something completely different.

Steve

pglover19

@stephenw10 said in Watchguard Firebox M440:

Hmm, OK.

So the BIOS is password protected and there's likely no way to remove that. Though the hardware does look identical to the Lanner default so the standard bios may work.

The expected 3 i354 NICs appear in the pciconf but are not attached to by the driver for some reason. The boot log doesn't show it failing but it also doesn;t show the igb or ix NICs, it appears incomplete. I assume that was copy/pasted from the console rather than the dmesg output? You could also look at the system log since there won't be anything else in it.

Looking at the block in the manual it shows the Marvell switch connected to system via SGMIIx4 and one additional PCIe device. Which is probably this:
none8@pci0:2:0:0:       class=0x020000 card=0x11ab11ab chip=0xe7fe11ab rev=0x03 hdr=0x00
    vendor     = 'Marvell Technology Group Ltd.'
    class      = network
    subclass   = ethernet
If the only way to configure that is via that PCIe device it would require a driver, likely something written from scratch, and that's unlikely to happen.
chip=0x1f418086 is the normal PCI device ID for the C2000 NIC so we need to see if the system log shows some error indicating why it's not attaching. Probably because it doesn't have a PHY in the expected way. Or perhaps it's something completely different.

Steve

So what else would you like me to post. Please be specific in the commands as I am a novice..

stephenw10

The actual file /var/log/dmesg.boot should have some output showing the drivers attaching or failing to attach.

I'm assuming you were able to assign igb0 and access the GUI and SSH?

Steve