Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Successful Install on Watchguard Firebox X700!

    Scheduled Pinned Locked Moved Hardware
    690 Posts 151 Posters 1.2m Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Online
      stephenw10 Netgate Administrator
      last edited by

      I could probably manage that sometime this weekend, I'll have to check the status of my X-Core box. However you should really have a serial console cable. Sometimes it's the only way of accessing the box, if you've accidentally locked yourself out for example. They are very cheap and easily available (in most places).

      Steve

      1 Reply Last reply Reply Quote 0
      • W Offline
        webspeed
        last edited by

        @stephenw10:

        I could probably manage that sometime this weekend, I'll have to check the status of my X-Core box. However you should really have a serial console cable. Sometimes it's the only way of accessing the box, if you've accidentally locked yourself out for example. They are very cheap and easily available (in most places).

        Steve

        Thanks Steve, the image would give me the instant gratification we all crave :) even though I guess buying a serial cable is inevitable…

        1 Reply Last reply Reply Quote 0
        • D Offline
          drdyno
          last edited by

          Steve,

          Have you ever tried to use the 256mb CF card that came in the firebox to install pfsense or you just get bigger cf cards?

          I hate going out to buy one if i dont have to.

          I managed to pick up a x550e this week for $50

          Jeff

          1 Reply Last reply Reply Quote 0
          • stephenw10S Online
            stephenw10 Netgate Administrator
            last edited by

            The smallest pfSense Nano image is 512MB. The price of 2GB CF cards is pretty low but I agree I hate spending money unnecessarily.  ;)

            Steve

            1 Reply Last reply Reply Quote 0
            • W Offline
              webspeed
              last edited by

              @drdyno:

              Steve, have you ever tried to use the 256mb CF card that came in the firebox to install pfsense or you just get bigger cf cards? I hate going out to buy one if i dont have to. I managed to pick up a x550e this week for $50. Jeff

              Search eBay and you'll see Hitachi 4gb microdrives listed for $5 shipped, not a big investment :)

              1 Reply Last reply Reply Quote 0
              • stephenw10S Online
                stephenw10 Netgate Administrator
                last edited by

                Careful with those. Not all microdrives support ATA mode on the interface.
                http://doc.pfsense.org/index.php/Microdrive_embedded_installations

                Steve

                1 Reply Last reply Reply Quote 0
                • C Offline
                  CuriousG
                  last edited by

                  Today I had an issue with the webgui so I decided to reboot through the LCD, I did hear the speaker where it would indicate it was going to reboot but after about a minute I tried the procedure again and that didn't work.  So I just manually flipped the switch.  When I turned it back on, all I got on the LCD was a bunch of blocks on the top half the of the display.

                  Has anyone run into this issue where the CF fails to boot?  I've had this in production for about 3 months running pfSense 2.03 upgraded from 2.02.

                  I'm not sure if I saved the configuration so is there a way for me to extract the configuration before rewriting the CF?  This is using a 2GB Team CF rated 133X.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Online
                    stephenw10 Netgate Administrator
                    last edited by

                    You can mount the card and read it on a FreeBSD system. The config.xml file is stored in the config slice which is the smallest of the three on the card.

                    The two X700 boxes I've had behaved differently. The one I have currently working shows the row of blocks exactly as you describe before booting correctly. The previous one showed various things during the boot stages but eventually stopped booting all together. I think it was a dead capacitor on the board but it also had transit damage. Before it died completely it would boot maybe every third try. You could tell it wasn't going to boot because the arm/disarm LED did something odd (I can't quite remember what).

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • W Offline
                      webspeed
                      last edited by

                      I need some help with two pesky issues:

                      1. Getting hyper terminal to connect to Firebox x700 console. I bought a Cisco console cable (same that Watchguard provides) and I can't see any output either with Hyper Terminal or Putty, check the configuration, etc. to no avail.  I installed pfsense both on a CF card and on a PATA drive, and tested it on a laptop, it worked fine.  I also check that the Firebox x700 is in working order by installing the original 64mb CF card back in, booted fine.

                      2. Removing the heatsink, it's one of those bright orange copper things and I don't see how to remove it, I downloaded Watchguard's manual and it says "Remove CPU by disconnecting heatsink clip and lifting socket arm" but I don't see how to disconnect said clip, it's embedded in the center of the clip like a tight belt.

                      Any help would be greatly appreciated.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Online
                        stephenw10 Netgate Administrator
                        last edited by

                        Do you see any output from the console when you boot the Watchguard OS? The console speed is 115200 for the original OS and 9600 for pfSense. You will have to change the speed to avoid the serial port at some point.
                        https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Serial_Port_Quirk
                        If you don't see any output then you probably have the wrong cable.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • W Offline
                          webspeed
                          last edited by

                          @stephenw10:

                          If you don't see any output then you probably have the wrong cable.
                          Steve

                          Can you point to an example of the right console cable? I bought a "RJ45 to DB9 Cisco Console Management Cable", same as provided by Watchguard, it should work.

                          Regards

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Online
                            stephenw10 Netgate Administrator
                            last edited by

                            Hmm, how have you connected this? The console port on the x-core is db9 not rj45.
                            I would expect to use something like this:
                            http://www.amazon.com/Tripp-Lite-Modem-Cable-P450-006/dp/B000067SCH
                            I haven't tried that cable personally.

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • W Offline
                              webspeed
                              last edited by

                              Thanks for your answer and the link. The cable I bought has DB9 on one end (to the Firebox) and a RJ45 on the other (to ethernet on my laptop). Hyperterminal says it's "connected" but I never get any output

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                doktornotor Banned
                                last edited by

                                @webspeed:

                                Thanks for your answer and the link. The cable I bought has DB9 on one end (to the Firebox) and a RJ45 on the other (to ethernet on my laptop). Hyperterminal says it's "connected" but I never get any output

                                Oh… lol. This cannot work. You need DB9 -> USB. Like http://www.ebay.co.uk/itm/230584255185

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Online
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Exactly. You can't use an ethernet port to talk serial. If your laptop, or any other machine you have, doesn't have a serial port then you will need a USB to serial converter in addition to the null modem cable. The one Doktornotor linked to above is what I'm using since most modern computers don't have a serial port.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Online
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    A short while ago I ran some tests on the SafeXcell encryption card in most X-Core boxes. I was inspired by this thread in which it is claimed the card not only works but speeds up a VPN connection significantly.

                                    There isn't any doubt that the card is supported to some extent by the safe(4) driver. If you run cryptotest from the console it reports the crypto framework correctly using the card and gives some test figures.
                                    A simolar result can be seen by running openssl speed:

                                    Without the Safenet card

                                    [2.0.3-RELEASE][root@pfSense.localdomain]/root(1): openssl speed -evp aes-128-cbc
                                    
                                    Doing aes-128-cbc for 3s on 16 size blocks: 4443103 aes-128-cbc's in 2.89s
                                    Doing aes-128-cbc for 3s on 64 size blocks: 1258138 aes-128-cbc's in 2.91s
                                    Doing aes-128-cbc for 3s on 256 size blocks: 318359 aes-128-cbc's in 2.87s
                                    Doing aes-128-cbc for 3s on 1024 size blocks: 80907 aes-128-cbc's in 2.89s
                                    Doing aes-128-cbc for 3s on 8192 size blocks: 10450 aes-128-cbc's in 2.98s
                                    OpenSSL 0.9.8y 5 Feb 2013
                                    built on: date not available
                                    options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) 
                                    compiler: cc
                                    available timing options: USE_TOD HZ=128 [sysconf value]
                                    timing function used: getrusage
                                    The 'numbers' are in 1000s of bytes per second processed.
                                    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
                                    aes-128-cbc      24627.37k    27709.88k    28411.35k    28646.12k    28707.23k
                                    
                                    

                                    With the Safenet card:

                                    [2.0.3-RELEASE][root@pfSense.localdomain]/root(13): openssl speed -evp aes-128-cbc
                                    
                                    Doing aes-128-cbc for 3s on 16 size blocks: 117285 aes-128-cbc's in 0.14s
                                    Doing aes-128-cbc for 3s on 64 size blocks: 110095 aes-128-cbc's in 0.05s
                                    Doing aes-128-cbc for 3s on 256 size blocks: 93032 aes-128-cbc's in 0.04s
                                    Doing aes-128-cbc for 3s on 1024 size blocks: 56316 aes-128-cbc's in 0.05s
                                    Doing aes-128-cbc for 3s on 8192 size blocks: 8643 aes-128-cbc's in 0.00s
                                    OpenSSL 0.9.8y 5 Feb 2013
                                    built on: date not available
                                    options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) 
                                    compiler: cc
                                    available timing options: USE_TOD HZ=128 [sysconf value]
                                    timing function used: getrusage
                                    The 'numbers' are in 1000s of bytes per second processed.
                                    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
                                    aes-128-cbc      13690.32k   156398.83k   538937.61k  1147202.67k 70803456.00k
                                    

                                    The number when using the card are far higher at 64bytes or higher. However at small sizes it's actually lower.

                                    When running a real test using an site to site style OpenVPN connection with the X-Core box as one end the results are interesting. Using aes-128-cbc I was able to push ~25Mbps but after removing the card completely I was seeing ~33Mbps. This is perhaps understandable if VPN traffic is  mostly small packets. It seems that to make use of the card would require tuning the VPN tunnel to use much larger packets.

                                    In the wiki page I have said that the Safenet card does not work correctly. It would seem from my testing that better advise would be to remove it completely but I would like to get other opinions on that. Anyone seen similar results?

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • S Offline
                                      scalda
                                      last edited by

                                      Hi all

                                      I have just aquired a x700 and i have read all through this thread

                                      i am having a real problem getting this to work. the original watchguard software boots up no problem, i've tried all the nano images at pfsense and none of them will boot the device. i've tried the live install with still no luck, i bought a new null female to female console cable and that doesn't show anything i've used putty and teraterm.

                                      has anyone got any ideas or a image of thiers would be nice.

                                      thanks in advance

                                      Scalda

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Online
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        So you can see the bootup output from the watchguard OS via your cable?
                                        What size cf card are you trying?

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • S Offline
                                          scalda
                                          last edited by

                                          @stephenw10:

                                          So you can see the bootup output from the watchguard OS via your cable?
                                          What size cf card are you trying?

                                          Steve

                                          no i don't see it on the watchguard boot up either but the watchguard boots up and the arm light turns green, and displays the uptime

                                          i am using a 4GB card

                                          thanks

                                          Scalda

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Online
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Then you have a problem with your serial console setup. You should see something at 115200bps from the watchguard OS even if you're using a 3 wire serial cable.
                                            In all likelihood the pfSense Nano images are booting ok and waiting at the initial interface setup menu.
                                            You need to prove your serial setup with something.

                                            Steve

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.