Upcycling older firewalls for pfsense

JaneMoss

Hello, I had been looking at building pc to into a pfSense server but then I saw quite a few people had been able to install pfSense on older 3rd party firewall systems eg watchguard.

Is there a list or a recommendations on what can be used and has worked well in terms of 3rd party firewalls running pfSense.

NollipfSense

@janemoss No list available that I know of; however, any equipment after 2012 should be good.

stephenw10

It must be x86 and it must not be locked down to preventing booting unsigned images for example. It helps to have a real console on it of some sort.

Steve

JaneMoss

@stephenw10 @NollipfSense

Thanks I went with a watchguard as its in my price range at the moment. I saw topics dating back about 10 years on it. Some point to a docs page/ support site here on the site but the page appears to have been removed.

stephenw10

Probably this from the old wiki: https://web.archive.org/web/20171205175929/https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

Which device?

Steve

Paulk201270

Hi. Just as an FYI, I have multiple XTM 5 units and love them but there appears to be some kind of an issue on 2.5.1 specific to these models that IPSEC suddenly stops responding. If anyone else out there has some experience on this and can provide feedback. 2.4.5p1 works fine on that hardware.

stephenw10

Stops connecting or stops passing traffic?

Do the packet counters keep rising? Outbound only perhaps?

Do you get any traffic across it before it fails?

Does restarting IPSec bring it back up?

Sounds similar to this: https://redmine.pfsense.org/issues/11524
Except it can't be that because no CPU that runs in XTM5 could hit that.

Steve

Paulk201270

@stephenw10 Thanks for your response. Will have to wait till one of the active ones stops as I migrated a primary back to different hardware.

Hitting stop or restart on IPSEC services does absolutely nothing, aside from the last message in the log stating shutting down. I do find it weird that everything stops in the logs for several days until the machine is restarted.

I had upgraded the CPU to a Core-2-D (Have to remember the exact model), and did redo heatsink, thermal compound (MX-4).

Prior to failure it works fine - but if I am actively transferring larger data I think it just ceases at that point. I have an entry in the IPSEC section of the forum showing the logs, not sure if that helps... It does however seem weirdly attached to the XTM5 hardware as my older Lanner box does not fail.....

stephenw10

Hmm, hard to think what that might be if it's only IPSec that stops responding.

Do you mean there are no IPSec logs or no logs at all?

If are no IPSec logs (until you reboot?) that implies the ipsec daemon stopped responding perhaps. I would look at the output od ps -auxwwd for ipsec, charon and strongswan lines.

I haven't seen that on the one I have here though it doesn't get the use it once did.

Steve