Successful Install on Watchguard Firebox X700!
-
There's no easy way to expand your existing image into a bigger card but it's easy enough to backup/restore your config into a new image.
There is almost no point in using a microdrive. CF cards are now very large and very cheap.
The only situation you might want to use one is for a full install with logging to disk and access to all the packages. In this situation you are not restricted by the limited writes of flash memory.Some microdrives do not support ATA mode and cannot be used as HD replacement, as it is in the firebox. Typically these include ipod types sold on ebay! ;)
Steve
-
Thanks for the tips and suggestions - and this whole thread all together.
I just went ahead and stuck a 4GB in there (from WalMart of all places) when I killed my first build trying to bridge the three extra ports to LAN, so I should be good there. I figured while it was dead was the best time to maximize it. I'll probably never use anything above the 512, but you never know.
I'm so stoked now. I went from never having even flashed a consumer router to firing up a Netflix stream, seeing which WAN it was using, shutting it off, and watching it switch ISPs without so much as a stutter or hiccup.
Even if I never get the extra ports going, it's already awesome.
-
Still playing around with setting these bad boys up. I have 2 x700's all modded up to run super quiet. Of course, I didn't realize that one of them doesn't seem to work.
I have two hard drives with embedded 1.2.3 installed. I tried both of them on the first x700 and they both boot up fine with the LCD proc package showing stats on the screen and serial and web console working.
I have connected both to my second x700 and it always hangs with the following showing on the serial console
/boot.config: -D\
Also the lcd proc never loads up and the web console never works, nor does the box serve up ip addresses to the connected computers.
Any suggestions as to what is going on or is this firebox fried? I tried different hard drives and different ATA cables, so I have ruled that out.
It booted properly with the original watchguard software CF card
-
Any suggestions as to what is going on or is this firebox fried?
It booted properly with the original watchguard software CF card
Well it's not fried if it boots from the Watchguard CF.
It could be a bad IDE socket. It could be different bios settings. Maybe try reseting the cmos.
Have you tried pfSense Nano of a CF card?Steve
-
No, I guess I will have to go out and buy a CF card to try that.
Tried resetting the CMOS multiple times (removing pin and battery and disconnecting power source), and also selected load bios defaults from lcd menu
Is the boot.config prompt from the bios or is that being read off of the hard drive?
What speed and size Cf card is recommended?
-
The prompt is coming from the hard drive.
The speed of the cf card doesn't really matter since, once booted, pfSense runs almost entirely from ram.
Nanobsd images are available for 512mb, 1gb, 2gb and 4gb cards. I have 2 and 4gb cards but almost always use the the 1gb image, mostly because it takes such a long time to write to the card.Steve
-
I got my X700 today, and like many before me, found it definitely needs to be quieter.
I'm curious. Has anyone tried a passive cooler? I've seen a couple 1U passive coolers for 370, and wondered if that might be an option. I've got a Core2Duo 1U server with a passive sink, but it's got some ducting on it and 3x40mm fans blowing into it. I wasn't sure if you had to go with ducting with a passive sink, or if they ever work alone?
I changed out the 3 40mm back fans with the quieter one's - Scythe mini-kaze SY124010L and used a thin cooler master 60mm flat style on top if the processor heat sync I found at an electrical wholesaler here in florida. - A lot quieter - I did not take any readings but cut the noise by at least half. I ordered the Papst 60mm but the larger thicker style by accident and it will not fit. The thread here has the types and the Scythe was easy to find. Be watchful ordering the 60mm for the heat sync as there is very little clearance.
-
If the clearance is very small, have you cut a hole in the top of the case to allow air in/out?
Assuming you are using an axial fan, such as this.
Steve
-
Steve - when I searched for the Papst number you have to pay attention to the thickness and I did not (pay attention)
The Papst 612 came in and it is the thicker 25mm style… I did the search based upon the model number 612 but there are different versions. Your link is pointing the correct one... 612 - 15mm width and that is still close when the cover goes on. Thanks for the link...H.
-
anyone else find that a reboot from the gui does nothing on 2.0?
Yes - same here…
I built out 2.0rc1 on my laptop with an extra PCMCIA Xircom network card and used single processor.
Enabled console on GUI.H.
-
Stephenw10 is right, the issue that you are having is very odd.
I did a full install on my firebox2 (old x700) a week or so back with no issues.
Got the lcd driver that Stephenw10 put together to work and now, with this help, have got the arm/disarm lcd turned green on both my fireboxes now as well!Both my fireboxes still have their safenet card, but both my installations are full on a (6GB-ish) ide disk that I rescued from laptops in years long past.
Ditto - and Thanks Stephenw10 for the LCD fix - working great…..
-
Again, has anyone upgraded the memory on these boxes and gotten it to see the additional? I placed a 512meg module in the box, and it still registers at 256meg. I tried 2 separate sticks.
Perhaps jumper settings somewhere on the board?
Upgraded it to 512 MB just this week:
Kingston KVR100x64C2/512 512MB PC100 CL2
Also changed out the heatsink and fan - that is the MAJORITY of the noise factor in the x700 - they use a fan designed by Y.S. Tech (?) that was pushing 7200+ RPM's. I switched and installed a lower/larger fan combo @ 5500 RPM's and temps dropped by 10C and the noise is SUBJECTIVELY quieter.
(Granted I did not test decibel levels prior to the fan switch out)Hope that helps - <3 pfSense on my WatchGuard btw - still working on getting the LCD to do its thang…otherwise, it works like a champ.
Dayblade
Thanks for the detailed info man. I'm looking to upgrade both ram and heatsink. I think I'll just play it safe and go with the ram you mentioned. Do you have the model number for that YS tech HSF? Sounds like it's performing well.
Apart from low ram (when running snort lol) and that whine I'm loving this WG pfsense box!
I tried the Kingston - Kingston 512MB
It keeps rebooting on this memory. I have a lot of old parts and found HP double sided 133 and it runs stable on that. I ordered the Kingston online and will ask the vendor to re-test it. Not sure if it is bad memory or something else - Currently running WG X700 with PFSense 2.0 Rc1. -
Hi…
I was asked to help with this first x700 box I have been working on - from a customer and setup the box with everyone's help here - for delivery next week. Thank-you everyone and big thanks to Steve who drilled down the LCD and LED issue. It has been tested and running stable for a number of days.I just bought another x700 on eBay for $71 shipped... Not that cheap but I will be re-working this box for another small business - this is starting to catch on here with my customers when I say low cost firewall they say they want to try it!
Now I just saw the ALIX boxes and this is even more interesting! The 3 port small box setup looks great... Now I want to try that and setup the CF card with the embedded image...
Thanks for all the help with the first attempt - it runs great!...
H.
-
Hi
A little OT, but this thread has become the definitive resource for watchguard hardware.
I picked up an x1000 from ebay that appeared to be DOA in that it would power up, but not POST (no beeb, arm/disarm light not lit). Lid comes off and after some diagnostics (swapping CPU and ram and putting CF card in another unit) I found that if the battery was removed and left out, the unit would POST and my forcing OS boot (select 0 at boot menu) the device would start to boot, but hang with the following one the console:
/etc/rc.d/rc.sysinit: /etc/sysconfig/clock: line 1: unexpected EOF while looking for matching `"'
/etc/rc.d/rc.sysinit: /etc/sysconfig/clock: line 4: syntax error: unexpected end of fileSo I take the CF back out again, and place in an x500 known working which produces:
/etc/rc.d/rc.sysinit: /etc/sysconfig/clock: line 1: unexpected EOF while looking for matching `"'
/etc/rc.d/rc.sysinit: /etc/sysconfig/clock: line 4: syntax error: unexpected end of file
Setting clock : Sat May 7 02:58:06 BST 2011 [ OK ]so the x1000 is hanging on setting the clock. Given there is no battery installed, this might make a bit of sense.
If I let the unit boot to the hang point without the battery AND with the BIOS reset jumper removed, and then put the jumper on when the device is live, it will boot through to completion. ???
Another strange thing is that on the boot menu, which would usually have a count down from 5 to 0, doesn't count, it just stays at 5 waiting for keyboard intervention.
Anyone with any ideas what is going on here? This does strike me as a hardware issue, but is this a recoverable situation?
As an aside, when swapping the CF card between the devices, I found that the model and serial numbers we set as per the unit the card was in (ie, always matched the sticker on the back). Seeing as all hardware in the x-core range is the same, where does this info come from? If I could "fool" the x500 into thinking it was the x1000, I'd be able to swap the cards out and be ok.
If I can get the device to boot, it will be next in line for my 3rd PFSense box - there, back on topic ;)
I took the HDD from my working PFsense x700 and placed it in the x1000 and hangs here:
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ ³
³ ³
³ ³
³ Welcome to pfSense! ³
³ ³ ______
³ ³ /
³ 1. Boot pfSense [default] ³ / f
³ 2. Boot pfSense with ACPI enabled ³ / \ /
³ 3. Boot pfSense in Safe Mode ³ / p _/ Sense
³ 4. Boot pfSense in single user mode ³ \ /
³ 5. Boot pfSense with verbose logging ³ _____/
³ 6. Escape to loader prompt ³ \ /
³ 7. Reboot ³ ______/
³ ³
³ ³
³ ³
³ ³
³ Select option, [Enter] for default ³
³ or [Space] to pause timer 3 ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙCopyright 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.2-RELEASE-p5 #0: Sun Dec 6 23:05:10 EST 2009
sullrich@FreeBSD_7.2_pfSense_1.2.3_snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_wrap.7.i386also, the countdown in the menu above also does not count down...
Thanks
Stuart
-
Stuart…
Just for fun did you try another piece of memory or reseat the existing memory?
H -
Stuart…
Just for fun did you try another piece of memory or reseat the existing memory?
HYeah, new memory & CPU from known working unit
-
Did you test or replace the battery? Many systems upon booting with a completely blank CMOS will through an error, set the defaults and then reboot. However with no battery or a veryflat one it can get stuck in a loop.
The serial number and model is stored in an EPROM on the board and you would need special software to alter it. If it was easy you could change your box from an x500 to an x1000 without paying.Steve
-
Did you test or replace the battery? Many systems upon booting with a completely blank CMOS will through an error, set the defaults and then reboot. However with no battery or a veryflat one it can get stuck in a loop.
The serial number and model is stored in an EPROM on the board and you would need special software to alter it. If it was easy you could change your box from an x500 to an x1000 without paying.Steve
Yep, battery replaced with one from known working box. Still only boots without battery.
Is the EPROM the IC almost centre in the brown receptacle? Cause I swapped those between boxes too ;)
-
Stuartw…
Beyond the battery, processor & mem there is not much else unless you get to the component level.
Sorry, but beyond that I would not know what else unless it is trial and error.
My guess is try everything again with the standard mem, standard celeron and no CF card/hard drive and see if there is anything you missed going on in the bios.Unrelated but FWIW: I had an issue with my first X700 box and the hard drive I was using would not upgrade to 2.0 - 1.2.3 would run fine - I know this is not your symptom but just in case someone else is hitting the same wall I was. These are basic system boards so perhaps thinking through all aspects which it seems you have done the other item I would look at is the jumpers on the sys board. Find a photo and recheck those. Someone put a high def photo of the stock board and may be you could find it and recheck the jumpers.
I am wondering if there is a bios flash for these and/or new bios chip? It is probably soldered on but that would be what I would do after installing everything back stock, rechecking the jumpers and work a reboot from there... -
FWIW - A bit off topic but it relates to Watchguard platform…
Yesterday I installed Squid, Squid Proxy and am running transparent, setup Squid, setup Country Block, and finally guest wireless services with the portal working. I have 512mem, PIII and this x700 will be for a small office of only 10 to 15 connections so I have plenty of overhead. Today I sandwiched the x700 on my home network and started backing up one of my production websites and downloaded 2.1 gig without a hitch all the time still using the interface and web access working on another site that I was uploading some files to. The x700 took it all in stride and without a hick-up - The box is transparent and causes no lag or delay... Waiting on my next box to arrive that I bought on eBay...
My customer on this first one x700 is still out of town but I will be delivering this sometime in the next 2 weeks. I found a couple good primers that I posted on my nettechonlinedotnet website that link to discussions on DNS blacklist, Squid and Squid Proxy and some other primers. All basic stuff but if anyone is interested it will help you get a foot hold on some of the capabilities of PFS.