Pfsense on WatchGuard XTM 1050 hardware



  • my main question…given the hardware specs (http://www.watchguard.com/products/xtm-1050/detailed-specs.asp) ..do you think pfsense would have any problems running on such hardware? any pitfalls, or gotchas i may find?

    reason i ask is due to the fact i can get said hardware for fairly cheap and would like to have the extra ports (has fiber ports as well….would these be supported?)

    i have been running fireboxes 750e's for a while, which are good ...but i am starting too bump up against the wall with performance (even after upgrading them) .... i have looked at the 1250's, but those are 'meh' ...and i can get the xtm 1050's for around the same price.
    i dont want to build a cluster of plain ol server hardware for my pfsense solutions ... i have my reasons on this. lets just keep it at that.

    so...verdicts from peoples? pretty please?

    the environment is a VAR (multi 100mbps links for now, but i am aboot to switch to 1gbps links due to the increased traffic and growth i expect over the next year(s)) with mainly hosted exchange environments, vpn to offices, site hosting, and etc. currently i have 4 active fireboxes running with all interfaces active (trunked on a few) but three..and my cpu, mem, and other stuff is just starting to cause performance hits. i want to get away from this, and perhaps use these for other things (because they are still very capable)

    thank you in advance for any input you may have.
    i still wish i had my kemp 5500 - 10g's .... those were awesomeness..and i highly suggest them! ... but they went to a different client who ordered two for interior, and two for dmz.....WAY over kill for less than 10k seat exchange environment, but i digress


  • Netgate Administrator

    Well the biggest gotcha is that Watchguard could have used a BIOS that only boots signed media. Other firewall manufacturers do that. Watchguard have not in earlier boxes presumably because the additional cost and hassle of doing it wasn't justified by the security risk. I agree with that decision since if somebody has physical access to your firewall they can pretty much do whatever they want anyway. Since no-one has tried any of their more recent boxes it's impossible to say if that's still their policy. They did do something similar with their smaller ARM based units.

    That aside it looks like standard X86 hardware. Though whereas the 800, 1500, 2050 and 2500 series are all recognisably Lanner built the 1050 is not. The LCD is different as is the NIC expansion slot and the HD caddy. Since Watchguard are no longer publically publishing de-manufacturing documents it's really impossible to know without looking inside it.
    Edit: My bad: http://www.watchguard.com/docs/corporate/wg_xtm10De-MFR_instructions.pdf
    We do know from the hardware guide that it's:
    Dual 2.33 GHz Quad Core Intel Xeon
    Edit:They're E5410 Xeons
    1GB Flash
    4 GB RAM

    Looks a lot more like something modified from this: http://www.portwell.com/products/detail.asp?CUSTCHAR1=NAR-7090
    I'm not sure Portwell actually make that though.

    Steve



  • @stephenw10:

    Well the biggest gotcha is that Watchguard could have used a BIOS that only boots signed media. Other firewall manufacturers do that. Watchguard have not in earlier boxes presumably because the additional cost and hassle of doing it wasn't justified by the security risk. I agree with that decision since if somebody has physical access to your firewall they can pretty much do whatever they want anyway. Since no-one has tried any of their more recent boxes it's impossible to say if that's still their policy. They did do something similar with their smaller ARM based units.

    That aside it looks like standard X86 hardware. Though whereas the 800, 1500, 2050 and 2500 series are all recognisably Lanner built the 1050 is not. The LCD is different as is the NIC expansion slot and the HD caddy. Since Watchguard are no longer publically publishing de-manufacturing documents it's really impossible to know without looking inside it.
    Edit: My bad: http://www.watchguard.com/docs/corporate/wg_xtm10De-MFR_instructions.pdf
    We do know from the hardware guide that it's:
    Dual 2.33 GHz Quad Core Intel Xeon
    Edit:They're E5410 Xeons
    1GB Flash
    4 GB RAM

    Looks a lot more like something modified from this: http://www.portwell.com/products/detail.asp?CUSTCHAR1=NAR-7090
    I'm not sure Portwell actually make that though.

    Steve

    thank you steve….this actual unit has the bios version 1.4...so i dont know if that means anything to you, and it does come with a single 250gb drive (no OS loaded) ....

    does that help any?


  • Netgate Administrator

    No sorry, I've never used one myself.

    Steve



  • Network interfaces
    • 14x GbE Copper RJ45, 1000Base-T, 100Base-TX, or 10 Base-T (10/100/1000Mbps)
    • Includes 10x fixed ports, 4x on removable module
    • Interfaces 12 and 13 are labeled Management Ethernet

    Fiber Option
    (replaces 4 of the 14 RJ-45 ports)
    • 4 GbE SFP Module replaces standard 4x Copper module
    • Includes 4x 1000BaseSX Optical Transceivers
      – 850 nm Vertical Cavity Surface Emitting Laser (VCSEL)
      – LC-Duplex Fiber Connector

    10 Gb Interface Module
    (replaces 4 of the 14 RJ-45 ports)
    • 10 Gb Interface Module replaces standard 4x Copper module
    • Includes 2x 10Base-SR 850nm Multimode SFP+ transceivers
      – Each interface operates at 10Gb only

    I/O interfaces
    • 2x USB
    • 1x Serial RS232 RJ45

    I'm interested in this as well!
    They are fairly "cheap" for dedicated Firewall / IDS Appliance than can possibly run pfSense.

    Question is now :

    Are the network chips and cards recognized in FreeBSD ?

    Pro's in my book :

    • 10GBE Support
    • Gigabit FC Ethernet support
    • All ports on front of unit
    • Rack Mountable
    • Dual Quad Core and lots of Memory/CPU for intensive plug-ins as Squid / Snort / Antivirus

    Cons:

    • Power Usage but then again almost everything that's rack mounted wasn't really designed in mind for a "home" user


  • @_Adrian_:

    Network interfaces
    • 14x GbE Copper RJ45, 1000Base-T, 100Base-TX, or 10 Base-T (10/100/1000Mbps)
    • Includes 10x fixed ports, 4x on removable module
    • Interfaces 12 and 13 are labeled Management Ethernet

    Fiber Option
    (replaces 4 of the 14 RJ-45 ports)
    • 4 GbE SFP Module replaces standard 4x Copper module
    • Includes 4x 1000BaseSX Optical Transceivers
      – 850 nm Vertical Cavity Surface Emitting Laser (VCSEL)
      – LC-Duplex Fiber Connector

    10 Gb Interface Module
    (replaces 4 of the 14 RJ-45 ports)
    • 10 Gb Interface Module replaces standard 4x Copper module
    • Includes 2x 10Base-SR 850nm Multimode SFP+ transceivers
      – Each interface operates at 10Gb only

    I/O interfaces
    • 2x USB
    • 1x Serial RS232 RJ45

    I'm interested in this as well!
    They are fairly "cheap" for dedicated Firewall / IDS Appliance than can possibly run pfSense.

    Question is now :

    Are the network chips and cards recognized in FreeBSD ?

    Pro's in my book :

    • 10GBE Support
    • Gigabit FC Ethernet support
    • All ports on front of unit
    • Rack Mountable
    • Dual Quad Core and lots of Memory/CPU for intensive plug-ins as Squid / Snort / Antivirus

    Cons:

    • Power Usage but then again almost everything that's rack mounted wasn't really designed in mind for a "home" user

    correct, i am currently trying to get pfsensenano installed on it, but i cant get the stupid console port to work. i have tried a plain ol' cisco rj45-to-serial connection, but i am getting nothing.

    i do however get the management ports showing up as connected, but i cant figure out which IP they might be on.

    i am still trying to bang this thing out. i modded all the fans (even the power unit fans) so it is muuuuch more quiet. (quiet enough to talk over at a normal voice)

    i will update with what i can/cant get to work.

    :D

    *** update ***

    got nano version to install..i will attach the output dump shortly. 13gb interfaces..much more room to play with. along with 8 cpu's. not bad for under 200$ (not including the ram upgrade to be done shortly)

    *** update ***


  • Netgate Administrator

    It could be similar to the XTM8 that has 2 on-board serial ports but the front console port is in fact com2. This is a problem because the Nano images are hard coded to use com1 as the serial console and, on the XTM8 at least, the other serial port is not populated. However the BIOS is still accessible via the console port at 115200bps, hit 'TAB' to enter it, so you might try that to prove the cable.
    Cisco often had 'odd' cables that were different to those of other manufacturers. Not sure about their RJ45 cables though.

    Looking at the photos in the docs the console port appears to be on the end of a header cable. Perhaps you can swap that for a standard DB9 header instead.

    Steve

    Edit: Took too long typing.  ::) What was the trick?



  • here is the jist so far..more below

    i installed the following release: pfSense-2.1.1-RELEASE-4g-i386-nanobsd.img.gz
    (should i use amd64 to utilize all the ram currently installed? i am going to up the amount to at least 32gb in the near future)

    connecting to the console port with a normal serial->rj45 cable works. you do not have to change the speed from 9600…..
    it is pretty straight forward just like installing a nano version on a watchguard firebox x700  ...the following links helped me learn a LOT about the internals and options..tks!
    http://xtmbox.ru/docs/xtm_1050.pdf
    http://www.watchguard.com/docs/corporate/wg_xtm10De-MFR_instructions.pdf
    http://www.portwell.com/pdf/CA/NAR-7090.pdf
    https://www.watchguard.com/docs/datasheet/wg_ngfw_ds.pdf

    here is the bootup output dump. i have included some questions within the bootup output dump notated by <–

    
    1  pfSense
    2  pfSense
    
    F6 PXE
    Boot:  1
    /boot/config: -h
    
    FreeBSD/x86 boot
    Default: 0:ad(0,a)/boot/loader
    boot:
    Consoles: serial port
    BIOS drive C: is disk0
    BIOS 639kB/3668864kB available memory
    
    FreeBSD/x86 bootstrap loader, Revision 1.1
    (root@snapshots-8_3-i386.builders.pfsense.org, Wed Sep 11 18:59:49 EDT 2013)
    Loading /boot/defaults/loader.conf
    /boot/kernel/kernel data=0x9162bc data=0x51d734+0x9e0c4 syms=[0x4+0x9aa90+0x4+0x                                                                                d51ab]
    -
    Hit [Enter] to boot immediately, or any other key for command prompt.
    Booting [/boot/kernel/kernel]...
    4718592K of memory above 4GB ignored	<-- i have 8gb of ram installed, why is it ignoring the full 8gb.. non-64bit?
    Copyright (c) 1992-2012 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
            The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 19:13:36 EDT 2013
        root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc                                                                                /src/sys/pfSense_wrap.8.i386 i386
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Xeon(R) CPU           E5410  @ 2.33GHz (2327.52-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0x10676  Family = 6  Model = 17  Stepping = 6
      Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,c   ="" mov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe="">Features2=0xce3bd <sse3,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,dca,   ="" sse4.1="">AMD Features=0x20100000 <nx,lm>AMD Features2=0x1 <lahf>TSC: P-state invariant
    real memory  = 8589934592 (8192 MB)
    avail memory = 3664801792 (3495 MB)     <-- i have 8gb of ram installed, why is it ignoring the full 8gb.. non-64bit?
    ACPI APIC Table: <100608 APIC1630>
    FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
    FreeBSD/SMP: 2 package(s) x 4 core(s)
     cpu0 (BSP): APIC ID:  0
     cpu1 (AP): APIC ID:  1
     cpu2 (AP): APIC ID:  2
     cpu3 (AP): APIC ID:  3
     cpu4 (AP): APIC ID:  4
     cpu5 (AP): APIC ID:  5
     cpu6 (AP): APIC ID:  6
     cpu7 (AP): APIC ID:  7
    ioapic0 <version 2.0="">irqs 0-23 on motherboard
    ioapic1 <version 2.0="">irqs 24-47 on motherboard
    ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /bo                                                                                ot/loader.conf.
    module_register_init: MOD_LOAD (ipw_bss_fw, 0xc07330f0, 0) error 1
    ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /b                                                                                oot/loader.conf.
    module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0733190, 0) error 1
    ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw                                                                                /.
    ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in                                                                                 /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0733230, 0) error 1
    wlan: mac acl policy registered
    cryptosoft0: <software crypto="">on motherboard
    padlock0: No ACE support.
    acpi0: <100608 XSDT1630> on motherboard
    acpi0: [ITHREAD]
    acpi0: Power Button (fixed)
    acpi0: reservation of 0, a0000 (3) failed
    acpi0: reservation of 100000, dff00000 (3) failed
    Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
    acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
    cpu0: <acpi cpu="">on acpi0
    cpu1: <acpi cpu="">on acpi0
    cpu2: <acpi cpu="">on acpi0
    cpu3: <acpi cpu="">on acpi0
    cpu4: <acpi cpu="">on acpi0
    cpu5: <acpi cpu="">on acpi0
    cpu6: <acpi cpu="">on acpi0
    cpu7: <acpi cpu="">on acpi0
    pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
    pci0: <acpi pci="" bus="">on pcib0
    pcib1: <acpi pci-pci="" bridge="">at device 2.0 on pci0
    pci8: <acpi pci="" bus="">on pcib1
    pcib2: <acpi pci-pci="" bridge="">irq 16 at device 0.0 on pci8
    pci10: <acpi pci="" bus="">on pcib2
    pcib3: <acpi pci-pci="" bridge="">at device 0.0 on pci10
    pci13: <acpi pci="" bus="">on pcib3
    em0: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xdf00-0xdf1f mem 0xfde80                                                                                000-0xfde9ffff,0xfde60000-0xfde7ffff irq 16 at device 0.0 on pci13
    em0: Using an MSI interrupt
    em0: [FILTER]
    em1: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xdf80-0xdf9f mem 0xfdee0                                                                                000-0xfdefffff,0xfdec0000-0xfdedffff irq 17 at device 0.1 on pci13
    em1: Using an MSI interrupt
    em1: [FILTER]
    pcib4: <acpi pci-pci="" bridge="">at device 1.0 on pci10
    pci12: <acpi pci="" bus="">on pcib4
    em2: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xcf00-0xcf1f mem 0xfdc80                                                                                000-0xfdc9ffff,0xfdc60000-0xfdc7ffff irq 17 at device 0.0 on pci12
    em2: Using an MSI interrupt
    em2: [FILTER]
    em3: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xcf80-0xcf9f mem 0xfdce0                                                                                000-0xfdcfffff,0xfdcc0000-0xfdcdffff irq 18 at device 0.1 on pci12
    em3: Using an MSI interrupt
    em3: [FILTER]
    pcib5: <acpi pci-pci="" bridge="">at device 2.0 on pci10
    pci11: <acpi pci="" bus="">on pcib5
    em4: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xbf00-0xbf1f mem 0xfdac0                                                                                000-0xfdadffff irq 18 at device 0.0 on pci11
    em4: Using an MSI interrupt
    em4: [FILTER]
    em5: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xbf80-0xbf9f mem 0xfdae0                                                                                000-0xfdafffff irq 19 at device 0.1 on pci11
    em5: Using an MSI interrupt
    em5: [FILTER]
    pcib6: <acpi pci-pci="" bridge="">at device 0.3 on pci8
    pci9: <acpi pci="" bus="">on pcib6
    pcib7: <acpi pci-pci="" bridge="">at device 3.0 on pci0
    pci7: <acpi pci="" bus="">on pcib7
    pcib8: <acpi pci-pci="" bridge="">at device 4.0 on pci0
    pci6: <acpi pci="" bus="">on pcib8
    em6: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xaf00-0xaf1f mem 0xfd980                                                                                000-0xfd99ffff,0xfd960000-0xfd97ffff irq 16 at device 0.0 on pci6
    em6: Using an MSI interrupt
    em6: [FILTER]
    em7: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0xaf80-0xaf9f mem 0xfd9e0                                                                                000-0xfd9fffff,0xfd9c0000-0xfd9dffff irq 17 at device 0.1 on pci6
    em7: Using an MSI interrupt
    em7: [FILTER]
    pcib9: <acpi pci-pci="" bridge="">at device 5.0 on pci0
    pci5: <acpi pci="" bus="">on pcib9
    em8: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0x9f00-0x9f1f mem 0xfd780                                                                                000-0xfd79ffff,0xfd760000-0xfd77ffff irq 16 at device 0.0 on pci5
    em8: Using an MSI interrupt
    em8: [FILTER]
    em9: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0x9f80-0x9f9f mem 0xfd7e0                                                                                000-0xfd7fffff,0xfd7c0000-0xfd7dffff irq 17 at device 0.1 on pci5
    em9: Using an MSI interrupt
    em9: [FILTER]
    pcib10: <acpi pci-pci="" bridge="">at device 6.0 on pci0
    pci4: <acpi pci="" bus="">on pcib10
    em10: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0x8f00-0x8f1f mem 0xfd58                                                                                0000-0xfd59ffff,0xfd560000-0xfd57ffff irq 16 at device 0.0 on pci4
    em10: Using an MSI interrupt
    em10: [FILTER]
    em11: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0x8f80-0x8f9f mem 0xfd5e                                                                                0000-0xfd5fffff,0xfd5c0000-0xfd5dffff irq 17 at device 0.1 on pci4
    em11: Using an MSI interrupt
    em11: [FILTER]
    pcib11: <acpi pci-pci="" bridge="">at device 7.0 on pci0
    pci3: <acpi pci="" bus="">on pcib11
    em12: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0x7f00-0x7f1f mem 0xfd38                                                                                0000-0xfd39ffff,0xfd360000-0xfd37ffff irq 16 at device 0.0 on pci3
    em12: Using an MSI interrupt
    em12: [FILTER]
    em13: <intel(r) 1000="" pro="" network="" connection="" 7.3.2="">port 0x7f80-0x7f9f mem 0xfd3e                                                                                0000-0xfd3fffff,0xfd3c0000-0xfd3dffff irq 17 at device 0.1 on pci3
    em13: Using an MSI interrupt
    em13: [FILTER]
    pcib12: <acpi pci-pci="" bridge="">irq 16 at device 28.0 on pci0
    pci2: <acpi pci="" bus="">on pcib12
    pci2: <encrypt decrypt,="" network="" computer="" crypto="">at device 0.0 (no driver attached)
    uhci0: <intel 3100="" 631xesb="" 632xesb="" usb="" controller="" usb-1="">port 0xef00-0xef1f irq 23 at device 29.0 on pci0
    uhci0: [ITHREAD]
    usbus0: <intel 3100="" 631xesb="" 632xesb="" usb="" controller="" usb-1="">on uhci0
    uhci1: <intel 3100="" 631xesb="" 632xesb="" usb="" controller="" usb-2="">port 0xef80-0xef9f irq 19 at device 29.1 on pci0
    uhci1: [ITHREAD]
    usbus1: <intel 3100="" 631xesb="" 632xesb="" usb="" controller="" usb-2="">on uhci1
    ehci0: <intel 63xxesb="" usb="" 2.0="" controller="">mem 0xfdfffc00-0xfdffffff irq 23 at device 29.7 on pci0
    ehci0: [ITHREAD]
    usbus2: EHCI version 1.0
    usbus2: <intel 63xxesb="" usb="" 2.0="" controller="">on ehci0
    pcib13: <acpi pci-pci="" bridge="">at device 30.0 on pci0
    pci1: <acpi pci="" bus="">on pcib13
    isab0: <pci-isa bridge="">at device 31.0 on pci0
    isa0: <isa bus="">on isab0
    atapci0: <intel 63xxesb2="" sata300="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376 at device 31.2 on pci0
    ata0: <ata channel="">at channel 0 on atapci0
    ata0: [ITHREAD]
    ata1: <ata channel="">at channel 1 on atapci0
    ata1: [ITHREAD]
    pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    acpi_button0: <power button="">on acpi0
    atrtc0: <at realtime="" clock="">port 0x70-0x71 irq 8 on acpi0
    uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    uart0: [FILTER]
    uart0: console (9600,n,8,1)
    uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
    uart1: [FILTER]
    ppc0: <parallel port="">port 0x378-0x37f irq 7 on acpi0
    ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
    ppc0: [ITHREAD]
    ppbus0: <parallel port="" bus="">on ppc0
    ppi0: <parallel i="" o="">on ppbus0
    acpi_throttle0: <acpi cpu="" throttling="">on cpu0
    acpi_throttle1: <acpi cpu="" throttling="">on cpu1
    acpi_throttle1: failed to attach P_CNT	<-- what failed here?
    device_attach: acpi_throttle1 attach returned 6
    acpi_throttle2: <acpi cpu="" throttling="">on cpu2
    acpi_throttle2: failed to attach P_CNT	<-- what failed here?
    device_attach: acpi_throttle2 attach returned 6
    acpi_throttle3: <acpi cpu="" throttling="">on cpu3
    acpi_throttle3: failed to attach P_CNT	<-- what failed here?
    device_attach: acpi_throttle3 attach returned 6
    Timecounters tick every 10.000 msec
    IPsec: Initialized Security Association Processing.
    usbus0: 12Mbps Full Speed USB v1.0
    usbus1: 12Mbps Full Speed USB v1.0
    ugen0.1: <intel>at usbus0
    uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0
    ugen1.1: <intel>at usbus1
    uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus1
    usbus2: 480Mbps High Speed USB v2.0
    ad0: 3823MB <transcend 20080820="">at ata0-master PIO4
    ugen2.1: <intel>at usbus2
    uhub2: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usbus2
    SMP: AP CPU #6 Launched!
    SMP: AP CPU #1 Launched!
    SMP: AP CPU #5 Launched!
    SMP: AP CPU #2 Launched!
    SMP: AP CPU #3 Launched!
    SMP: AP CPU #7 Launched!
    SMP: AP CPU #4 Launched!
    uhub1: 2 ports with 2 removable, self powered
    uhub0: 2 ports with 2 removable, self powered
    Root mount waiting for: usbus2
    Root mount waiting for: usbus2
    uhub2: 4 ports with 4 removable, self powered
    Trying to mount root from ufs:/dev/ufs/pfsense0
    WARNING: / was not properly dismounted
    Configuring crash dumps...
    Mounting filesystems...
    mount: /dev/ufs/pfsense0 R/W mount of / denied. Filesystem is not clean - run fsck.: Operation not permitted
    ** /dev/ufs/pfsense0
    ** Last Mounted on /
    ** Root file system
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    7746 files, 630390 used, 3149638 free (1598 frags, 393505 blocks, 0.0% fragmentation)
    
    ***** FILE SYSTEM MARKED CLEAN *****
    ** /dev/ufs/cf
    ** Last Mounted on /cf
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    28 files, 3851 used, 97204 free (36 frags, 12146 blocks, 0.0% fragmentation)
    
    ***** FILE SYSTEM MARKED CLEAN *****
    Setting up memory disks... done.
    Disabling APM on /dev/ad0
    
         ___
     ___/ f \
    / p \___/ Sense
    \___/   \
        \___/
    
    Welcome to pfSense 2.1-RELEASE  ...
    
    Creating symlinks......done.
    External config loader 1.0 is now starting... ad0s3
    Launching the init system... done.
    Initializing............................. done.
    Starting device manager (devd)...done.
    Loading configuration......done.
    
    Default interfaces not found -- Running interface assignment option.
    
    Valid interfaces are:    
    *all interfaces are noted as 'up', but i only plugged in my wan connection into port '0' - interface em4 .. why would it show the interfaces as being 'up' without a live link?*
    
    em0   00:90:7f:80:00:78   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em1   00:90:7f:80:00:79   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em2   00:90:7f:80:00:7a   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em3   00:90:7f:80:00:7b   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em4   00:90:7f:80:00:7c   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em5   00:90:7f:80:00:7d   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em6   00:90:7f:80:00:70   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em7   00:90:7f:80:00:71   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em8   00:90:7f:80:00:72   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em9   00:90:7f:80:00:73   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em10  00:90:7f:80:00:74   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em11  00:90:7f:80:00:75   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em12  00:90:7f:80:00:76   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    em13  00:90:7f:80:00:77   (up) Intel(R) PRO/1000 Network Connection 7.3.2
    
    Do you want to set up VLANs first?
    
    If you are not going to use VLANs, or only for optional interfaces, you should
    say no here and use the webConfigurator to configure VLANs later, em4: link state changed to UP
    if required.
    
    Do you want to set up VLANs now [y|n]? n
    
    *NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
            If you do not have *AT LEAST* 1 interfaces you CANNOT continue.
    
            If you do not have at least 1 *REAL* network interface card(s)
            or one interface with multiple VLANs then pfSense
            *WILL NOT* function correctly.
    
    If you do not know the names of your interfaces, you may choose to use
    auto-detection. In that case, disconnect all interfaces now before
    hitting 'a' to initiate auto detection.
    
    Enter the WAN interface name or 'a' for auto-detection: em4</intel></intel></transcend></intel></intel></intel></intel></acpi></acpi></acpi></acpi></parallel></parallel></parallel></at></power></serial></ata></ata></intel></isa></pci-isa></acpi></acpi></intel></intel></intel></intel></intel></intel></encrypt></acpi></acpi></intel(r)></intel(r)></acpi></acpi></intel(r)></intel(r)></acpi></acpi></intel(r)></intel(r)></acpi></acpi></intel(r)></intel(r)></acpi></acpi></acpi></acpi></acpi></acpi></intel(r)></intel(r)></acpi></acpi></intel(r)></intel(r)></acpi></acpi></intel(r)></intel(r)></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></acpi></software></version></version></lahf></nx,lm></sse3,dtes64,mon,ds_cpl,vmx,est,tm2,ssse3,cx16,xtpr,pdcm,dca, ></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,c > 
    

    if you notice in this picture .. the interfaces include the management ports, skips the console port, but INCLUDES the usb ports as interfaces (i think?)…which is strange.

    i currently have my wan link plugged into port '0' but it is actually interface em4

    if you have any other things you see from the bootup output dump…please feel free to respond..especially on the ram issue!  :-\

    i have an sas 250gb drive in the external drive bay, but i still havent figured out how to utilize it. also, i have replaced all the fans (even in the power supplies) to quieter ones that blow enough CFM .. now the unit is quiet enough to talk over with a normal voice with the fans at 100% with the internals just slightly hotter ..just slightly.


  • Netgate Administrator

    Nice.  :)

    real memory  = 8589934592 (8192 MB)
    avail memory = 3664801792 (3495 MB)    <– i have 8gb of ram installed, why is it ignoring the full 8gb.. non-64bit?

    Exactly. Like any OS 32bit FreeBSD can only address ~4GB of RAM (3.6 in this case). It sees tha RAM is there but cannot talk to it. Use the 64bit image to address all of it. Looks like you have plenty of RAM slots too.

    pci2: <encrypt decrypt,="" network="" computer="" crypto="">at device 0.0 (no driver attached)</encrypt>

    This is some on-board cryptographic accelerator that doesn't appear to be supported. I expect it's a Cavium Nitrox chip of some type. Do you know what it is? If it'd removable then you should remove it (if it definitely isn't supported) as it otherwise just uses power and interrupts.

    acpi_throttle0: <acpi cpu="" throttling="">on cpu0
    acpi_throttle1: <acpi cpu="" throttling="">on cpu1
    acpi_throttle1: failed to attach P_CNT <– what failed here?</acpi></acpi>

    This is interesting. What failed is the driver controlling the CPU speed trying to attach to the CPU. What's interesting is that it didn't fail on cpu0. It's likely that it's trying to control 4 cpus independently but in reality their clock speeds are locked together such that only cpu0 is variable. FreeBSD sees 8 CPUs but I there are in fact 2 physical processors, is that 2 cores on each with hyperthreading?

    if you notice in this picture .. the interfaces include the management ports, skips the console port, but INCLUDES the usb ports as interfaces (i think?)…which is strange.

    i currently have my wan link plugged into port '0' but it is actually interface em4

    Why do you think it's using the USB ports as interfaces? I don't see that in the log. At the end of the boot it lists only the 14 em NICs as available interfaces.

    The interface numbers are determined by the order in which they are detected at boot which is in turn determined by how the OS 'walks' the PCI bus(es). What's more interesting, to me at least  ;), is to look at the MAC addresses assigned to the NICs by Watchguard. They are *******70 to 7d. you might exepct 70 to be the first interface but it fact it appears to be 7c. There's nit much you an do about that other than discover which is which and write it down!

    Try the LCD driver when you can. If that works then we could try to get the arm/disarm LED working.

    Steve



  • you are 100% correct on the 64bit version. i am a complete DOLT for missing that! i know better than that. 17+ years, and i put the wrong image on. what a DOLT!  :o

    you are correct with the cavium card as well…its in the box..but now taken out. i wasnt sure if it was supported or not, and i actually didnt catch that in the output. thanks!

    the unit has two quad core xeon cpus (no hyperthreading on to my knowledge…i have not been able to get into the bios via the console..YET) which are 5140 models i believe. so it 'should' see four cores for each proc.
    should i even worry about that failure on the cpu driver controlling the speed? i am not at the box at the moment, but i BELIEVE i did not see that after i loaded up the 64bit image. i shall let you know.

    i figured out the interface numbering. no biggie, but i didnt think the management ports would be included. they are though…so hey...two more 1gb ports. no complaints there!

    as for the LCD driver, i havent loaded that up yet, but i will and see if i can get it to work. any suggestions on which model i should pick in the LCD driver option? the older fireboxes worked fine, but i could never get the backlight to stay on 100% of the time. i would like it to be on 100% of the time so i can just walk by it, and see it without having to push a button. just my OCD at play there.

    i am slowly moving stuff over to this box, but i havent tried HA failover to one of the older fireboxes (i wish i could find another one of these for around the price i got this one at..which was under 200$...) i REALLY wish that HA could be handled at a different layer than IP. that would help people who have to rely on one dhcp ip address, but give them the option of HA failover. ....if that makes sense?

    thank you for the information and answers stephenw10!
    now if i could just get this damn sas drive to work … i could put varnish or sometime like that on here.
    does anyone have any ideas on how to utilize the internal hdd? its just a regular sas drive with a powered back plan plugged into the mainboard. i would love to utilize the space!  :-\


  • Netgate Administrator

    @genic:

    you are correct with the cavium card as well…its in the box..but now taken out. i wasnt sure if it was supported or not

    You should check what card/chip it is because there may be some support an it would be useful to have if you're running any VPNs.

    @genic:

    i have not been able to get into the bios via the console..YET

    Other Watchguard models have had console redirect for bios access disabled by default and some have it enabled but all the bios options locked down. I would expect it to be at 115200bps and you usually have to hit 'TAB', not del, to enter the setup. Is it Award or AMI?

    @genic:

    should i even worry about that failure on the cpu driver controlling the speed?

    No. Especially not at this stage. If later on you are trying to use powerd and the CPUs are not switching speeds then perhaps it needs investigating. It may be disabled in the bios.

    @genic:

    as for the LCD driver, i havent loaded that up yet, but i will and see if i can get it to work. any suggestions on which model i should pick in the LCD driver option?

    Well all the previous models have repliocated the LCD in the original X-Core box, presumably to simplify the Watchguard OS, so I'd start off by trying that. The sdeclcd driver that is.

    @genic:

    i could never get the backlight to stay on 100% of the time. i would like it to be on 100% of the time so i can just walk by it, and see it without having to push a button. just my OCD at play there.

    You're in luck. Another user just recompiled the driver module with the backlight timer removed:
    https://forum.pfsense.org/index.php?topic=7920.msg409215#msg409215

    @genic:

    i got this one at..which was under 200$…

    :o Think you got a bargin there, I doubt you'll find another even close to that!

    @genic:

    now if i could just get this damn sas drive to work …

    I'm not really familiar with SAS drives I confess but I would expect it can be made to work. Is it connected in the dmesg output above? I would first check that the disk controller is being recongnised, it may require some additional modules loading. Check the output of pciconf -lv for unclaimed devices, labelled 'none'.

    Steve


  • Netgate Administrator

    Load of useful info in the NAR-7090 manual, here. Including the many jumper settings.
    It looks like the BIOS is AMI and is accessed at 19,200bps.

    Steve



  • @stephenw10:

    Load of useful info in the NAR-7090 manual, here. Including the many jumper settings.
    It looks like the BIOS is AMI and is accessed at 19,200bps.

    Steve

    i can only connect to it @ 9600…

    ill respond to the other answers you gave me above (i am completely up on *ix as i am on MS server software)

    oh, i could have gotten TWO of these things for under 600$, but apparently the guy selling the used boxes got a buyer for one of them...and i snatched up the other one. it was on ebay for months..both of them.

    i installed 2.1.2 64bit today (damn openssl), and got all my memory (im SUCH A DOLT!) but still nothing on the HDD. i do have 1.8gb free, but its just a 4gb cfcard. hense why i want to use the SAS drive. i will try to get into the bios to see if it is enabled....

    powerd IS working..as this is was is shown on the dashboard.
    Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
    Current: 1737 MHz, Max: 2316 MHz
    8 CPUs: 2 package(s) x 4 core(s)

    thanks for all the help...more to come.


  • Netgate Administrator

    Cool stuff.  :)
    You may need to modify the BIOS to get access to it then. Obviously some risk involved with that, see the XTM8 thread.

    Check that all the cores are being frequency changed. Try using:

    sysctl -a | grep freq
    

    It will show a whole load of things but included in that will be current frequency for each cpu.

    It looks like in the original, un-customised, Portwell box the HD caddy is SATA. Is there additional hardware in the 1050? I couldn't really see much in the de-manufacturing docs.

    Steve


Log in to reply