Watchguard Firebox V80 - PFSense

brian.stivala

Hi,

I have a watchguard firewall v80 which I’ve decided to amend it to PFSense based on freebsd. So far I’ve installed PFSense and everything is working accordingly. This firewall has 2x onboard nic cards and a PCI quad nic

The onboard nics can be recognized however the PCI card is not being recognised, and the strange thing is that both onboard and the PCI uses the same chipset Intel 82559er Ethernet. How can I amend changes in freebsd modules so that the PCI card can be recognised.

Usually in other distros modules can be located in /etc/module however I cannot find where the modules are located in freebsd.

Can I have some assistance.

Regards,
Brian Stivala

stephenw10

Kernel modules in FreeBSD, and hence pfSense, are in /boot/modules or boot/kernel.
However you should not need to add any if the NICs are actually the same.
It's more likely that the quad NIC has some PCI bridge chip that isn't recognised.
Can you post /var/log/dmesg.boot ?

Steve

brian.stivala

Hi Steve,

Thanks for your reply, tomorrow I'll post the /var/log/dmesg.boot. I think you're right the PCI quad bridge chip is not being recognised. Lets hope that there is a solution to this.

Thanks for now, I'll reply tomorrow.

Regards,
Brian Stivala

wallabybob

The output of pfSense shell command```

pciconf -l -v

What version of pfSense do you have in the system?

brian.stivala

Hi

I have PFSense 2.0.1 installed and I can manage the onboard interfaces well WAN and LAN.
At the moment im not near the firewall because it's not in production mode, tomorrow I'll send all the related logs for you to help me out.

Regards,
Brian Stivala

stephenw10

Looking at the, always useful, De-Manufacturing guide for this box, the daughter board looks quite complex. It's not well defined but I suspect that's the fibre option.

Steve

brian.stivala

Hi All,

I have the logs that you requested maybe you can help me, As per here under you can find the pciconf in red text  list and the dmesg.boot in green text.

[2.0.1-RELEASE][root@pfSense.localdomain]/root(1): pciconf -l -v
hostb0@pci0:0:0:0:      class=0x060000 card=0x00000000 chip=0x71928086 rev=0x03 hdr=0x00
    class      = bridge
    subclass  = HOST-PCI
fxp0@pci0:0:5:0:        class=0x020000 card=0x00000000 chip=0x12098086 rev=0x09 hdr=0x00
    class      = network
    subclass  = ethernet
fxp1@pci0:0:6:0:        class=0x020000 card=0x00000000 chip=0x12098086 rev=0x09 hdr=0x00
    class      = network
    subclass  = ethernet
isab0@pci0:0:7:0:      class=0x060100 card=0x00000000 chip=0x71108086 rev=0x02 hdr=0x00
    class      = bridge
    subclass  = PCI-ISA
atapci0@pci0:0:7:1:    class=0x010180 card=0x00000000 chip=0x71118086 rev=0x01 hdr=0x00
    class      = mass storage
    subclass  = ATA
uhci0@pci0:0:7:2:      class=0x0c0300 card=0x00000000 chip=0x71128086 rev=0x01 hdr=0x00
    class      = serial bus
    subclass  = USB
piix0@pci0:0:7:3:      class=0x068000 card=0x00000000 chip=0x71138086 rev=0x02 hdr=0x00
    class      = bridge
none0@pci0:0:8:0:      class=0x0b4000 card=0x00000000 chip=0x000613a3 rev=0x01 hdr=0x00
    class      = processor
none1@pci0:0:9:0:      class=0x020000 card=0x00000000 chip=0x02011617 rev=0x00 hdr=0x00
    class      = network
    subclass  = ethernet

[2.0.1-RELEASE][root@pfSense.localdomain]/root/var(5): cat /var/log/dmesg.boot
Copyright 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011
    root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel Pentium III (847.74-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x68a  Family = 6  Model = 8  Stepping = 10
  Features=0x387f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>real memory  = 268435456 (256 MB)
avail memory = 243433472 (232 MB)
netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0710010, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07100b0, 0) error 1
wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (wpi_fw, 0xc0883050, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0710150, 0) error 1
ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <intel 82443bx="" host="" to="" pci="" bridge="" (agp="" disabled)="">pcibus 0 on motherboard
pci0: <pci bus="">on pcib0
fxp0: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xfc00-0xfc3f mem 0xc0000000-0xc0000fff,0xc0020000-0xc003ffff irq 9 at device 5.0 on pci0
fxp0: Enabling Rx lock-up workaround
miibus0: <mii bus="">on fxp0
inphy0: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: [ITHREAD]
fxp1: <intel 10="" 100="" 82559er="" embedded="" ethernet="">port 0xf800-0xf83f mem 0xc0040000-0xc0040fff,0xc0060000-0xc007ffff irq 6 at device 6.0 on pci0
fxp1: Enabling Rx lock-up workaround
miibus1: <mii bus="">on fxp1
inphy1: <i82555 10="" 100="" media="" interface="">PHY 1 on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: [ITHREAD]
isab0: <pci-isa bridge="">at device 7.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel piix4="" udma33="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf400-0xf40f at device 7.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata0: [ITHREAD]
ata1: <ata 1="" channel="">on atapci0
ata1: [ITHREAD]
uhci0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">port 0xf000-0xf01f irq 11 at device 7.2 on pci0
uhci0: [ITHREAD]
usbus0: <intel 82371ab="" eb="" (piix4)="" usb="" controller="">on uhci0
piix0: <piix timecounter="">port 0x10a0-0x10af at device 7.3 on pci0
Timecounter "PIIX" frequency 3579545 Hz quality 0
pci0: <processor>at device 8.0 (no driver attached)
pci0: <network, ethernet="">at device 9.0 (no driver attached)
cpu0 on motherboard
atrtc0: <at real="" time="" clock="">at port 0x70 irq 8 on isa0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
uart1: [FILTER]
RTC BIOS diagnostic error 42 <rom_cksum>Timecounter "TSC" frequency 847739306 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
usbus0: 12Mbps Full Speed USB v1.0
ad0: 1967MB <cf card="" ver1.27="">at ata0-master PIO4
ugen0.1: <intel>at usbus0
uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
Root mount waiting for: usbus0
uhub0: 2 ports with 2 removable, self powered
Trying to mount root from ufs:/dev/ufs/pfsense0
Invalid time in real time clock.
Check and reset the date immediately!

Regards,
Brian Stivala</intel></intel></cf></rom_cksum></at></network,></processor></piix></intel></intel></ata></ata></intel></isa></pci-isa></i82555></mii></intel></i82555></mii></intel></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,pn,mmx,fxsr,sse>

brian.stivala

Hi,

As you can see I have both onboard network cards, FXP0 and FXP1 but the quad card is not recognisable. In the pciconf
there is the quad card I think. Am I right?

none1@pci0:0:9:0:      class=0x020000 card=0x00000000 chip=0x02011617 rev=0x00 hdr=0x00
    class      = network
    subclass  = ethernet

Regards,
Brian Stivala

stephenw10

Yes, slightly odd that it appears as one ethernet device but there you go.
PCI VID 1617 is Rapidstream Inc. They are a company who Watchguard acquired and are mostly responsibly for that box as far as I can see. There is very little information about this stuff on the net. It may be easier to assess this from photos or chip IDs.

The other unrecognised device your have VID: 13a3 DID:0006 is a HiFn crypto accelerator chip, model 6500. This doesn't look to be supported by the hifn(4) driver unfortunately. Might be worth some Googling though.

Steve

brian.stivala

As per this link http://img856.imageshack.us/img856/7039/rapidcard.jpg The chipsets in the red box are the same as onboard, Intel 82559ER.

By the way this is a Photo that I've took of Watchguard Firebox V80

Regards,
Brian Stivala

stephenw10

It's clearly a fairly complex NIC, it has SODIMM slots!  ;)
What is under that heatsink? It may be a PCI bridge of some sort. However the documentation decsribes the additional interfaces as accelerated NICs for internal traffic. It could conceivably be some type of switch that appears internally as a single NIC. That's how many SOHO routers are configured.

Steve

wallabybob

Given that the device identifies itself as a Network/Ethernet device: @brian.stivala:

none1@pci0:0:9:0:      class=0x020000 card=0x00000000 chip=0x02011617 rev=0x00 hdr=0x00
    class      = network
    subclass  = ethernet

(not a PCI bridge) and the documentation @stephenw10:

decsribes the additional interfaces as accelerated NICs for internal traffic.

I would consider
@stephenw10:

It could conceivably be some type of switch that appears internally as a single NIC.

a highly plausible suggestion.

brian.stivala

Hi,

So what can I do more to achieve successful  :)

Regards,
Brian Stivala

wallabybob

My guess is that there is no driver for that card in FreeBSD (at least not in the base system) and consequently you won't be able to use it in pfSense. But Google often turns up things that surprise me. You might find a proprietary driver (or source code thereof) or some programming documentation or …

stephenw10

If I had that box I would try, carefully, to remove that heatsink to find out what's underneath it.

You can also look at the CF card for clues as to how Watchguard's OS (Linux) talks to the card.

Steve