Symantec Security Gateway 5420



  • So, I am a rather new pfSense kid on the block, however that has not stopped me from changing out software/hardware whenever possible to get pfSense out there!

    That being said, while shopping on eBay the other day for another Firebox, I stumbled upon a different security appliance that I thought would make a great addition at work.  So without further adieu, the addition of the Symantec Security Gateway 5420 can be added to the security appliance installed list with success! (at least for me!  ;D )

    So notes on the installation for anyone thinking of trying this in the future:

    1. Disable ACPI upon/during/after installation – seems the HD controller on the IWill board does not enjoy it much.
    2. Remove the SSD drive as well as unplug / remove the original HD that came with the appliance (just in case stuff doesn't work :P)
    3. Unplug the COM port cable that is located near the external com port connector -- this seems to drive the external display in which trying to run a console can be a bit confusing at times :P

    Otherwise --- here is a screenie or two -- as well as a dmesg:
    (pictures are from Matias Soler which gave me the idea that it could be done, his blog can be read here: http://gnuler.blogspot.com/)

    dmesg report:
    Copyright © 1992-2008 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 7.0-RELEASE-p8 #0: Thu Jan  8 22:14:43 EST 2009
        sullrich@freebsd7-releng_1_2_1.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSense_wrap.7
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Celeron(R) CPU 2.00GHz (1992.62-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0xf29  Stepping = 9
      Features=0xbfebf9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x4400 <cnxt-id,xtpr>real memory  = 528416768 (503 MB)
    avail memory = 507404288 (483 MB)
    wlan: mac acl policy registered
    ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
    cryptosoft0: <software crypto="">on motherboard
    cpu0 on motherboard
    pcib0: <host to="" pci="" bridge="">pcibus 0 on motherboard
    pir0: <pci 14="" interrupt="" routing="" table:="" entries="">on motherboard
    pci0: <pci bus="">on pcib0
    vgapci0: <vga-compatible display="">mem 0xc0000000-0xc7ffffff,0xe0200000-0xe027ffff irq 11 at device 2.0 on pci0
    uhci0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">port 0xe000-0xe01f irq 11 at device 29.0 on pci0
    uhci0: [GIANT-LOCKED]
    uhci0: [ITHREAD]
    usb0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">on uhci0
    usb0: USB revision 1.0
    uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb0
    uhub0: 2 ports with 2 removable, self powered
    uhci1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">port 0xe020-0xe03f irq 10 at device 29.1 on pci0
    uhci1: [GIANT-LOCKED]
    uhci1: [ITHREAD]
    usb1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">on uhci1
    usb1: USB revision 1.0
    uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb1
    uhub1: 2 ports with 2 removable, self powered
    uhci2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">port 0xe040-0xe05f irq 9 at device 29.2 on pci0
    uhci2: [GIANT-LOCKED]
    uhci2: [ITHREAD]
    usb2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">on uhci2
    usb2: USB revision 1.0
    uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb2
    uhub2: 2 ports with 2 removable, self powered
    ehci0: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">mem 0xe0280000-0xe02803ff irq 5 at device 29.7 on pci0
    ehci0: [GIANT-LOCKED]
    ehci0: [ITHREAD]
    usb3: EHCI version 1.0
    usb3: companion controllers, 2 ports each: usb0 usb1 usb2
    usb3: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">on ehci0
    usb3: USB revision 2.0
    uhub3: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usb3
    uhub3: 6 ports with 6 removable, self powered
    pcib1: <pcibios pci-pci="" bridge="">at device 30.0 on pci0
    pci1: <pci bus="">on pcib1
    fxp0: <intel 100="" 82551="" pro="" ethernet="">port 0xd000-0xd03f mem 0xe0000000-0xe0000fff,0xe0020000-0xe003ffff irq 11 at device 0.0 on pci1
    miibus0: <mii bus="">on fxp0
    inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
    inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp0: Ethernet address: 00:d0:68:02:e7:93
    fxp0: [ITHREAD]
    fxp1: <intel 100="" 82551="" pro="" ethernet="">port 0xd040-0xd07f mem 0xe0001000-0xe0001fff,0xe0040000-0xe005ffff irq 7 at device 1.0 on pci1
    miibus1: <mii bus="">on fxp1
    inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
    inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp1: Ethernet address: 00:d0:68:02:e7:94
    fxp1: [ITHREAD]
    fxp2: <intel 100="" 82551="" pro="" ethernet="">port 0xd080-0xd0bf mem 0xe0002000-0xe0002fff,0xe0060000-0xe007ffff irq 9 at device 2.0 on pci1
    miibus2: <mii bus="">on fxp2
    inphy2: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus2
    inphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp2: Ethernet address: 00:d0:68:02:e7:95
    fxp2: [ITHREAD]
    fxp3: <intel 100="" 82551="" pro="" ethernet="">port 0xd0c0-0xd0ff mem 0xe0003000-0xe0003fff,0xe0080000-0xe009ffff irq 10 at device 3.0 on pci1
    miibus3: <mii bus="">on fxp3
    inphy3: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus3
    inphy3:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp3: Ethernet address: 00:d0:68:02:e7:96
    fxp3: [ITHREAD]
    fxp4: <intel 100="" 82551="" pro="" ethernet="">port 0xd100-0xd13f mem 0xe0004000-0xe0004fff,0xe00a0000-0xe00bffff irq 11 at device 4.0 on pci1
    miibus4: <mii bus="">on fxp4
    inphy4: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus4
    inphy4:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp4: Ethernet address: 00:d0:68:02:e7:97
    fxp4: [ITHREAD]
    fxp5: <intel 100="" 82551="" pro="" ethernet="">port 0xd140-0xd17f mem 0xe0005000-0xe0005fff,0xe00c0000-0xe00dffff irq 10 at device 5.0 on pci1
    miibus5: <mii bus="">on fxp5
    inphy5: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus5
    inphy5:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp5: Ethernet address: 00:d0:68:02:e7:98
    fxp5: [ITHREAD]
    ubsec0 mem 0xe0010000-0xe001ffff irq 9 at device 6.0 on pci1
    ubsec0: [ITHREAD]
    ubsec0: Broadcom 5823
    isab0: <pci-isa bridge="">at device 31.0 on pci0
    isa0: <isa bus="">on isab0
    atapci0: <intel ich4="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe060-0xe06f mem 0xe0280400-0xe02807ff at device 31.1 on pci0
    ata0: <ata 0="" channel="">on atapci0
    ata0: [ITHREAD]
    ata1: <ata 1="" channel="">on atapci0
    ata1: [ITHREAD]
    pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    pnpbios: error 1 making BIOS16 call
    orm0: <isa option="" roms="">at iomem 0xc0000-0xcafff,0xe0000-0xeffff pnpid ORM0000 on isa0
    ppc0: parallel port not found.
    sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
    sio0: type 16550A, console
    sio0: [FILTER]
    sio1 at port 0x2f8-0x2ff irq 3 on isa0
    sio1: type 16550A
    sio1: [FILTER]
    speaker0: <pc speaker="">at port 0x61 pnpid PNP0800 on isa0
    unknown: <pnp0c01>can't assign resources (memory)
    unknown: <pnp0501>can't assign resources (port)
    Timecounter "TSC" frequency 1992624860 Hz quality 800
    Timecounters tick every 10.000 msec
    Fast IPsec: Initialized Security Association Processing.
    ad0: 38166MB <wdc wd400jb-00fma0="" 13.03g13="">at ata0-master UDMA100

    Hope this helps
    Dayblade</wdc></pnp0501></pnp0c01></pc></isa></serial></ata></ata></intel></isa></pci-isa></i82555></mii></intel></i82555></mii></intel></i82555></mii></intel></i82555></mii></intel></i82555></mii></intel></i82555></mii></intel></pci></pcibios></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></vga-compatible></pci></pci></host></software></cnxt-id,xtpr></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>



  • Great write up btw.  8)

    Couple of questions though.  It seems the unit contains several cooling fans.. Are they loud?

    Also did the LCD display work?



  • The fans are not that noisy.  The only fan that is noisy is the blower on the CPU.

    I have attempted to install pfSense on this device but haven't gotten very far.  OP, can you explain further how you installed this?  The farthest I got was to put the img on the hard drive and boot that way.



  • Success!

    I'm glad I happened into this post yesterday. We had a Symantec Security Gateway 5420 that was donated sometime this last year. I researched it a little bit and saw there was no more support for it and I didn't really see any reason to set it up. Seeing this post, I went back to check if it was the right model number and it was! I had a few hangups but eventually got it installed. I'll post the steps I used later but for now here is a few things:

    Link to english translated blog: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fgnuler.blogspot.com%2F2008%2F08%2Freciclando-un-appliance.html&sl=es&tl=en&history_state0=

    emerio, for me, I installed 1.2.3-RC3 from the CD in another machine. I had to choose the "Easy Install" in order to get to choose the Embedded Kernel. Choosing this re-directs the output to from VGA to Serial. After the setup finishes, choose reboot and then when the computer has restarted to the BIOS screen turn it off and place the drive in your 5420 box. Connect to the terminal at 9600bps with a serial cable and you should see the startup prompt.

    Darkk, I haven't been able to get the LCD to work with LCDproc yet but I'm going to keep trying for a bit.



  • Sweet!!  Keep us posted and I'd be curious if you were able to finally get the LCD display working.



  • Thanks for the tip focalguy, I will try that.  Just need to find a machine that has IDE in it :)



  • Fantastic, worked like a charm!  For any others curious, it is pretty much exactly as focalguy described.  I used HyperTerminal with 9600 8-N-1.  Make sure you disable ACPI and have your hard drive plugged in to Primary!!  I had it plugged in to Secondary and it failed.



  • Great! That is true, I had to mess with the jumpers as well. I also got the "mountroot>" prompt. If you type "?" at the prompt it will tell you the possible partitions it sees and you can type the correct one to get it to boot. I can't find an online reference of this problem but it was in the nice new pfSense book I just purchased! After you get it to boot, you need to edit the /etc/fstab file to change the partition it looks for every time it boots.



  • One tip that I must reiterate is to disable ACPI.  To do this, once you are in the Web GUI go to Diagnostic | Edit File.  For Save/Load from path: enter /boot/device.hints.  Hit Load.

    At the bottom of the displayed file in the text area add:

    hint.acpi.0.disabled="1"

    Leave unmodified the other lines.  Hit Save.  This will allow you to boot without problem because ACPI will be disabled.



  • One odd thing I did notice was that when ACPI was not disabled and pfSense was booting (or trying to) the LCD display statistics!  It gave me load information and allowed the use of the front panel.  I haven't been able to get back to that point with pfSense booting but it looks promising.  I have no idea where it was getting the stats from, however.



  • Yes, that is interesting. I forgot I did the same thing with disabling ACPI but maybe I didn't look at the LCD panel before I made that change. Did you notice any problems with booting without ACPI disabled? I feel like I missed the key press once before changing the device.hints file and it still booted.

    I've tried LCDproc but I still can't get it working. I'd be interested if you can get that displaying correctly. Seems like it's not choosing the correct output device.



  • Without ACPI disabled the boot failed.  It would hang at disk mount.

    When your box is booted does it still say Symantec 1.03 OK on the LCD?



  • Ok. I found another one of these boxes in the back so I'll be setting it up again and I'll check out the ACPI thing again.

    Yes, my box does say that exact message on the LCD screen from when the power is turned on.

    Unplug the COM port cable that is located near the external com port connector – this seems to drive the external display in which trying to run a console can be a bit confusing at times

    I'm also not sure about these instructions. I haven't noticed any difference when that cable is unplugged or plugged in.



  • LCD update…

    I was able to write to the LCD display.  The actual device (on my box anyways) is /dev/cuad1

    From SSH I entered "echo "test" > /dev/cuad1"  and it will show up on the bottom line of the LCD.

    I also changed the LCDProc file /usr/local/pkg/lcdproc.inc.  I made the change below.

    case "com2":
    $realport = "/dev/cuad1";
    break;

    So, we just need a driver that simply echos to this device statistics that we want....



  • @focalguy:

    Unplug the COM port cable that is located near the external com port connector – this seems to drive the external display in which trying to run a console can be a bit confusing at times

    I'm also not sure about these instructions. I haven't noticed any difference when that cable is unplugged or plugged in.

    Hasn't caused me any trouble either.



  • Good work getting LCD working! I was actually looking at that file the other day but ran out of time before I tried any changes. Have you tried all the drivers to see if one works?

    Hopefully I'll have a chance to try out the LCD tomorrow.



  • I tried a few.  I was looking for a simple "driver" in lcdproc.inc but none seem to do the trick.  Seems like it would be incredibly easy to write a driver for this but I am out of steam for today.



  • Any luck on the driver emerio? I haven't been able to test the LCD panel any more but I did get it to display by echoing the same command you had.

    I posted some detailed instructions on my blog for this install. Hoping to get it into the wiki eventually It's now in the wiki here: http://doc.pfsense.org/index.php/Install_pfSense_on_Symantec_5420_Security_Gateway. Hope that will help someone. Only difference is a few photos on my blog.
    http://blog.oliverhansen.com/index.php/2009/11/18/install-pfsense-on-symantec-5420-security-gateway/



  • Nice addition to the wiki  8)  I haven't messed with the LCD since it is locked away in a room in the basement.  I did hook up a pertellian x2040 USB to the box.  Supposedly this uses the hd44780 which is in LCDProc.  I could not get this to work, either.



  • Is anyone making use of the PCI slot?



  • Just thought I would comment on the running power usage of this.  I used a kill-a-watt which reads 100 watts running usage.


  • Rebel Alliance Developer Netgate

    100W? Yowza that is a lot.

    I've had normal PCs (small form factor) that only ran in the mid 30s.



  • I am guessing that since we turn off ACPI in our boot up combined with any BIOS settings that would disable power management we have those results.  I am not sure what is using so much juice!  It is just a celeron with an HD…



  • Just to add to the versatility of this box is that I was able to load ClearOS (Linux) on this box in much the same fashion.  One problem is that you'll have to use a terminal session to configure the NICs.



  • I picked up a couple of 5420s after reading this thread. THX!
    After installing I re-enabled ACPI on one box. On boot the box prints out to the
    LCD (Only shows up when ACPI is enabled). The box seems to run OK with ACPI
    as long as I don't use the console port. When/if I get time I'll put the Symantec drive
    back in and see if I can find out more about the LCD (and possibly the front "buttons").



  • May have made a stupid purchase but I picked up a 5420 on ebay that doesn't power on. Let's see if I can get it working and I'll post my results here….

    Has anybody tried 2.0 Beta on one of these?



  • Yet another upgrade to this post.

    I am using the pyramid driver with LCDProc and can see the load.  The display works sort of.  What drivers are other people using?  Any?

    Also, in terms of upgrades, I have put a 2.6 GHZ Pentium 4 in my box (533 MHz).  A moment of sheer terror when I fired it up the first time.  It didn't boot.  When I rebooted it again it booted up just fine.  I assume the BIOS is catching the change and waiting for input which it never gets because I don't have the console hooked up.



  • My non-booting 5420 arrived today. Popped open the case and hooked up a full size power supply and the unit boots great! To top it all off, I opened the power supply and I couldn't see the usual signs of a dead power supply (blown capacitors, etc) so I tested the fuse with my multimeter and it looks like the problem is just a blown fuse. Unfortunately, nobody in my small town here carries the 20mm 5A fuses so I had to order some in and they won't be here until Thursday.

    Oh well. I'm glad that my purchase wasn't a complete waste of money.

    One question, has anybody tried adding more RAM to one of these? Any issues?

    Thanks.



  • The power supply went POP with a new fuse. So definitely a problem there. Picked up a replacement PS on Ebay. Now I've got a project for the weekend to get this installed and running.

    Couple of questions:

    1. Has anybody had further luck with getting the LCD working? Any instructions?

    2. Anybody know of a quieter fan that can be used on the CPU? That blower is darn noisy.

    Thanks.



  • Good luck getting it running!

    I have not had any luck getting the LCD working so I can't help you there.

    I have not tried another fan and I am using it in our server room so I'm not concerned with noise. The noise and the power consumption made me decide not to use this for a home box though.



  • Anybody know which socket type the processor is on this box? I'm still trying to research a quieter fan.

    Thanks.



  • Hello All,

    Just wanted to give a shout out and leave an initial post as I just registered.  ::)

    I enjoyed reading this thread and have prepared to install Sense on a 5420 thats been collecting dust on my bench for a while.
    I picked it up on eBay in November 09 for about $40.

    I did however pop another PC2100 512mb stick in and it seems to boot fine with it in.
    The console reports 768mb of ram!

    I have been unable to test the PCI slot yet so Im not sure if it works..
    I do have a PCI POST tester so we will see what that says when I get a chance..

    I have a few 15 pin VGA headers laying around but I have not been sucessful in getting any video out of this box.
    Any body have any ideas?

    Any further recommendations before I start this new project?

    Thanks!

    Brad



  • @mr_clark - Yea it's a Socket 478.



  • Hi All,

    i recently got a Symantec Security Gateway 5420 from Trademe (kiwi version of the ebay) and am in the process of identifying the haredware etc, in particular getting the vga output via PCI, has any one managed to do so.
    there's a riser card built in the motherboard, but i can't plugin my vga card, due to allignment issues, what about the vga pinout/connector?

    any help in the right direction would be really appreciated.

    Regards
    mr.rosh



  • @mr.rosh - In the past 3 days I have worked very hard on getting into this machine.
    Since then I have sucessfully conquered some daunting tasks.
    One of which just happens to be getting a video output on the PCI slot.
    However to boot, it appears that the PCI slot is disabled by the bios.
    I will be doing a full and complete write up on my blog and I will let you know when I post it later this weekend.

    For now one thing you can try to get the PCI slot to work is the following:
    Next to the bios battery there is a jumper set with 3 pins.
    1. Turn off your machine.
    2. Take the jumper and set it to the unjumped pin and the middle one.
    3. Next turn the switch on.

    You should get no response and power but the bios should be cleared to defaults.
    You can also try removing the battery for 5 mins.

    Reverse the operation and insert a video card.  Power up and see if it works.
    Make sure the video card is good first!! I had this problem originally.

    Please let me know your results so I can add them to the write up… If this does not work you will have to follow the directions I will provide later.

    Bradford Giosa



  • Whoops sorry about that, I read your post wrong.
    I personally have not been able to get the correct pin out of the vga header..

    I do know that I had to take the mounting bracket off my vga card to get it in..



  • IWill 478 / Symantec 5420 Motherboard J13 / VGA Port Pin Out:

    Pin 1 - RED
    Pin 4 - GREEN
    Pin 6 - SDA
    Pin 7 - BLUE
    Pin 9 - HSYNC
    Pin 12 - VSYNC
    Pin 15 - SCL
    Pin 16 - NA
    Pins 2 , 3, 5, 8, 10, 11, 13, 14 - GND

    Now you have to match these up to the standard VGA pin outs which can be found here:
    http://en.wikipedia.org/wiki/VGA_connector

    Don't worry about the GNDs, as long they are grounded out the display will work.
    Just makes sure the standard VGA pins are connected to the correct one listed above.

    -Brad Giosa



  • I have just sucessfully installed pfSense on a Symantec Gateway 5420.

    Luckily I had a 40GB drive identical to the drive in the machine. I followed the instructions that others have left on the forum and had a pretty easy time of it.

    I never permanently disabled ACPI. I found that by not using the "disable ACPI" option the appliance would Power Off (HALT) with the ACPI. This is my preferred option because when I was doing the initial install I powered down with the power switch and had to run fsck to fix inconsistencies in the file system.

    Once the interfaces were configured I was into the WEBGUI right away. I enabled the WAN connection and used the package manager from the WEBGUI to install LCDproc. I now have lots of information from the boot process showing up on the LCD. The final message is "Enter an option:" this is coming from /etc/rc.initial. I edited the file so that the number 6 option now became "A" (pressing the front panel buttons gives A - B - C - D and it looks like the s button is select). The LCD recycles back to "Enter an option:" obviously the input is not what it's expecting.

    The worst part of this adventure so far is that I have lost the serial console menu (displays on the LCD as above). If I issue a "Halt" command from the WEBGUI I do get to see the shutdown happening from the console and I have a console on bootup until the LAN interface comes up. Then the LCD takes over.  I have checked the files /boot/loader.conf and /boot/defaults/loader.conf to see if I could find the necessary places to enable both the LCD and the console. I haven't been able so far. And, because I don't have a console I can't run normal commands to find other files. Does anyone have any suggestions as to where to look for the init files to change and how?
    The  LCDProc files are also not in the default locations, any suggestions as to where they are?

    All-in-all I have a working firewall that is fast with lots of options.I'm liking it, I would just like to tweak it.

    BTW: the speaker is working on the 5420 so when the LAN interface goes up or down it makes noise!



  • Thanks for sharing Gryphon. I'm glad you got it working! That's interesting about the ACPI. I admit I didn't test too much with that after I got it working.

    How did you get LCDproc to work? What driver/settings did you use? I never was able to get it to display anything.

    As for looking for files, why not just enable SSH and use that to get into the box instead of the console?



  • so does anyone know how much power this uses with acpi turned on?  The 100 watts stated on page 2 is with acpi turned off i believe.


Locked