Watchguard Firebox X1000 2.0.2 Booting Slow

ghostshell

Bought a firebox x1000 and then a pre done 2GB CF card with PFSense 2.0.2 on it, all i had to do was open the box and replace the existing 64MB CF card and power on. I did notice some slowness with the WebGUI, but i read it maybe caused by my WAN not being connected, have it set to static and my ISP settings inputted but no connection just yet. My question is why does it take in my opinion, a while to boot. seems like 5min before i hear the melody and see the LCD come up. I do get a beep and see the LCD light up briefly about 20sec after powering up ???. Any help is appreciated. I am new to both PFSense and Firebox.

cmb

Several parts of the boot process take longer if you're not on the Internet. Like it'll wait a while to try to sync its time via NTP because everything that starts after that point is dependent on accurate system time. Amongst other things.

ghostshell

Well i think im good to go on my setup, we'll see, i will be putting it into production tonight, ill power it off, plug in everything and then boot.

EDIT: when powering up with the WAN/EXT connection it just sits there and doesnt boot vs not having the cable in

ghostshell

Random question, anyone know if the firebox x1000 will take and use a 1GB RAM module, i had 1GB in and couldnt tell if it saw the whole GB, i now have the 512MB module installed from the original 256MB.

chpalmer

I just ran into this post-

http://forum.pfsense.org/index.php/topic,7458.msg59331.html#msg59331

I haven't looked any further along so you might take a peek.

http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

stephenw10

Yes, 512MB is max. memory it will address even if a bigger DIMM will fit.

What point in the boot process does it get stuck at when you have the connections in place?

Steve

ghostshell

@chpalmer:

I just ran into this post-

http://forum.pfsense.org/index.php/topic,7458.msg59331.html#msg59331

I haven't looked any further along so you might take a peek.

http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

Thanks that last post answered my memory question

ghostshell

@stephenw10:

Yes, 512MB is max. memory it will address even if a bigger DIMM will fit.

What point in the boot process does it get stuck at when you have the connections in place?

Steve

Had the unit powered off, had WAN and one LAN plugged it, when powered on the LCD lights up and no beep or anything else occurs, i havent had a chance to see what the console shows, although i powered it off again and back on and then it booted fully, now i am running into the issue of no internet connection while i have my static ISP settings in, when checking the gateway it shows online then offline, LAN gateway shows online.

stephenw10

What do you mean by 'LAN gateway'?
The pfSense LAN interface should not have a gateway assigned.

Steve

ghostshell

@stephenw10:

What do you mean by 'LAN gateway'?
The pfSense LAN interface should not have a gateway assigned.

Steve

If i go to the gatway status page it shows all my gateways, it shows a LAN gateway(online) and an WANGW gatway(offline), what did i setup incorrectly? Should it not have one even if its DHCP? I am used to routers running openwrt or dd-wrt, im trying to move up.

stephenw10

Nope. Only WAN connections should have a gateway in most conditions.
Any connection that has a gateway applied will be treated as a WAN by pfSense which can cause all sorts of problems. The only time you might want a gateway on LAN is if you have some other subnet that is only accessible via another internal router. I'm assuming you don't.  ;)

When you say 'it's DHCP' do you mean it is running a DHCP server handing out addresses to your internal clients? That is the normal setup. If you mean you have another dhcp server internally that is giving the pfSense LAN interface it's IP I'd have to reconsider but that would be very unusual.

Steve

ghostshell

@stephenw10:

Nope. Only WAN connections should have a gateway in most conditions.
Any connection that has a gateway applied will be treated as a WAN by pfSense which can cause all sorts of problems. The only time you might want a gateway on LAN is if you have some other subnet that is only accessible via another internal router. I'm assuming you don't.  ;)

When you say 'it's DHCP' do you mean it is running a DHCP server handing out addresses to your internal clients? That is the normal setup. If you mean you have another dhcp server internally that is giving the pfSense LAN interface it's IP I'd have to reconsider but that would be very unusual.

Steve

After seeing your post i though that maybe the issue so i deleted all my gateways except the one for my ISP and also the one that was already there for WAN DHCP, after rebooting with my WAN cable from my modem plugged in i still cannot access the internet from any of the LANs i have setup and also the WANGW still shows offline under status. Any ideas will be great, i am about to consider to factory default my install and then start from scratch.

stephenw10

I have a feeling we are talking about two different things with 'gateway'.  :-
Please post your NIC setup for each interface and and your WAN type.
If you have only one WAN connection you should see only one gateway in Status: Gateways:

Basically the more information you put up about what you are trying to end up with and what you have done the easier and quicker it will be to resolve whatever error is occurring.  :)

Steve

ghostshell

@stephenw10:

I have a feeling we are talking about two different things with 'gateway'.  :-
Please post your NIC setup for each interface and and your WAN type.
If you have only one WAN connection you should see only one gateway in Status: Gateways:

Basically the more information you put up about what you are trying to end up with and what you have done the easier and quicker it will be to resolve whatever error is occurring.  :)

Steve

Maybe that the issue, it came with the WAN settings setup for dynamic, under Status: Gateways: i have 2 Gateways, one shows offline and the other show Gathering Data, would reset to factory be a good starting point? Im guessing i messed up somewhere

ghostshell

Thanks for all the help BTW  ;D

stephenw10

@ghostshell:

it came with the WAN settings setup for dynamic

So you have got hold of this box already configured?

Steve

ghostshell

@stephenw10:

@ghostshell:

it came with the WAN settings setup for dynamic

So you have got hold of this box already configured?

Steve

The CF Card i bought that had PFsense 2.0.2 on it had already been configured with the following

WAN : Dynamic
LAN : 192.168.5.100 - no DHCP

I added

WAN switched to static and added a gateway
LAN2 (OPT2) : 192.168.1.1 w/DHCP
LAN3(OPT3) : 172.21.42.1 no/DHCP

Created a NAT Forwarding rule to allow me to access the webGUI on 192.168.5.100 on the 192.168.1.1 network (fwd port 443 and 22)
Created rules on the LAN2 to allow my web server, IMAP, SSH, FTP, and HTTPS/HTTP through

i think thats all i added.

stephenw10

OK.
The WebGUI listens on all interfaces so there is no need to forward anything. You just need a rule on LAN2 to allow access to 192.168.1.1 on ports 80/443. Same for SSH.

What do you have upstream of your WAN? You mentioned a modem before, is it in bridge mode? Is your WAN in a private network? You have changed your WAN to static IP, I assume you have a reason for doing that, that means you need to enter the gateway and DNS servers manually. Have you done that?

pfSense will attempt to discover if the WAN is online by pinging it's gateway. Some ISPs have gateways that don't respond to pings. In that case you would have to change the address used to monitor the connection.

Steve

ghostshell

@stephenw10:

OK.
The WebGUI listens on all interfaces so there is no need to forward anything. You just need a rule on LAN2 to allow access to 192.168.1.1 on ports 80/443. Same for SSH.

What do you have upstream of your WAN? You mentioned a modem before, is it in bridge mode? Is your WAN in a private network? You have changed your WAN to static IP, I assume you have a reason for doing that, that means you need to enter the gateway and DNS servers manually. Have you done that?

pfSense will attempt to discover if the WAN is online by pinging it's gateway. Some ISPs have gateways that don't respond to pings. In that case you would have to change the address used to monitor the connection.

Steve

I have a business connection at home and was given a static IP as part of the package, i did enter the settings, .213/28, i ended up getting it working last night, it was a stupid thing to get the gateway to come online, thanks for the info about the rules, since i never used this system before i thought only the first LAN would allow access to the webGUI(it did seem like a weird config) so i forwarded the ports to the LAN2, so woul dit be correct in assuming like most enterprise grade firewalls it blocks everything by default which would cause me not being able to access the gui on 192.168.1.1?

stephenw10

Yes. Everything is blocked unless you allow it.
The only exeception to that is that the LAN interface has a default rule to allow everything out. Saves on forum questions.  ;) Also the anti-lockout rule to prevent you blocking GUI access on every interface.

Steve

ghostshell

Since having the WAN connected it boots quicker and the webGUI itself is much more responsive which per another thread i knew would happen, but its still a nice change