PfSense on Watchguard hardware
-
Seeing as I recently followed this guide. Here are some links I would add:
How to set up temperature widget (includes another link on how to install mbmon) > http://forum.pfsense.org/index.php/topic,20095.msg273906.html#msg273906
Then to quote stephen:Of the three temperature figures only the middle one seems to give a useful reading
How to install cpuburn and use it > http://forum.pfsense.org/index.php/topic,25011.msg132050.html#msg132050
-
Good idea, I'll add some stuff about cpu/cooling testing.
I also need to add something about using the correctly wired null modem cable.Steve
-
One other post I had to hunt down which is useful is about the settings for LCDproc (quoting you again steve):
Ok, the lcdproc-dev package is still being worked on, I agree it's somewhat confusing at present.
Go to the config page, Services: LCDproc:, on the server tab select:
Enable LCDproc at startup: check this
Com Port: parallel port 1
Display Size: 2 rows 20 columns (I don't think this actually matters for the firebox but this is the correct value)
Driver : Watchguard Firebox with SDEC
Refresh Frequency: 5s (the display is slow to update so 5 seconds is reasonable)Click the 'Save' button.
On the screens tab just select some screens you want. Try it with one or two to start off with.
Click the 'Save' button.Now goto: Status: Services: click the 'start' button next to lcdproc.
You should now see the display working. -
I also need to add something about using the correctly wired null modem cable.
Yahoo answers (by no means a good reliable source) state this:
Usually female to female 9 pin were null modem type of cables.
If you have an ohm meter, check pins 2 and 3. If 2 on one end goes to 3 on the other end, it is null modem. If 2 goes to 2, it is a straight cable. -
Yes exactly. 2 and 3 are the data transmit and receive lines so they need to be crossed in a null modem cable. The problem is bigger than that though. You can make a null modem cable with only pins 2,3 and 5 but you must then rely on software flowcontrol. It seems the serial console code in the BIOS and in FreeDOS relies on hardware flowcontrol and that requires more connected pins, 4-6 crossed and 7-8 crossed.
Yes I still need to fill in the LCDproc section. The current lcdproc-dev package is not perfect and the older manual install method needs a new tar file building with the most recent driver. Hoping to find time to do that soon.
Steve
-
I've added null modem cable and burn-in testing information. Keep those corrections coming! :)
Steve
-
Thanks for the guide it prevented me getting a X500/X700!
Is there any update on putting PFSense on the XTM 8 series?
I managed to pick up a Watchguard Firebox XTM 810 cheap with a duff psu - replacing it with a Pico PSU.
If any pics or info is required I am happy to assist :)
Eamon
-
From East London? I was bidding on that! :P
It should work fine it looks like all standard X86 hardware, a customised Lanner box. I'd be interested in any details you can provide on that box. What NICs it has for example. Any encryption hardware.
Looking at the de-manufactutring document the CPU is a Q9400 quad core model so it could eat some Watts. Also the standard PSU looks to be a 270W unit so I'd be careful with a PicoPSU. I can't see how it could use 270W though. :-\Steve
-
I think it came from South London, looks like I beat you by a pound ;)
I hope it doesn't consume 270w! I was after something low powered. The heatsink is a huge copper affair :-\
Gonna plug in a normal 500w pc psu and see how that goes.
There is a unused PCI Bus header at the back on the left side of the motherboard.
The left 4 network ports are on daughter board which also has a Cavium Networks Nitrox PX CN1620 chip [[url=http://www.cavium.com/pdfFiles/NITROX_PX_PB_Rev1.3.pdf]http://www.cavium.com/pdfFiles/NITROX_PX_PB_Rev1.3.pdf]
Daughterboard connects via a PCI Express 16x connecter.1x VGA marked up on the board near CPU/Chipset - 11 pin header.
1x KB/Mouse marked up on the board near LCD ribbon connector - 6pin header.
1x SPI-ROM 10pin header
1x Sata connector on the board, next to it is a SunplusIT SATALINK SPIF223A-HF022 ic.
1x COM2 header connected to rear serial port.
Also COM1 and USB2.0 marked up on the board but no headers soldered in.
3x CPU fan headers at the rear.
1x case fan heared at the rear.
2x DDR2 Slots - 1 populated, board marked DDR2 800
10x LAN ports:- Mainboard 5x Intel 82573L NIC + 1 NIC same as daughterboard ones below
- Daughtboard 4x Intel NIC however very difficult to make out the numbers looks like 82574L or 82674L
Markings near CPU socket - FSB 1333 and MB-8750 WG1 V1.1
LCD Display sticker: VITEK DISPLAY VC220W-GGE-JC01. PCB marking 202W-REVS.1
No network relays on the boards - although solder pads and markings are there.
I've taken some pictures, how best is it to put them up on here?
Eamon
-
It would probably be best to start a new thread for the XTM8 series. Have a read through the XTM5 thread or the X-peak thread to see what sort of information is useful, though all information is good. :) You can attach pictures up to 250k directly to the posts or host them yourself and link to them. I don't think you'll have much company there for a while at least. I'll certainly offer anything I can.
I doubt it will draw more than 150W absolute peak, mostly no where near that. You can almost certainly swap out the cpu for something a lot less hot if you need to. It may be they needed a relatively large PSU to get the required 3.3V current in that box it probably uses almost nothing at 12V and not much 5V.
I'm glad it went to a pfSense user. :)
Steve
-
I think you need a few more posts before you can attach pictures. But when making a post in the editor it is under Advanced Options to the left and at the bottom.
:)
-
Sure will do.
The info is useful for the hardware article I guess.
Seems to power up ok on a standard PC PSU - LCD reads WG Bios V1.2. Just need a CF card to boot off now.
I've already read the XTM5 thread but I'll have a look at the X-peak one you've sugested.
This unit will beat the pants off the dual PIII I was setting up for pfSense recently :P
Eamon
-
I think you need a few more posts before you can attach pictures. But when making a post in the editor it is under Advanced Options to the left and at the bottom.
:)
Thanks for the info :)
Eamon
-
If I take some high quality pictures of the internals of my x500/x550e/x750e/x1250e and
host them permanently somewhere would you be interested in linking to them? I know all the
x-core-e models are identical except for the additional ports but it's nice to have them to compare.Also it would be helpful to add any size restrictions for the x500/etc CF card and the fact
you can just write a CF and boot it. -
I agree pictures would be good, I have been meaning to add some myself. I haven't investigated it but I would think it preferable to store any pictures on the docs server if possible.
I haven't found a card that wouldn't boot in the X-Core. I've tried 2GB and 4GB cards. I guess since it's fairly old hardware it might have trouble with a very large CF card with an odd geometry.The existing wording is:
Booting from CF
The X-Core will boot one of the 32bit NanoBSD images written to a CF card and put in the slot. It will boot using the front serial port as console. No configuration is necessary to boot the new card.That seems reasonable to me but since I wrote it I guess it would! ::) What do you suggest?
Steve
-
Jezzz… I swear I read that section a few times and did not get it. Either I must be getting stupid or maybe
it sounds clear now that I know you can use any size card. Maybe just add "Any size CF card will boot, no
BIOS changes needed." just in case it's not me being dense.Booting from CF
The X-Core will boot one of the 32bit NanoBSD images written to a CF card and put in the slot. It will boot using the front serial port as console. No configuration is necessary to boot the new card. -
I have added something about bios settings and card size. Although I haven't read any reports of cards that were too big or some odd geometery I could imagine that might be the case.
What do you think?Steve
-
I have been running a x750e for the last year without too many issues thanks to all the great info on these forums. I wish this comprehensive guide would have been available when i first started.
I just got my wiki account established so i can start to contribute, but hesitated to edit anything out of respect for all the work you put into this guide. I think some pictures would make this one of the best guides on the net for the firebox! I'm willing to help with this page, but wanted to to get your OK first.
I do see one area under X-Core-e that could use some clarification:
The X-Core-e boxes share most hardware. The X750e and X1250e are identical whilst the X550e does not have the daughter board that provides 4 additional NICs.
4X Marvell 88e8001 Gigabit NICs, sk(4) driver.
4X Marvell 88e8053 Gigabit NICs, msk(4) driver.This should be clarified to indicate that the X550e only has 10/100 ports.
Maybe some tables similar to page 11 of the manual would help? http://www.watchguard.com/help/docs/v83FireboxeSeriesHardwareGuide.pdf
![xcore-e hardware.png](/public/imported_attachments/1/xcore-e hardware.png)
![xcore-e hardware.png_thumb](/public/imported_attachments/1/xcore-e hardware.png_thumb)
![xcore-e interfaces.png](/public/imported_attachments/1/xcore-e interfaces.png)
![xcore-e interfaces.png_thumb](/public/imported_attachments/1/xcore-e interfaces.png_thumb) -
Yes I need to get my finger out and add some pictures. ::)
The X550e shares the same motherboard as the X750e and x1250e and as such has 4 Gigabit NICs. The 10/100 limit stated by Watchguard is a software restriction, I assume, when running the Watchguard OS. Watchguard uses this to differentiate between it's models and allow for upgrading across model types via software only. pfSense has no such restrictions. :)
Are you running lcdproc at all? How are you running it? I'm planning to add that section detailing the different ways to run it and recommending the hybrid startup setup I detailed here: http://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513 It's working perfectly for me but I've only had one other report, it was positive. I don't want to add any potentially bad info.
Steve
-
Thanks for setting me straight on the X550e ports. I had no idea that watchguard used software to restrict them to 10/100! My offer to help with the wiki stands even if you want to review possible changes first.
Yes i installed lcdproc dev 0.5.6 from the package menu in pfsense 2.0.3. I have had problems with it not starting reliably and crashing out randomly. I doesn't affect the operation of the firewall, but i wanted to look into the cause. If i manually start it after the firebox boots, it seems to work for a while. Days later i'll look and see that it crashed again. The front panel buttons don't work at all for me on this version.
Aug 20 18:31:09 php: lcdproc: Too many errors, the client ends.
Aug 20 18:31:09 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:31:08 php: lcdproc: Too many errors, the client ends.
Aug 20 18:31:08 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:31:06 apinger: Error while feeding rrdtool: Broken pipe
Aug 20 18:30:58 php: lcdproc: Start client procedure. Error counter: (3)
Aug 20 18:30:58 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:30:57 php: lcdproc: Start client procedure. Error counter: (3)
Aug 20 18:30:57 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:30:47 php: lcdproc: Start client procedure. Error counter: (2)
Aug 20 18:30:47 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:30:46 php: lcdproc: Start client procedure. Error counter: (2)
Aug 20 18:30:46 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:30:36 php: lcdproc: Start client procedure. Error counter: (1)
Aug 20 18:30:36 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:30:35 php: lcdproc: Start client procedure. Error counter: (1)
Aug 20 18:30:35 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
Aug 20 18:30:25 php: lcdproc: Start client procedure. Error counter: (0)
Aug 20 18:30:24 php: lcdproc: Start client procedure. Error counter: (0)
Aug 20 18:30:24 LCDd: Critical error while initializing, abort.
Aug 20 18:30:24 LCDd: sock_init: error creating socket - Address already in use
Aug 20 18:30:24 LCDd: sock_create_inet_socket: cannot bind to port 13666 at address 127.0.0.1 - Address already in use
Aug 20 18:30:24 LCDd: Using Configuration File: /usr/local/etc/LCDd.conf
Aug 20 18:30:24 LCDd: LCDd version 0.5.6 starting