4. Watchguard Firebox V80 - PFSense

Watchguard Firebox V80 - PFSense

  • B

    Hi,

    I have a watchguard firewall v80 which I’ve decided to amend it to PFSense based on freebsd. So far I’ve installed PFSense and everything is working accordingly. This firewall has 2x onboard nic cards and a PCI quad nic

    The onboard nics can be recognized however the PCI card is not being recognised, and the strange thing is that both onboard and the PCI uses the same chipset Intel 82559er Ethernet. How can I amend changes in freebsd modules so that the PCI card can be recognised.

    Usually in other distros modules can be located in /etc/module however I cannot find where the modules are located in freebsd.

    Can I have some assistance.

    Regards,
    Brian Stivala

    0
  • Netgate Administrator

    Kernel modules in FreeBSD, and hence pfSense, are in /boot/modules or boot/kernel.
    However you should not need to add any if the NICs are actually the same.
    It's more likely that the quad NIC has some PCI bridge chip that isn't recognised.
    Can you post /var/log/dmesg.boot ?

    Steve

    0
  • B

    Hi Steve,

    Thanks for your reply, tomorrow I'll post the /var/log/dmesg.boot. I think you're right the PCI quad bridge chip is not being recognised. Lets hope that there is a solution to this.

    Thanks for now, I'll reply tomorrow.

    Regards,
    Brian Stivala

    0
  • W

    The output of pfSense shell command```

    pciconf -l -v

    
What version of pfSense do you have in the system?
    0
  • B

    Hi

    I have PFSense 2.0.1 installed and I can manage the onboard interfaces well WAN and LAN.
    At the moment im not near the firewall because it's not in production mode, tomorrow I'll send all the related logs for you to help me out.

    Regards,
    Brian Stivala

    0
  • Netgate Administrator

    Looking at the, always useful, De-Manufacturing guide for this box, the daughter board looks quite complex. It's not well defined but I suspect that's the fibre option.

    Steve

    0
  • B

    Hi All,

    I have the logs that you requested maybe you can help me, As per here under you can find the pciconf in red text  list and the dmesg.boot in green text.

    [2.0.1-RELEASE][root@pfSense.localdomain]/root(1): pciconf -l -v
    hostb0@pci0:0:0:0:      class=0x060000 card=0x00000000 chip=0x71928086 rev=0x03 hdr=0x00
        class      = bridge
        subclass  = HOST-PCI
    fxp0@pci0:0:5:0:        class=0x020000 card=0x00000000 chip=0x12098086 rev=0x09 hdr=0x00
        class      = network
        subclass  = ethernet
    fxp1@pci0:0:6:0:        class=0x020000 card=0x00000000 chip=0x12098086 rev=0x09 hdr=0x00
        class      = network
        subclass  = ethernet
    isab0@pci0:0:7:0:      class=0x060100 card=0x00000000 chip=0x71108086 rev=0x02 hdr=0x00
        class      = bridge
        subclass  = PCI-ISA
    atapci0@pci0:0:7:1:    class=0x010180 card=0x00000000 chip=0x71118086 rev=0x01 hdr=0x00
        class      = mass storage
        subclass  = ATA
    uhci0@pci0:0:7:2:      class=0x0c0300 card=0x00000000 chip=0x71128086 rev=0x01 hdr=0x00
        class      = serial bus
        subclass  = USB
    piix0@pci0:0:7:3:      class=0x068000 card=0x00000000 chip=0x71138086 rev=0x02 hdr=0x00
        class      = bridge
    none0@pci0:0:8:0:      class=0x0b4000 card=0x00000000 chip=0x000613a3 rev=0x01 hdr=0x00
        class      = processor
    none1@pci0:0:9:0:      class=0x020000 card=0x00000000 chip=0x02011617 rev=0x00 hdr=0x00
        class      = network
        subclass  = ethernet

    [2.0.1-RELEASE][root@pfSense.localdomain]/root/var(5): cat /var/log/dmesg.boot
    Copyright © 1992-2010 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
            The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011
        root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel Pentium III (847.74-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0x68a  Family = 6  Model = 8  Stepping = 10
      Features=0x387f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>real memory  = 268435456 (256 MB)
    avail memory = 243433472 (232 MB)
    netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling
    wlan: mac acl policy registered
    ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0710010, 0) error 1
    ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07100b0, 0) error 1
    wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
    wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (wpi_fw, 0xc0883050, 0) error 1
    ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0710150, 0) error 1
    ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309)
    ACPI: Table initialisation failed: AE_NOT_FOUND
    ACPI: Try disabling either ACPI or apic support.
    cryptosoft0: <software crypto="">on motherboard
    padlock0: No ACE support.
    pcib0: <intel 82443bx="" host="" to="" pci="" bridge="" (agp="" disabled)="">pcibus 0 on motherboard
    pci0: <pci bus="">on pcib0
    fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xc0000000-0xc0000fff,0xc0020000-0xc003ffff irq 9 at device 5.0 on pci0
    fxp0: Enabling Rx lock-up workaround
    miibus0: <mii bus="">on fxp0
    inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
    inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp0: [ITHREAD]
    fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xf800-0xf83f mem 0xc0040000-0xc0040fff,0xc0060000-0xc007ffff irq 6 at device 6.0 on pci0
    fxp1: Enabling Rx lock-up workaround
    miibus1: <mii bus="">on fxp1
    inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
    inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    fxp1: [ITHREAD]
    isab0: <pci-isa bridge="">at device 7.0 on pci0
    isa0: <isa bus="">on isab0
    atapci0: <intel piix4="" udma33="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf400-0xf40f at device 7.1 on pci0
    ata0: <ata 0="" channel="">on atapci0
    ata0: [ITHREAD]
    ata1: <ata 1="" channel="">on atapci0
    ata1: [ITHREAD]
    uhci0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">port 0xf000-0xf01f irq 11 at device 7.2 on pci0
    uhci0: [ITHREAD]
    usbus0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">on uhci0
    piix0: <piix timecounter="">port 0x10a0-0x10af at device 7.3 on pci0
    Timecounter "PIIX" frequency 3579545 Hz quality 0
    pci0: <processor>at device 8.0 (no driver attached)
    pci0: <network, ethernet="">at device 9.0 (no driver attached)
    cpu0 on motherboard
    atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
    uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
    uart0: [FILTER]
    uart0: console (9600,n,8,1)
    uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
    uart1: [FILTER]
    RTC BIOS diagnostic error 42 <rom_cksum>Timecounter "TSC" frequency 847739306 Hz quality 800
    Timecounters tick every 10.000 msec
    IPsec: Initialized Security Association Processing.
    usbus0: 12Mbps Full Speed USB v1.0
    ad0: 1967MB <cf card="" ver1.27="">at ata0-master PIO4
    ugen0.1: <intel>at usbus0
    uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
    Root mount waiting for: usbus0
    uhub0: 2 ports with 2 removable, self powered
    Trying to mount root from ufs:/dev/ufs/pfsense0
    Invalid time in real time clock.
    Check and reset the date immediately!

    Regards,
    Brian Stivala</intel></intel></cf></rom_cksum></at></network,></processor></piix></intel></intel></ata></ata></intel></isa></pci-isa></i82555></mii></intel></i82555></mii></intel></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>

    0
  • B

    Hi,

    As you can see I have both onboard network cards, FXP0 and FXP1 but the quad card is not recognisable. In the pciconf
    there is the quad card I think. Am I right?

    none1@pci0:0:9:0:      class=0x020000 card=0x00000000 chip=0x02011617 rev=0x00 hdr=0x00
        class      = network
        subclass  = ethernet

    Regards,
    Brian Stivala

    0
  • Netgate Administrator

    Yes, slightly odd that it appears as one ethernet device but there you go.
    PCI VID 1617 is Rapidstream Inc. They are a company who Watchguard acquired and are mostly responsibly for that box as far as I can see. There is very little information about this stuff on the net. It may be easier to assess this from photos or chip IDs.

    The other unrecognised device your have VID: 13a3 DID:0006 is a HiFn crypto accelerator chip, model 6500. This doesn't look to be supported by the hifn(4) driver unfortunately. Might be worth some Googling though.

    Steve

    0
  • B

    As per this link http://img856.imageshack.us/img856/7039/rapidcard.jpg The chipsets in the red box are the same as onboard, Intel 82559ER.

    By the way this is a Photo that I've took of Watchguard Firebox V80

    Regards,
    Brian Stivala

    0
  • Netgate Administrator

    It's clearly a fairly complex NIC, it has SODIMM slots!  ;)
    What is under that heatsink? It may be a PCI bridge of some sort. However the documentation decsribes the additional interfaces as accelerated NICs for internal traffic. It could conceivably be some type of switch that appears internally as a single NIC. That's how many SOHO routers are configured.

    Steve

    0
  • W

    Given that the device identifies itself as a Network/Ethernet device: @brian.stivala:

    none1@pci0:0:9:0:      class=0x020000 card=0x00000000 chip=0x02011617 rev=0x00 hdr=0x00
        class      = network
        subclass  = ethernet

    (not a PCI bridge) and the documentation @stephenw10:

    decsribes the additional interfaces as accelerated NICs for internal traffic.

    I would consider
    @stephenw10:

    It could conceivably be some type of switch that appears internally as a single NIC.

    a highly plausible suggestion.

    0
  • B

    Hi,

    So what can I do more to achieve successful  :)

    Regards,
    Brian Stivala

    0
  • W

    My guess is that there is no driver for that card in FreeBSD (at least not in the base system) and consequently you won't be able to use it in pfSense. But Google often turns up things that surprise me. You might find a proprietary driver (or source code thereof) or some programming documentation or …

    0
  • Netgate Administrator

    If I had that box I would try, carefully, to remove that heatsink to find out what's underneath it.

    You can also look at the CF card for clues as to how Watchguard's OS (Linux) talks to the card.

    Steve

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy