PfSense on Watchguard hardware



  • Sure will do.

    The info is useful for the hardware article I guess.

    Seems to power up ok on a standard PC PSU - LCD reads WG Bios V1.2. Just need a CF card to boot off now.

    I've already read the XTM5 thread but I'll have a look at the X-peak one you've sugested.

    This unit will beat the pants off the dual PIII I was setting up for pfSense recently  :P

    Eamon



  • @chpalmer:

    I think you need a few more posts before you can attach pictures.  But when making a post in the editor it is under Advanced Options to the left and at the bottom.

    :)

    Thanks for the info :)

    Eamon



  • If I take some high quality pictures of the internals of my x500/x550e/x750e/x1250e and
    host them permanently somewhere would you be interested in linking to them? I know all the
    x-core-e models are identical except for the additional ports but it's nice to have them to compare.

    Also it would be helpful to add any size restrictions for the x500/etc CF card and the fact
    you can just write a CF and boot it.


  • Netgate Administrator

    I agree pictures would be good, I have been meaning to add some myself. I haven't investigated it but I would think it preferable to store any pictures on the docs server if possible.
    I haven't found a card that wouldn't boot in the X-Core. I've tried 2GB and 4GB cards. I guess since it's fairly old hardware it might have trouble with a very large CF card with an odd geometry.

    The existing wording is:

    Booting from CF
    The X-Core will boot one of the 32bit NanoBSD images written to a CF card and put in the slot. It will boot using the front serial port as console. No configuration is necessary to boot the new card.

    That seems reasonable to me but since I wrote it I guess it would!  ::) What do you suggest?

    Steve



  • Jezzz… I swear I read that section a few times and did not get it. Either I must be getting stupid or maybe
    it sounds clear now that I know you can use any size card. Maybe just add "Any size CF card will boot, no
    BIOS changes needed." just in case it's not me being dense.

    Booting from CF
    The X-Core will boot one of the 32bit NanoBSD images written to a CF card and put in the slot. It will boot using the front serial port as console. No configuration is necessary to boot the new card.


  • Netgate Administrator

    I have added something about bios settings and card size. Although I haven't read any reports of cards that were too big or some odd geometery I could imagine that might be the case.
    What do you think?

    Steve



  • I have been running a x750e for the last year without too many issues thanks to all the great info on these forums. I wish this comprehensive guide would have been available when i first started.

    I just got my wiki account established so i can start to contribute, but hesitated to edit anything out of respect for all the work you put into this guide.  I think some pictures would make this one of the best guides on the net for the firebox!  I'm willing to help with this page, but wanted to to get your OK first.

    I do see one area under X-Core-e that could use some clarification:

    The X-Core-e boxes share most hardware. The X750e and X1250e are identical whilst the X550e does not have the daughter board that provides 4 additional NICs.

    4X Marvell 88e8001 Gigabit NICs, sk(4) driver.
    4X Marvell 88e8053 Gigabit NICs, msk(4) driver.

    This should be clarified to indicate that the X550e only has 10/100 ports.

    Maybe some tables similar to page 11 of the manual would help? http://www.watchguard.com/help/docs/v83FireboxeSeriesHardwareGuide.pdf

    ![xcore-e hardware.png](/public/imported_attachments/1/xcore-e hardware.png)
    ![xcore-e hardware.png_thumb](/public/imported_attachments/1/xcore-e hardware.png_thumb)
    ![xcore-e interfaces.png](/public/imported_attachments/1/xcore-e interfaces.png)
    ![xcore-e interfaces.png_thumb](/public/imported_attachments/1/xcore-e interfaces.png_thumb)


  • Netgate Administrator

    Yes I need to get my finger out and add some pictures.  ::)

    The X550e shares the same motherboard as the X750e and x1250e and as such has 4 Gigabit NICs. The 10/100 limit stated by Watchguard is a software restriction, I assume, when running the Watchguard OS. Watchguard uses this to differentiate between it's models and allow for upgrading across model types via software only. pfSense has no such restrictions.  :)

    Are you running lcdproc at all? How are you running it? I'm planning to add that section detailing the different ways to run it and recommending the hybrid startup setup I detailed here: http://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513 It's working perfectly for me but I've only had one other report, it was positive. I don't want to add any potentially bad info.

    Steve



  • Thanks for setting me straight on the X550e ports.  I had no idea that watchguard used software to restrict them to 10/100!  My offer to help with the wiki stands even if you want to review possible changes first.

    Yes i installed lcdproc dev 0.5.6 from the package menu in pfsense 2.0.3. I have had problems with it not starting reliably and crashing out randomly. I doesn't affect the operation of the firewall, but i wanted to look into the cause. If i manually start it after the firebox boots, it seems to work for a while. Days later i'll look and see that it crashed again.  The front panel buttons don't work at all for me on this version.

    Aug 20 18:31:09 php: lcdproc: Too many errors, the client ends.
    Aug 20 18:31:09 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:31:08 php: lcdproc: Too many errors, the client ends.
    Aug 20 18:31:08 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:31:06 apinger: Error while feeding rrdtool: Broken pipe
    Aug 20 18:30:58 php: lcdproc: Start client procedure. Error counter: (3)
    Aug 20 18:30:58 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:30:57 php: lcdproc: Start client procedure. Error counter: (3)
    Aug 20 18:30:57 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:30:47 php: lcdproc: Start client procedure. Error counter: (2)
    Aug 20 18:30:47 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:30:46 php: lcdproc: Start client procedure. Error counter: (2)
    Aug 20 18:30:46 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:30:36 php: lcdproc: Start client procedure. Error counter: (1)
    Aug 20 18:30:36 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:30:35 php: lcdproc: Start client procedure. Error counter: (1)
    Aug 20 18:30:35 php: lcdproc: Failed to connect to LCDd process Operation timed out (60)
    Aug 20 18:30:25 php: lcdproc: Start client procedure. Error counter: (0)
    Aug 20 18:30:24 php: lcdproc: Start client procedure. Error counter: (0)
    Aug 20 18:30:24 LCDd: Critical error while initializing, abort.
    Aug 20 18:30:24 LCDd: sock_init: error creating socket - Address already in use
    Aug 20 18:30:24 LCDd: sock_create_inet_socket: cannot bind to port 13666 at address 127.0.0.1 - Address already in use
    Aug 20 18:30:24 LCDd: Using Configuration File: /usr/local/etc/LCDd.conf
    Aug 20 18:30:24 LCDd: LCDd version 0.5.6 starting


  • Netgate Administrator

    I have an X550e but I have only ever run pfSense on it. I had no idea they were ever anything but Gigabit until you pointed me at that table! That does clarify some questions from others though. Perhaps we should add something specifically mentioning that if people aren't choosing the X550e believing it isn't Gigabit.

    It's very frustrating that the lcdproc-dev package doesn't start correctly, more so that it's only a problem with the sdeclcd driver. I've spent a good number of hours trying various changes and failed to get anywhere. The lcdproc client is a php script and it occasionally craps out for some reason. The original lcdproc package had a shell script that run to keep the client running but we removed it as it looked pointless. Wrong! In 2.1 there is a time limit for all php processes unless the are started especially to avoid it so that would also be an issue. Running the standard lcdproc client from shellcmd avoids all that, it's worked perfectly for me so far.
    Interesting that you say the cursors buttons don't work for you. Do you know if they work at all? I have noticed that I'm running 0.5.5 on at least one box but 0.5.6 on others. All working fine. The driver hasn't changed in that time.
    I'd be interested in your experience trying the hybrid method. Does it run for you? Are those instructions sufficient?

    Because I've been looking into this stuff for so long now it's hard for me to imagine what it must be like to try and do this for the first time, what information is needed and what is unnecessary and confusing. Right now the greatest help would be to read through the page with fresh eyes and spot what I got wrong.
    I have examples of all the models here for photographic purposes I just have to arrange them suitably. I'm not really setup for product photography!  ;) I'm sure I'll manage something.

    Steve



  • Steve,

    I can tell you from my experience that i believed that the x550e was only 10/100 because that's what the firebox manual said.  When i bought my first firebox i purposely stayed away from buying a x550e for that reason alone. I talked with several other firebox owners and they all had the same misconception that i did.  The wiki should somehow indicate that the x550e is indeed capable of gigabit with pfsense in spite of what the firebox manual states.

    The front buttons on my x750e have worked in the past.  I had forgotten that the lcd driver and configs did not stick before i upgraded to 2.0.3.  I'll try your fix and see what happens. I have often thought about replacing the LCD with something faster, more capable, and more reliable. I wouldn't mind for the backlight to stay on, but have read about its often limited life.

    I'll start looking over the wiki, and let you know if i see anything else.  BTW, i just bought a x550e tonight!



  • Steve,

    I was going to try your fixes for lcdproc, but mine has been crash free now for about 6 days.  It even starts properly upon boot.  I have been rebooting the firebox everyday in an attempt to break it, but it seems solid now.

    I did uninstall and re-install the package, but other than that i didn't do anything else.  Have you noticed any change in yours?

    Mike


  • Netgate Administrator

    The boxes I have running currently are all using the shellcmd start method.
    There have been some developments recently that may help this situation, I commented in the lcdproc-dev thread. I'm not holding out much hope.
    Do you have the standard CPU in your x750e? Are you running 2.0.3?

    Steve



  • I'm noticing the Marvel 88e8001 NICs aren't listed in the FreeBSD hardware compatibility, they work OK on the X-Core-e models?


  • Netgate Administrator

    Yes, they work fine supported by the sk(4) driver. They're PCI though so that limits them.

    Steve



  • Hi,

    As the Bios iso still valid?  Tried downloading, looks too small a file (1 MB) and physdiskwrite.exe would fail.  Tried another Bios.iso (8MB) and physdisk would succeed.

    Thanks


  • Netgate Administrator

    Which file exactly? The FreeDOSBIOS2 file is gzipped and should be ~4.2MB. When I downloaded it a minute ago it still matched the MD5 given in the docs. It's not an ISO which might be causing your problem.

    Steve



  • It is the FreeDOSBios2.img.gz file  when I download it the size is 1KB (not 1MB as I mentioned before).

    Followed the 'Download this image' link

    Write to CF fails with error.

    Andrew



  • Netgate Administrator

    Perhaps you downloaded the little padlock picture? The URL given by the hyperlink is correct:
    https://sites.google.com/site/pfsensefirebox/home/FreeDOSBios2.img.gz

    Steve



  • I have tried two PC's, two different networks and same result.

    I am correct that the .gz file should not be 1KB !

    Thanks


  • Netgate Administrator

    Yes, you are certainly are right. 1K is far too small, it's probably some error message instead of the real file. How are you downloading it? Just tested it from my pfSense box:

    [2.1.4-RELEASE][root@pfsense.fire.box]/tmp(7): fetch -o /tmp https://sites.google.com/site/pfsensefirebox/home/FreeDOSBios2.img.gz
    /tmp/FreeDOSBios2.img.gz                      100% of 4239 kB 2180 kBps
    [2.1.4-RELEASE][root@pfsense.fire.box]/tmp(8): md5 FreeDOSBios2.img.gz 
    MD5 (FreeDOSBios2.img.gz) = 5ebb3f11925a8a78f7829e3ca0823f5d
    
    

    Seems to be working fine.

    Steve



  • Using windows IE,+ right click + save as.

    You have given me an idea, I'll use Chrome and try again.

    Hmm, just used chrome and it worked  :o


  • Netgate Administrator

    Google sites doesn't like IE?  ::) If you go to the site and just click the file it takes you to a 'download page' of some sort. I expect you were actually downloading the html for that instead.
    I'll add a note to the docs.

    Steve


Log in to reply