WatchGuard Firebox x1000 watchdog timeout
-
Hi everybody,
I've searched and tried many things for 2 days now I'm a bit screwed…
I've bought a preinstalled Firebox x1000 form eBay (with P3 1.5GHz, 512MB, 2GB CF and pfSense 2.0.1-RELEASE). I've replaced an existing IBM P3 600MHz/256MB with 3 x 3com dual wan, loaded my previous config and now I get bunch of watchdog timeout on the LAN port, I tried port swapping, ACPI disabling, network card polling... have you ever experienced this problem?
It seems the problem occurs more often when the NAT reflection is used, for example when I connect to the remote desktop of my local Windows Server using the external IP.
Thank you!
-
The watchdog time outs are a known problem with those boxes I'm afraid. :(
It seems to be caused by a combination the hardware and driver being unable to correctly handle fragmented packets.
There is a lot of discussion on this topic in this thread.
Some users do not suffer this problem at all. The best advice I can give you is to use a managed switch as the first device connected to the firebox. The ability of these to not send bad packets seems to improve matters. :-\Steve
-
Thank you for your reply, I've a NetGear FSM700S right behind the LAN port, using it since 5 years now, previously used with the IBM box. I've read that there is some issue with NetGear switches but some people it is ok and some others no… really confusing! For the moment I don't have any other switch to test behind but I'll do so.
-
Yes, unfortunately there is a lack of hard evidence as to what causes it.
There have been several pretty serious attempts to pin point it including patches from the author of the re(4) driver.This thread is quite interesting:
http://forum.pfsense.org/index.php/topic,25870.15.html
Some people seem to have had success with a few tweaks.Steve
-
Thank you, I'll read this subject and make a bunch of tests, also test with other switches, I'll post back with results here in couple of days!
-
Hi, just a short message to tell that I was unable to get rid of the errors, I switched on Firebox X5000 that have only Intel interfaces and it works perfectly!
-
Thanks for following up.
Yes the X-peak is a much nicer box, I'm using one at home. :)Steve
-
I've bought a second X5000 about 3 months ago but have no time to set ip up, I'll use it as an hardware redundancy, a lot of fun!
