Watchguard XTM 5 Series
-
Regarding the LCDProc dev package not automatically starting at boot I'm trying StephenW's method for restarting the services with SHELLCMDs from here:
http://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513
-
Is the XTM 5 series powerful enough to run squid and anti virus package? does it work with the CF card or do i need an appliance with HDD Installation (e.g. Symantec 5420)?
-
Yes & yes. I'm running off CF now and I have read of people installing an HD, but I'm not sure about using it to boot.
Also, this unit is upgradeable. You can upgrade the proc to a C2D and RAM as well.
All in all, a great box (with intel NICs) if you can get a good deal on one.
-
The Xtm 510 has usually a Celeron 2Ghz CPU and 1Gb. Shouldn't this be enough power to run it with antivirus, proxy and content filter?
Does it make sense to use 8gb CF card or higher for installation or should 4 GB be enough?
Cu Hawk78
-
It certainly is for a small to medium network but every scenario is different, if you turn on all the bells & whistles, your mileage may vary.
-
Exactly. It depends what throughput you need. If you're running Squid, Havp and Squidguard/Dansguardian you're not going to see 1Gbps. Chances are you don't need that though.
There is no value in using an 8GB CF card. The largest image available is 4GB so the remaining space can never be used.
If you want to use Squid as caching proxy you must run it from hd. The continuous writes would kill flash media in short order, the package will prevent you doing it in Nanobsd.Steve
-
There is no value in using an 8GB CF card. The largest image available is 4GB so the remaining space can never be used.
If you want to use Squid as caching proxy you must run it from hd. The continuous writes would kill flash media in short order, the package will prevent you doing it in Nanobsd.I believe there is a ticket in for 8GB images due to there being more packages available, especially since adding support for PBI installs, but yeah 4GBs is the biggest now.
StephenW, ever try running Squid from CF with caching pointed to an NFS mount or HD mounted in cache directory path? I don't like the idea of running something as critical as a firewall from a HD.
-
Thanks for your reply menacingm & stephenw10! :)
I agree about the killing of flash media by caching. But what about the usb port. Could i use this for connecting a USB stick or USB HD for caching? What about SSD? Is there the same prob?
-
Ah I wasn't aware of the 8GB ticket. I have a hard time believing you could fill the space provided by the 4GB image slices though even with the PBI packages (which are a lot larger).
There are a number of people who have setup squid to cache to a separate HD but it's not handled by the webgui which presents some issues. Primarily you need to have a setup that survives a firmware update otherwise you'll have to re-make all your changes manually. Firstly there is no facility to mount an local drive but you can handle that via the shellcmd package. Then you have to manually configure squid to use you newly mounted slice forr it's cache. Lastly you need to know what happens if the hd fails. Does Squid fail to start? Does that result in no internet access for your clients?
Just running from a HD drive gets around these problems, HDs are pretty reeliable these days. I'm fairly sure there are more pfSense installs running from HD than flash. There is provision in the XTM5 for installing a 2.5" SATA drive.
There was a thread recently detailing this setup on a firebox X750e. That user used a script that ran at boot to check the HD status and mount /var accordingly:
http://forum.pfsense.org/index.php/topic,67823.0.htmlSteve
-
another question… ;)
After installing CF card for the initial setup of pfsense do i need a special cable for accesing console? I see there is a rj45 console connector at front. Do i need a rj45<->rs232 cable and a rs232<->usb adapter? I don't think my pc has a serial connector any more...
-
Yes you need a cable. The supplied cable is rj45 to rs232 (9pin) and I use an rs232 to USB adapter with it. I'm sure you could get a single cable that did it but using two is more versatile.
Steve
-
Well, i received my used XTM 505 unit with no cables. I will try to connect it to console…
The unit draws ~30W at idle. I'll remove the VPN acclerator card. What can i do to reduce power consumption and fan noise furthermore?
Are there any recommended silent fans ? Do I need all fans running? -
The fans have thermal speed control by default but the minimum speed is quite high. The most recent version of WGXepc can reset it lower. I spent some time enabling speedstep (see earlier in this thread) but I couldn't ever see much improvement in power consumption. The higher C states seemed to overwhelm the P state savings. You need to swap out the CPU with something speedstep enabled to see that though. Other than that you can replace the psu with something more efficient, typically a dc-dc psu such as the picoPSU.
Steve
-
Steve, thanks for your reply. I'll try to find some silent 40x40 fans because the original ones are very loud. I have no experience in picoPSU. Can you recommend a suitable one?
-
I suggest you try just reducing the fan speed first. I replaced the fans in my x-peak box but only because there's no control on that. I think I detailed it in the x-peak thread.
The psu requirements are fairly low so most of the picoPSU models should work. No promises though. ;)Steve
-
Hello all,
First off, thanks so much for the work you did in getting this going. I acquired a decommissioned XTM 510 from my workplace and knew Watchguard well enough to realize it would take more money than I cared to spend (or my wife would allow) to get it going on my home network with the functionality it promised. Your work and PFSense changed that. Kudos!
So, as of this morning after some minor fiddling about in the console, I am up and running with a brand new install, fully functional from what my bleary eyes can see so far. This brings up the obvious question of "what next?". I utilized a 1 Gb CF card for the install and PFSense is reporting about 40% disk utilization so far. This seems high enough to me that I might want to consider putting in a bigger card and/or installing a spare drive in that beckoning slot next to the board.
1. Do I need to flash the BIOS to enable a higher capacity CF card and/or install a spare drive?
2. If yes, is the xtm5_83.rom mentioned on this thread sufficient to accomplish that?
3. Would it simply be a matter of SSHing into the box and sending this (fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom) and then following Stephen's subsequent directions?
4. What dragons should I expect to find?Once again thanks for the hard work of everyone involved. I was up until 3:30 AM just trying to apply what meager abilities I possess to get this going, so I can only imagine what late nights have been in by the efforts of this crew.
-
Hi. Another firebox saved from scrap. :)
You don't need to do anything to boot a larger CF card. I've not tried using a SATA HD in mine but I would assume that too boots no problem. Having said that you are unlikely to need a bigger card. That remaining space will only be used by adding further packages and there are only so many that can be run (usefully) under NanoBSD.
You can flash the BIOS by fetching it directly as you say. There are some other advantages to doing so: fully unlocked bios, LED the correct colour, speedstep enabled. Flashing the BIOS is always inherently risky but several other people have done it with that file without issue. Also, as I was forced to find out, it is possible to recover from a bad flash on that box but doing so is not straight forward.If you decide to bridge some of the ports (because you don't need that many subnets at home ;)) there is a bug in 2.1 that will bite you. It's since been patched but you have to apply the patch manually:
http://forum.pfsense.org/index.php/topic,66908.msg386279.html#msg386279You can add the WGXepc program to access the fan and arm/disarm led.
More hours than I care to admit! ::)
Steve
-
Thanks for the fast response! I'll take your advice and caution and just leave well enough alone for the time being. I upgraded the RAM to 2 Gb and checked over the available packages to see what, if any, might appeal to me. I'm satisfied enough at this point that I have a solid install going and a much faster piece of kit to replace my existing router/firewall. As I am connecting this directly to a 50 port switch, I don't see a need to bridge any interfaces at this point, though I appreciate the heads up on the 2.1 bug. Once I get the network fully fleshed out, I might be tempted to see what other goodies I can install or get going, but this so far makes my morning.
Thanks again!
-
No problem. :)
I forgot to mention the LCD, it's all in the wiki page though.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_FireboxSteve
-
Hi
I'm new to pfsense and would like to install it on some expired Watchguard boxes. I have some XTM's and Xcore.I'm trying it on a XTM505 first to see what it does but having some issues.
Can someone point me to the correct image I should be using for the XTM505? I've tried installing it on the 1GB CF card that was in the box but I can't get it booting.
Do I need to flash the BIOS? first or should I be ok with the default?