Watchguard XTM 5 Series
-
The Xtm 510 has usually a Celeron 2Ghz CPU and 1Gb. Shouldn't this be enough power to run it with antivirus, proxy and content filter?
Does it make sense to use 8gb CF card or higher for installation or should 4 GB be enough?
Cu Hawk78
-
It certainly is for a small to medium network but every scenario is different, if you turn on all the bells & whistles, your mileage may vary.
-
Exactly. It depends what throughput you need. If you're running Squid, Havp and Squidguard/Dansguardian you're not going to see 1Gbps. Chances are you don't need that though.
There is no value in using an 8GB CF card. The largest image available is 4GB so the remaining space can never be used.
If you want to use Squid as caching proxy you must run it from hd. The continuous writes would kill flash media in short order, the package will prevent you doing it in Nanobsd.Steve
-
There is no value in using an 8GB CF card. The largest image available is 4GB so the remaining space can never be used.
If you want to use Squid as caching proxy you must run it from hd. The continuous writes would kill flash media in short order, the package will prevent you doing it in Nanobsd.I believe there is a ticket in for 8GB images due to there being more packages available, especially since adding support for PBI installs, but yeah 4GBs is the biggest now.
StephenW, ever try running Squid from CF with caching pointed to an NFS mount or HD mounted in cache directory path? I don't like the idea of running something as critical as a firewall from a HD.
-
Thanks for your reply menacingm & stephenw10! :)
I agree about the killing of flash media by caching. But what about the usb port. Could i use this for connecting a USB stick or USB HD for caching? What about SSD? Is there the same prob?
-
Ah I wasn't aware of the 8GB ticket. I have a hard time believing you could fill the space provided by the 4GB image slices though even with the PBI packages (which are a lot larger).
There are a number of people who have setup squid to cache to a separate HD but it's not handled by the webgui which presents some issues. Primarily you need to have a setup that survives a firmware update otherwise you'll have to re-make all your changes manually. Firstly there is no facility to mount an local drive but you can handle that via the shellcmd package. Then you have to manually configure squid to use you newly mounted slice forr it's cache. Lastly you need to know what happens if the hd fails. Does Squid fail to start? Does that result in no internet access for your clients?
Just running from a HD drive gets around these problems, HDs are pretty reeliable these days. I'm fairly sure there are more pfSense installs running from HD than flash. There is provision in the XTM5 for installing a 2.5" SATA drive.
There was a thread recently detailing this setup on a firebox X750e. That user used a script that ran at boot to check the HD status and mount /var accordingly:
http://forum.pfsense.org/index.php/topic,67823.0.htmlSteve
-
another question… ;)
After installing CF card for the initial setup of pfsense do i need a special cable for accesing console? I see there is a rj45 console connector at front. Do i need a rj45<->rs232 cable and a rs232<->usb adapter? I don't think my pc has a serial connector any more...
-
Yes you need a cable. The supplied cable is rj45 to rs232 (9pin) and I use an rs232 to USB adapter with it. I'm sure you could get a single cable that did it but using two is more versatile.
Steve
-
Well, i received my used XTM 505 unit with no cables. I will try to connect it to console…
The unit draws ~30W at idle. I'll remove the VPN acclerator card. What can i do to reduce power consumption and fan noise furthermore?
Are there any recommended silent fans ? Do I need all fans running? -
The fans have thermal speed control by default but the minimum speed is quite high. The most recent version of WGXepc can reset it lower. I spent some time enabling speedstep (see earlier in this thread) but I couldn't ever see much improvement in power consumption. The higher C states seemed to overwhelm the P state savings. You need to swap out the CPU with something speedstep enabled to see that though. Other than that you can replace the psu with something more efficient, typically a dc-dc psu such as the picoPSU.
Steve
-
Steve, thanks for your reply. I'll try to find some silent 40x40 fans because the original ones are very loud. I have no experience in picoPSU. Can you recommend a suitable one?
-
I suggest you try just reducing the fan speed first. I replaced the fans in my x-peak box but only because there's no control on that. I think I detailed it in the x-peak thread.
The psu requirements are fairly low so most of the picoPSU models should work. No promises though. ;)Steve
-
Hello all,
First off, thanks so much for the work you did in getting this going. I acquired a decommissioned XTM 510 from my workplace and knew Watchguard well enough to realize it would take more money than I cared to spend (or my wife would allow) to get it going on my home network with the functionality it promised. Your work and PFSense changed that. Kudos!
So, as of this morning after some minor fiddling about in the console, I am up and running with a brand new install, fully functional from what my bleary eyes can see so far. This brings up the obvious question of "what next?". I utilized a 1 Gb CF card for the install and PFSense is reporting about 40% disk utilization so far. This seems high enough to me that I might want to consider putting in a bigger card and/or installing a spare drive in that beckoning slot next to the board.
1. Do I need to flash the BIOS to enable a higher capacity CF card and/or install a spare drive?
2. If yes, is the xtm5_83.rom mentioned on this thread sufficient to accomplish that?
3. Would it simply be a matter of SSHing into the box and sending this (fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom) and then following Stephen's subsequent directions?
4. What dragons should I expect to find?Once again thanks for the hard work of everyone involved. I was up until 3:30 AM just trying to apply what meager abilities I possess to get this going, so I can only imagine what late nights have been in by the efforts of this crew.
-
Hi. Another firebox saved from scrap. :)
You don't need to do anything to boot a larger CF card. I've not tried using a SATA HD in mine but I would assume that too boots no problem. Having said that you are unlikely to need a bigger card. That remaining space will only be used by adding further packages and there are only so many that can be run (usefully) under NanoBSD.
You can flash the BIOS by fetching it directly as you say. There are some other advantages to doing so: fully unlocked bios, LED the correct colour, speedstep enabled. Flashing the BIOS is always inherently risky but several other people have done it with that file without issue. Also, as I was forced to find out, it is possible to recover from a bad flash on that box but doing so is not straight forward.If you decide to bridge some of the ports (because you don't need that many subnets at home ;)) there is a bug in 2.1 that will bite you. It's since been patched but you have to apply the patch manually:
http://forum.pfsense.org/index.php/topic,66908.msg386279.html#msg386279You can add the WGXepc program to access the fan and arm/disarm led.
More hours than I care to admit! ::)
Steve
-
Thanks for the fast response! I'll take your advice and caution and just leave well enough alone for the time being. I upgraded the RAM to 2 Gb and checked over the available packages to see what, if any, might appeal to me. I'm satisfied enough at this point that I have a solid install going and a much faster piece of kit to replace my existing router/firewall. As I am connecting this directly to a 50 port switch, I don't see a need to bridge any interfaces at this point, though I appreciate the heads up on the 2.1 bug. Once I get the network fully fleshed out, I might be tempted to see what other goodies I can install or get going, but this so far makes my morning.
Thanks again!
-
No problem. :)
I forgot to mention the LCD, it's all in the wiki page though.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_FireboxSteve
-
Hi
I'm new to pfsense and would like to install it on some expired Watchguard boxes. I have some XTM's and Xcore.I'm trying it on a XTM505 first to see what it does but having some issues.
Can someone point me to the correct image I should be using for the XTM505? I've tried installing it on the 1GB CF card that was in the box but I can't get it booting.
Do I need to flash the BIOS? first or should I be ok with the default?
-
Hey,
No you don't have to flash the bios to boot pfSense.
How did you write the CF card? Did you see any errors?
The image you should use is:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-1g-i386-nanobsd.img.gz (you might choose a mirror closer to you)However manufacturers of CF cards like to label cards as 1GB even if they're actaully slightly smaller so if you see errors writing the card try the 512MB image instead:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gzThe Celeron 440 in the XTM5 is 64 bit capable so you can run 64bit images instead. However I'm not sure the LCD driver is supported under 64bit. :-\
You should see the card boot on the serial console at 9600bps and it will wait at the assign interfaces prompt.
Steve
-
Thanks for the reply. I have a couple of different CF cards and will try all the different images :)
Will also post screen shots of errors if I get them again. But i'm not 100% this box is working 100% I did have boot issues when I flash the Fireware 11.7.4 onto it, but it boots fine with 11.7.
Otherwise i'll try it with my X770
-
The default bios will let you go into the setup and check the settings, the CPU temp etc but won't allow you to change anything. You can verify your console connection and that it's seeing your CF cards correctly that way.
To access the bios you have to set the serial console to 115200bps and press the TAB key at boot.Steve
