Firebox hardware with other OSes
-
Started this thread to talk about peoples experience of running something other than pfsense on Watchguard boxes.
Following on from here. We have reports of Ubuntu and Vyatta. I have run OpenWRT on my box when I was testing some things. I have even tried Watchguard's OS. ;)What are your experiences? Any particular good/bad points?
There are some things that are more complete in Linux, particularly some drivers, that would be useful for development. Last time I tried though I struggled to find a Linux flavour that had both the ability to boot headless and run from flash and also have complete development tools. Any recommendations?
Steve
-
There are some things that are more complete in Linux, particularly some drivers, that would be useful for development. Last time I tried though I struggled to find a Linux flavour that had both the ability to boot headless and run from flash and also have complete development tools. Any recommendations?
I have had good luck with Vyatta. It is running for me in "production" both on a Firebox x750e and the older Firebox III. It boots just fine headless. The only "fix" for the x750e is to add a boot parameter to point the kernel in the right direction for DMA type when trying to boot the root file system off of the CF card. Without the fix, it tries several methods unsuccessfully before settling on something that works. Just looking the output of dmesg is enough to make this obvious. Once this is updated, the boot time is easily cut in half (basically, the storage light comes on very quickly). I have not bothered tuning it for flash storage. The Ethernet adapter LEDs work out of the box, too, for all 8 ports.
For development purposes, Vyatta is basically Debian Linux. Therefore a separate installation of Debian x86 (or amd64 I guess) is enough to get started. A simple virtual machine works perfectly here. Vyatta can be configured to point to the Debian repos, so any package is just a "apt-get install" command away.
I have played with OpenWRT some, too, mostly to port the Firebox III LED driver to DD-WRT for some folks. Harder than I initially thought. Basically, as OpenWRT is based on the uClibc C library (as opposed to glibc), the code needs to be cross-compiled from Debian (even if it ends up running on the same x86 architecture). A cross toolchain needs to be built, something like buildroot, or crosstool. Fun to learn, though. If the package code is meant to be portable (basically using autotools), cross compiling is basically painless.
I have not looked too much into the crypto chip. Best I can figure, the SDK for it is proprietary. Maybe now that this is older, we could just ask for it… :-)
-
Thanks. Yes the Cavium chip does seem to rely on some binary blobs and such. It would be very nice to have it working under any OS. At the moment it just sits there using power. ::) I doubt we'd have any luck from Cavium though if you don't ask you don't get as they say and we did get the ancient SDK from Safenet with almost no problems. Though if we developed a driver from it I'm not sure what the licensing terms would be.
I'm really looking for as OS I can boot headless from a CF card that has development tools included. Most OSes that will boot headless, like OpenWRT, are very cut down with good reason. Ubuntu server looks like a promising candidate with a few tweaks.Steve
