Successful Install on Watchguard Firebox X700!

larrys

As of October 25, 2009, Watchguard's original X-core series (X500, X700, X1000, X2500) is end-of life. That means no more updates, so you should be able to find them cheap on eBay, although there are plenty of folks still trying to get full price. All these models were license-upgradable, so the hardware is identical. You should be paying under $100 US for one – which is way cheaper than a new alix -- and gets you six ethernet ports.

Watchguard's end-of-life announcements: http://www.watchguard.com/products/resources/end-of-life-policy.asp
Photos of my X700's guts: http://cw.sampas.net/gallery2/v/Firebox/
Boot log (dmesg): http://cw.sampas.net/watchguardTerminal.TXT

While the Safenet crypto card is recognized in pfsense, it isn't used. I tried replacing it with the Soekris crypto card that works fine in Alix but it doesn't work on the X700. (I'm still running down that error.)

dotdash

@larrys:

While the Safenet crypto card is recognized in pfsense, it isn't used. I tried replacing it with the Soekris crypto card that works fine in Alix but it doesn't work on the X700. (I'm still running down that error.)

Interesting. If you look at the DMESG from /status.php does it just recognize it, or does it load the safe driver and that is not working? If the driver is not loaded, you could always try kldloading the module from FBSD 7.2.
P.S. Nice Airhead

tehtrk

I'm loving my pfGuard. Here's some truncated dmesg output. It seems that that safenet card has a driver handling it at least. I'm pretty noobish still wrt the BSD's, though, so I'm not sure how helpful this is.

# dmesg -a
Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.2-RELEASE-p4 #0: Tue Oct  6 00:56:14 UTC 2009
    sullrich@FreeBSD_7.2_pfSense_1.2.3_snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense.7
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(TM) CPU                1200MHz (1202.73-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x6b4  Stepping = 4
  Features=0x383f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,mmx,fxsr,sse>real memory  = 268435456 (256 MB)
avail memory = 248655872 (237 MB)
wlan: mac acl policy registered
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cryptosoft0: <software crypto="">on motherboard
pcib0: <intel 82815="" (i815="" gmch)="" host="" to="" hub="" bridge="">pcibus 0 on motherboard
pir0: <pci 11="" interrupt="" routing="" table:="" entries="">on motherboard
$PIR: Using invalid BIOS IRQ 9 from 2.13.INTA for link 0x63
pci0: <pci bus="">on pcib0
agp0: <intel 82815="" (i815="" gmch)="" host="" to="" pci="" bridge="">on hostb0
pcib1: <pci-pci bridge="">at device 1.0 on pci0
pci1: <pci bus="">on pcib1
pcib2: <pcibios pci-pci="" bridge="">at device 30.0 on pci0
pci2: <pci bus="">on pcib2
safe0 mem 0xe7bfe000-0xe7bfffff irq 3 at device 6.0 on pci2
safe0: [ITHREAD]
safe0: SafeNet SafeXcel-1141 rng des/3des aes md5 sha1 null</pci></pcibios></pci></pci-pci></intel></pci></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,mmx,fxsr,sse> 

On another note, I just want to show off my hard disk mounting hack. With a dremel, drill, hammer, and an anvil, I made this sweet "cold-swap" bay for a spare laptop hard drive. The first blurry pic is the bottom of just the tray, and the second is the back of the tray locked into the tray's carrier (removed from the watchguard of course).

Important note, you can't see it in these pictures but I put a piece of clear plastic film under the hard drive to keep anything from shorting on the hard drive's controller board. Otherwise you would want to have washers under the drive at the mount points to create a gap (I didn't have washers of that size).

Veeb0rg

Well, I finally got an x700 off ebay for cheap. anyone have a spare set of rack ears?

I currently have an ip330 running pfsense, looking forward to the extra power under the hood.

Plan is to get a microdrive and get pfsense up and running, then do the 512meg ram and p3 1.4 upgrade.

Chewna

Thanks tehtrk for the pictures. I currently have my drive mounted inside the box without the drive caddy in, however the frame is still there.

My plan was to just cut out the back of the tray and use it just for support, the 80GB HD that I sourced was from an old Laptop and is still in a very thin caddy itself so is protected from shorts

I have received my new CPU heatsink and fan today, so will be planning on replacing that when I get chance this evening and hopefully should have a much quieter firewall. If the fan is still too loud, I may do some temperature testing with the fan running at a slower speed either 5V or controlled with a variable resistor

I am also looking to replace the memory for the 512MB option, but really dont see the potential gains from upping the chip to a 1.4… can anyone advise?

gsiener

Hi all,

Very excited about this Firebox, as I have loads of ISPs (don't ask).  I was trying to follow the timeout thread but wasn't clear on whether the patch is in the latest RC or if I have to run the alpha 2.0 snapshots to see that.

Also, was thinking I would run this off a cf card (not microdrive) with a hdd as swap space – is this possible or am I going to make life too hard for myself?  Any advice on best approach to this?

PistolPete

Got another one coming now from Ebay for £48.
Will be able to give it a go when I get back from diving on Saturday.

bruor

I'm running pfsense 1.2.2,  full installation on IDE HD using embedded kernel.

I am/was getting watchdog timeouts reliably when trying to access the queue status page for the traffic shaper.

-I'm running PFsense with 2 physical connections to our switching environment.
-Carp is configured and in use on all interfaces.
-There are 3 subnets/interfaces using vlan tagging. Switching infrastructure is HP procurve.

In an attempt to fix this I did the following.

-Disabled ACPI - issue persists.
-Changed switch configuration from auto to 10/100-full - issue persists.

After some thought it seemed like the timouts would happen when a "lot" (burst) of traffic would try to come through, so on a whim I enabled "device polling" in system->advanced to see what would happen.

The firewall reloaded states and a test showed that the issue persisted.  Since I didn't see any mention of polling under status->interfaces  I went to ifconfig to see what was happening.

ifconfig output showed no mention of polling at all.  I verified that freebsd 7 supports polling on the re driver and issued this command for each physically connected interface on the system:

ifconfig INT_NAME polling

ifconfig output then showed "polling" under the "options" section for the interface.

A quick test of status->queues worked and I can see queue status without issues.  I beat on the web interface for awhile and only caused a single watchdog timeout to happen in the last 20 minutes at the status -> queues page (used to happen reliably every time)

I'm hoping that I won't see random watchdog timeouts pop up during the day anymore when the gui isn't in use but only time will tell.

If anyone has had success in resolvign these issues PLEASE let us know, I'm almost ready to virtualize pfsense on vmware to fix this permanently but would rather use the cool red boxes!

teh

Nice to see more watchguards being converted!

I'm still trying to get a keyboard to work on mine to do a bit more of an advanced project.

I've had one guy email me with some great information but this hasn't worked.

Can anyone give an exact pinout of the keyboard header?

Thanks

Andy

jjgoessens

Hi,

i have done it, i connected a keyboard and it works, i opened a new topic here :
http://forum.pfsense.org/index.php/topic,20242.0.html

I also improved  the lcdproc sdeclcd from ridnhard19 bay adding a keyboard support here:
http://forum.pfsense.org/index.php/topic,7920.30.html

Jean Jacques :)

teh

@jjgoessens:

Hi,

i have done it, i connected a keyboard and it works, i opened a new topic here :
http://forum.pfsense.org/index.php/topic,20242.0.html

I also improved  the lcdproc sdeclcd from ridnhard19 bay adding a keyboard support here:
http://forum.pfsense.org/index.php/topic,7920.30.html

Jean Jacques :)

You are a super star! Thank you very much.

I will give this a try tonight! Thanks!

boblmartens

Great read this thread is.

Currently I have an extra X700 at work that I am trying to get to work with pfSense and I would like to use a 2GB Compact Flash card because it seems the easiest to do some testing before I think about modding the drive carrier.

I am wondering if there is anything special I have to be aware of when installing to a Compact Flash card to use with the X700. I tried loading pfSense onto it in another machine using the 1.2.2 release. I keep hearing the embedded kernel option … do I need a different download to get that option?

Thanks in advance for the help!

jmcentire

I finally got around to taking a picture(sorry just cell phone pics) of how I have my hdd mounted…it doesn't look solid but it actually is(i can't move the drive at all):

I just angled the drive and put a single screw in, give it a try it will surprise you how solid it is.

boblmartens

Was able to get it up and running today after scrounging an old/ancient 5GB IDE drive from one of the dead laptops in the office. After I had it working I decided to reload the 2GB CF card and then try it again … with no luck.

I am using a Kingston 2GB CF card and while I can get it to load on the machine that I originally installed it on, I cannot get it to load in the Firebox for the life of me. BSD starts up so that I can open up Hyperterminal and take a look at what is coming back to me, but when it starts to load the root partition, it doesn't seem to want to load off of the CF card even though I go ahead and choose ad0 as the mount device.

Any help or ideas would be appreciated. Could it be the Kingston card I am using? Any ideas?

boblmartens

I got it working, just had to read on how to install to a CF card .. I glossed over a couple of things.

Now to try and clean some stuff up and get some other things working! Really impressed so far and looking forward to seeing what can be done with it. I now need to try and find a better CF card to use in the box … probably something a little bit faster.

secure.boy

i have for sale Watchguard x700 (1.2GHz celeron, 256MB SDRAM, 512MB CF)
contact me at secure[dot]boy[at]hotmail[dot]com or pm

gpapaiko

Hi,

I have a watchguard x1000 and got pfsense 1.2.2 working on it (on hard disk).
Since this boxes have a LCD display and 4 button I was wondreing if anyone manged to ge the LCD diaply and buttons working.
If so how.

Also it has a encryption safe net card -  what command can i run to see if it has been picked and reccoginsed by pfsense.

Thansk
George.

jjgoessens

Hi,

Here it is :
http://forum.pfsense.org/index.php/topic,7920.45.html#lastPost

i installed it on a pf 1.2.3, but it should work with 1.2.2.

ridnhard19 wrote the display driver, i just added keybord & backlight functions.

JJ

emigrating

Has anyone tried installing pfSense on one of the later model X550e or X750e Fireboxes?
My X700 is still going strong, but I'm really starting to feel the need for a GbE firewall.

Unubtanium

@emigrating:

Has anyone tried installing pfSense on one of the later model X550e or X750e Fireboxes?
My X700 is still going strong, but I'm really starting to feel the need for a GbE firewall.

Have not yet, but as soon as my hands land on one of this i WILL give it a go.  ;D