Watchguard Firebox X1000 2.0.2 Booting Slow



  • Bought a firebox x1000 and then a pre done 2GB CF card with PFSense 2.0.2 on it, all i had to do was open the box and replace the existing 64MB CF card and power on. I did notice some slowness with the WebGUI, but i read it maybe caused by my WAN not being connected, have it set to static and my ISP settings inputted but no connection just yet. My question is why does it take in my opinion, a while to boot. seems like 5min before i hear the melody and see the LCD come up. I do get a beep and see the LCD light up briefly about 20sec after powering up ???. Any help is appreciated. I am new to both PFSense and Firebox.



  • Several parts of the boot process take longer if you're not on the Internet. Like it'll wait a while to try to sync its time via NTP because everything that starts after that point is dependent on accurate system time. Amongst other things.



  • Well i think im good to go on my setup, we'll see, i will be putting it into production tonight, ill power it off, plug in everything and then boot.

    EDIT: when powering up with the WAN/EXT connection it just sits there and doesnt boot vs not having the cable in



  • Random question, anyone know if the firebox x1000 will take and use a 1GB RAM module, i had 1GB in and couldnt tell if it saw the whole GB, i now have the 512MB module installed from the original 256MB.



  • I just ran into this post-

    http://forum.pfsense.org/index.php/topic,7458.msg59331.html#msg59331

    I haven't looked any further along so you might take a peek.

    http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox


  • Netgate Administrator

    Yes, 512MB is max. memory it will address even if a bigger DIMM will fit.

    What point in the boot process does it get stuck at when you have the connections in place?

    Steve



  • @chpalmer:

    I just ran into this post-

    http://forum.pfsense.org/index.php/topic,7458.msg59331.html#msg59331

    I haven't looked any further along so you might take a peek.

    http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

    Thanks that last post answered my memory question



  • @stephenw10:

    Yes, 512MB is max. memory it will address even if a bigger DIMM will fit.

    What point in the boot process does it get stuck at when you have the connections in place?

    Steve

    Had the unit powered off, had WAN and one LAN plugged it, when powered on the LCD lights up and no beep or anything else occurs, i havent had a chance to see what the console shows, although i powered it off again and back on and then it booted fully, now i am running into the issue of no internet connection while i have my static ISP settings in, when checking the gateway it shows online then offline, LAN gateway shows online.


  • Netgate Administrator

    What do you mean by 'LAN gateway'?
    The pfSense LAN interface should not have a gateway assigned.

    Steve



  • @stephenw10:

    What do you mean by 'LAN gateway'?
    The pfSense LAN interface should not have a gateway assigned.

    Steve

    If i go to the gatway status page it shows all my gateways, it shows a LAN gateway(online) and an WANGW gatway(offline), what did i setup incorrectly? Should it not have one even if its DHCP? I am used to routers running openwrt or dd-wrt, im trying to move up.


  • Netgate Administrator

    Nope. Only WAN connections should have a gateway in most conditions.
    Any connection that has a gateway applied will be treated as a WAN by pfSense which can cause all sorts of problems. The only time you might want a gateway on LAN is if you have some other subnet that is only accessible via another internal router. I'm assuming you don't.  ;)

    When you say 'it's DHCP' do you mean it is running a DHCP server handing out addresses to your internal clients? That is the normal setup. If you mean you have another dhcp server internally that is giving the pfSense LAN interface it's IP I'd have to reconsider but that would be very unusual.

    Steve



  • @stephenw10:

    Nope. Only WAN connections should have a gateway in most conditions.
    Any connection that has a gateway applied will be treated as a WAN by pfSense which can cause all sorts of problems. The only time you might want a gateway on LAN is if you have some other subnet that is only accessible via another internal router. I'm assuming you don't.  ;)

    When you say 'it's DHCP' do you mean it is running a DHCP server handing out addresses to your internal clients? That is the normal setup. If you mean you have another dhcp server internally that is giving the pfSense LAN interface it's IP I'd have to reconsider but that would be very unusual.

    Steve

    After seeing your post i though that maybe the issue so i deleted all my gateways except the one for my ISP and also the one that was already there for WAN DHCP, after rebooting with my WAN cable from my modem plugged in i still cannot access the internet from any of the LANs i have setup and also the WANGW still shows offline under status. Any ideas will be great, i am about to consider to factory default my install and then start from scratch.


  • Netgate Administrator

    I have a feeling we are talking about two different things with 'gateway'.  :-
    Please post your NIC setup for each interface and and your WAN type.
    If you have only one WAN connection you should see only one gateway in Status: Gateways:

    Basically the more information you put up about what you are trying to end up with and what you have done the easier and quicker it will be to resolve whatever error is occurring.  :)

    Steve



  • @stephenw10:

    I have a feeling we are talking about two different things with 'gateway'.  :-
    Please post your NIC setup for each interface and and your WAN type.
    If you have only one WAN connection you should see only one gateway in Status: Gateways:

    Basically the more information you put up about what you are trying to end up with and what you have done the easier and quicker it will be to resolve whatever error is occurring.  :)

    Steve

    Maybe that the issue, it came with the WAN settings setup for dynamic, under Status: Gateways: i have 2 Gateways, one shows offline and the other show Gathering Data, would reset to factory be a good starting point? Im guessing i messed up somewhere



  • Thanks for all the help BTW  ;D


  • Netgate Administrator

    @ghostshell:

    it came with the WAN settings setup for dynamic

    So you have got hold of this box already configured?

    Steve



  • @stephenw10:

    @ghostshell:

    it came with the WAN settings setup for dynamic

    So you have got hold of this box already configured?

    Steve

    The CF Card i bought that had PFsense 2.0.2 on it had already been configured with the following

    WAN : Dynamic
    LAN : 192.168.5.100 - no DHCP

    I added

    WAN switched to static and added a gateway
    LAN2 (OPT2) : 192.168.1.1 w/DHCP
    LAN3(OPT3) : 172.21.42.1 no/DHCP

    Created a NAT Forwarding rule to allow me to access the webGUI on 192.168.5.100 on the 192.168.1.1 network (fwd port 443 and 22)
    Created rules on the LAN2 to allow my web server, IMAP, SSH, FTP, and HTTPS/HTTP through

    i think thats all i added.


  • Netgate Administrator

    OK.
    The WebGUI listens on all interfaces so there is no need to forward anything. You just need a rule on LAN2 to allow access to 192.168.1.1 on ports 80/443. Same for SSH.

    What do you have upstream of your WAN? You mentioned a modem before, is it in bridge mode? Is your WAN in a private network? You have changed your WAN to static IP, I assume you have a reason for doing that, that means you need to enter the gateway and DNS servers manually. Have you done that?

    pfSense will attempt to discover if the WAN is online by pinging it's gateway. Some ISPs have gateways that don't respond to pings. In that case you would have to change the address used to monitor the connection.

    Steve



  • @stephenw10:

    OK.
    The WebGUI listens on all interfaces so there is no need to forward anything. You just need a rule on LAN2 to allow access to 192.168.1.1 on ports 80/443. Same for SSH.

    What do you have upstream of your WAN? You mentioned a modem before, is it in bridge mode? Is your WAN in a private network? You have changed your WAN to static IP, I assume you have a reason for doing that, that means you need to enter the gateway and DNS servers manually. Have you done that?

    pfSense will attempt to discover if the WAN is online by pinging it's gateway. Some ISPs have gateways that don't respond to pings. In that case you would have to change the address used to monitor the connection.

    Steve

    I have a business connection at home and was given a static IP as part of the package, i did enter the settings, .213/28, i ended up getting it working last night, it was a stupid thing to get the gateway to come online, thanks for the info about the rules, since i never used this system before i thought only the first LAN would allow access to the webGUI(it did seem like a weird config) so i forwarded the ports to the LAN2, so woul dit be correct in assuming like most enterprise grade firewalls it blocks everything by default which would cause me not being able to access the gui on 192.168.1.1?


  • Netgate Administrator

    Yes. Everything is blocked unless you allow it.
    The only exeception to that is that the LAN interface has a default rule to allow everything out. Saves on forum questions.  ;) Also the anti-lockout rule to prevent you blocking GUI access on every interface.

    Steve



  • Since having the WAN connected it boots quicker and the webGUI itself is much more responsive which per another thread i knew would happen, but its still a nice change


Log in to reply