Successful Install on Watchguard Firebox X700!
-
i have a question about the steps to install pfsense on a firebox.
3. 99 Install, accepted all defaults except chose embedded kernel
Why the embedded kernel, instead of the UniProcessor one?
-
The embedded kernel uses com1 for console access, useful when you have no on board video.
Also it disables swap and logs to ram, very important if you are booting from flash.
Most people use the NanoBSD install now though which has both the above features as well as running two slices with one for backup.Steve
-
I don't know if this is the best place for this, but since I'm running an x700…
How do I access the config menu in the console after Bootup complete?
I need to change my LAN IP before I add it to my network, since most of my boxes are static.
I see a menu in almost every screenshot of a boot, but don't see how it was accessed, and I'm not seeing it (not searching right) in the docs
-
What are you booting your firebox from? Which install type is it?
If you have installed a NanoBSD image onto a CF card and booted from that then the menu should appear on the serial console after the box has booted. You should see all the boot messages before that.
Steve
-
What are you booting your firebox from? Which install type is it?
If you have installed a NanoBSD image onto a CF card and booted from that then the menu should appear on the serial console after the box has booted. You should see all the boot messages before that.
Steve
Thanks - Yes - that's what I'm using, sorry - 2.0RC on a 512CF (biggest I had. I'll upgrade later)
While I read all this thread before starting, it's a lot to take in before the part where you actually sit down with the box. In reading back again I see several other mentions of 2.0RC stopping after Bootup Complete, but the WebGUI working.
I guess these don't have autonegotiate, and I stuck a laptop on there, but without a crossover and couldn't load the WebGUI. I'll try it with a switch tonight and see if it's there.
-
Unfortunately the web GUI won't come up until you have assigned at least the LAN interface in the console.
Try using the 1.2.3 image first.Steve
-
I actually did get the web gui after adding a switch to the mix. But it went downhill from there. I had it working momentarily, but pretty much bricked it somehow, and decided to start over.
This time I went the 1.2.3 route and upgraded from the web gui - pretty painless all in all. If I had it to do over again, that's the way I'd go from scratch.
While I'm typing, a question that doesn't technically belong here - but anyone know if there's a process for changing to a larger CF, but keeping your configuration/build? Or do you have to start from scratch? And any advantages/gotchas to a Microdrive for nano?
-
There's no easy way to expand your existing image into a bigger card but it's easy enough to backup/restore your config into a new image.
There is almost no point in using a microdrive. CF cards are now very large and very cheap.
The only situation you might want to use one is for a full install with logging to disk and access to all the packages. In this situation you are not restricted by the limited writes of flash memory.Some microdrives do not support ATA mode and cannot be used as HD replacement, as it is in the firebox. Typically these include ipod types sold on ebay! ;)
Steve
-
Thanks for the tips and suggestions - and this whole thread all together.
I just went ahead and stuck a 4GB in there (from WalMart of all places) when I killed my first build trying to bridge the three extra ports to LAN, so I should be good there. I figured while it was dead was the best time to maximize it. I'll probably never use anything above the 512, but you never know.
I'm so stoked now. I went from never having even flashed a consumer router to firing up a Netflix stream, seeing which WAN it was using, shutting it off, and watching it switch ISPs without so much as a stutter or hiccup.
Even if I never get the extra ports going, it's already awesome.
-
Still playing around with setting these bad boys up. I have 2 x700's all modded up to run super quiet. Of course, I didn't realize that one of them doesn't seem to work.
I have two hard drives with embedded 1.2.3 installed. I tried both of them on the first x700 and they both boot up fine with the LCD proc package showing stats on the screen and serial and web console working.
I have connected both to my second x700 and it always hangs with the following showing on the serial console
/boot.config: -D\
Also the lcd proc never loads up and the web console never works, nor does the box serve up ip addresses to the connected computers.
Any suggestions as to what is going on or is this firebox fried? I tried different hard drives and different ATA cables, so I have ruled that out.
It booted properly with the original watchguard software CF card
-
Any suggestions as to what is going on or is this firebox fried?
It booted properly with the original watchguard software CF card
Well it's not fried if it boots from the Watchguard CF.
It could be a bad IDE socket. It could be different bios settings. Maybe try reseting the cmos.
Have you tried pfSense Nano of a CF card?Steve
-
No, I guess I will have to go out and buy a CF card to try that.
Tried resetting the CMOS multiple times (removing pin and battery and disconnecting power source), and also selected load bios defaults from lcd menu
Is the boot.config prompt from the bios or is that being read off of the hard drive?
What speed and size Cf card is recommended?
-
The prompt is coming from the hard drive.
The speed of the cf card doesn't really matter since, once booted, pfSense runs almost entirely from ram.
Nanobsd images are available for 512mb, 1gb, 2gb and 4gb cards. I have 2 and 4gb cards but almost always use the the 1gb image, mostly because it takes such a long time to write to the card.Steve
-
I got my X700 today, and like many before me, found it definitely needs to be quieter.
I'm curious. Has anyone tried a passive cooler? I've seen a couple 1U passive coolers for 370, and wondered if that might be an option. I've got a Core2Duo 1U server with a passive sink, but it's got some ducting on it and 3x40mm fans blowing into it. I wasn't sure if you had to go with ducting with a passive sink, or if they ever work alone?
I changed out the 3 40mm back fans with the quieter one's - Scythe mini-kaze SY124010L and used a thin cooler master 60mm flat style on top if the processor heat sync I found at an electrical wholesaler here in florida. - A lot quieter - I did not take any readings but cut the noise by at least half. I ordered the Papst 60mm but the larger thicker style by accident and it will not fit. The thread here has the types and the Scythe was easy to find. Be watchful ordering the 60mm for the heat sync as there is very little clearance.
-
If the clearance is very small, have you cut a hole in the top of the case to allow air in/out?
Assuming you are using an axial fan, such as this.
Steve
-
Steve - when I searched for the Papst number you have to pay attention to the thickness and I did not (pay attention)
The Papst 612 came in and it is the thicker 25mm style… I did the search based upon the model number 612 but there are different versions. Your link is pointing the correct one... 612 - 15mm width and that is still close when the cover goes on. Thanks for the link...H.
-
anyone else find that a reboot from the gui does nothing on 2.0?
Yes - same here…
I built out 2.0rc1 on my laptop with an extra PCMCIA Xircom network card and used single processor.
Enabled console on GUI.H.
-
Stephenw10 is right, the issue that you are having is very odd.
I did a full install on my firebox2 (old x700) a week or so back with no issues.
Got the lcd driver that Stephenw10 put together to work and now, with this help, have got the arm/disarm lcd turned green on both my fireboxes now as well!Both my fireboxes still have their safenet card, but both my installations are full on a (6GB-ish) ide disk that I rescued from laptops in years long past.
Ditto - and Thanks Stephenw10 for the LCD fix - working great…..
-
Again, has anyone upgraded the memory on these boxes and gotten it to see the additional? I placed a 512meg module in the box, and it still registers at 256meg. I tried 2 separate sticks.
Perhaps jumper settings somewhere on the board?
Upgraded it to 512 MB just this week:
Kingston KVR100x64C2/512 512MB PC100 CL2
Also changed out the heatsink and fan - that is the MAJORITY of the noise factor in the x700 - they use a fan designed by Y.S. Tech (?) that was pushing 7200+ RPM's. I switched and installed a lower/larger fan combo @ 5500 RPM's and temps dropped by 10C and the noise is SUBJECTIVELY quieter.
(Granted I did not test decibel levels prior to the fan switch out)Hope that helps - <3 pfSense on my WatchGuard btw - still working on getting the LCD to do its thang…otherwise, it works like a champ.
Dayblade
Thanks for the detailed info man. I'm looking to upgrade both ram and heatsink. I think I'll just play it safe and go with the ram you mentioned. Do you have the model number for that YS tech HSF? Sounds like it's performing well.
Apart from low ram (when running snort lol) and that whine I'm loving this WG pfsense box!
I tried the Kingston - Kingston 512MB
It keeps rebooting on this memory. I have a lot of old parts and found HP double sided 133 and it runs stable on that. I ordered the Kingston online and will ask the vendor to re-test it. Not sure if it is bad memory or something else - Currently running WG X700 with PFSense 2.0 Rc1. -
Hi…
I was asked to help with this first x700 box I have been working on - from a customer and setup the box with everyone's help here - for delivery next week. Thank-you everyone and big thanks to Steve who drilled down the LCD and LED issue. It has been tested and running stable for a number of days.I just bought another x700 on eBay for $71 shipped... Not that cheap but I will be re-working this box for another small business - this is starting to catch on here with my customers when I say low cost firewall they say they want to try it!
Now I just saw the ALIX boxes and this is even more interesting! The 3 port small box setup looks great... Now I want to try that and setup the CF card with the embedded image...
Thanks for all the help with the first attempt - it runs great!...
H.