Successful Install on Watchguard Firebox X700!
-
Here is a quick question while it is not really on pfsense it goes on this topic. I want to run pfsense on my x700 and run a UTM on my x1000, has anyone tried this with something like untangle? Is the hardware of these guys not that powerful? Not planning on using virus protection which I assume uses resources. I would ask on their forums but I really find no reference to the fireboxes there, but here the knowledge is known a lot more.
Kind of late, but I just saw this.
I doubt Untangle can run smoothly on these machines at all. I believe I have read that someone got Endian installed on one of these and it worked just fine. I plan on installing Endian on a spare x700 of mine when I have some free time. I suggest adding more memory to the box no matter what UTM you are going to use. 256MB just isn't enough. Oh, and you'll want to use a hard drive rather than a CF (Unless it's a microdrive) because I don't know of a UTM that is made to limit writes to the CF to extend flash memory lifetime. -
Stopped by to report a different issue but wanted to thank you again Casey for the help. I am now up and running with an X1250e with pfSense on a 4GB CF card. Video on my web site for anyone that wants a look at it spread eagle and working.
-
Really considering setting up one of these if I can get one cheap.
Has anyone tested to see how much power these things actually consume?Thanks
-
According to watchguard's site it uses 50W. My Kill-A-Watt shows 53W of useage, but I am also using a HDD instead of a CF card.
-
Thanks, think this is a litte too high, may have to look into the alix boards now.
-
My X-peak uses about 37W (idle) with an underclocked processor.
Steve
-
i found a driver in realteks website regarding the RTL8139+ found on x700s
im posting a RS link to driver. Can anyone test and see if watchdog errors are resolved??
http://rapidshare.com/files/423085904/uw-8139_220_.zip
-
That isn't a BSD driver and it's actually dated 2005!
I don't think it's going to help. :(Steve
-
I recently put pfsense 1.2.3 on x1250e and all works very well. I want use this system as a bridge filter. Im using the devices msk0 and msk1 (port 4 and 5) as bridge and let the port 1 and 2 as WAN/LAN. I enable a firewall rule to permit all, but isnt not forwarding nothing from one port to another.
Anyone are using bridge mode on pfsense 1.2.3?
-
Anyone are using bridge mode on pfsense 1.2.3?
I have a wireless NIC bridged to LAN and it works very well.
I don't understand your configuration. You have msk0 bridged to msk1?, msk0 bridged to LAN?
What is connected externally to msk0 and msk1?Firewall rules apply on the input side of an interface so saying you have a firewall rule to permit all doesn't really provide enough information to be useful.
It would probably help if you explained what you want to do. A configuration diagram would help that explanation.
This discussion probably belongs in a new topic.
-
Hi,
Just bought an x700 off ebay. I booted the pfsense live cd on a vmware fusion guest, with a 2GB CF card in a usb reader. Installation was successful, tried first without boot loader and second time with boot loader.
Trying to boot the CF card on a laptop, but after mountroot> prompt I get uptime - then automatic reboot.
Here's the terminal:panic: Root mount failed, startup aborted.
cpuid = 0
uptime: 11s
Cannot dump. Device not defined or unavailable.
Automatic reboot in 15 seconds - press a key on the console to abort
–> Press a key on the console to reboot,
--> or switch off the system nowWhat might be the problem here? Someone suggested editing /etc/fstab, wouldnt I need to edit the equivalence of Linux/GRUB menu.lst?
Looking at the data, /etc/fstabs root filesystem was ad1s01, on the firebox it's likely to be ad0s1a? And this is probably why the laptop won't boot it, cause it has a hdd and cd so the CF is more likely ad2 there?
-
Why not just download the embedded image and write it to the compact flash card?
http://doc.pfsense.org/index.php/HOWTO_Install_pfSense#Embedded_.28Compact_Flash.29_Installation
Steve
Edit: I may have misunderstood your problem here. ;)
-
Appreciate all the information on this; I just bought an x700 to try and hack pfsense onto it.
When I turn the firewall on, the red and orange lights stay on constantly and there is a bar of black boxes on the top line of the lcd.
it never reaches the booting stage. i tried with the original CF card and the pfsense formatted laptop drive
is my firewall fried?
-
The orange, power, led and the red, unarmed, led stay on thats correct. The unarmed led is supposed to turn green when the system has booted correctly with the original OS. No one has ever figured out the correct command for bsd so pfsense doesn't do that, yet!
The lcd is written by the bios during boot so if it's only showing bars that's not good.
Try clearing the CMOS.Steve
Edit: I figured out the arm/disarm led! ;D Check it out here.
-
thanks for the input.
i popped out the cmos battery for 30s-1min and then stuck it back in.
when i power on the 10 and 100 lights flash green for a millisecond on the last port, the red and orange ones turn on and it stays with the black bars
does it need an ethernet connection to post?
any other way to clear the cmos? is there a cmos reset pin?
-
I don't actually have one of these to hand anymore and my memory is a little vague. ::)
I think that the ethernet port leds are driven directly such that they should light to indicate a link even of the board hasn't posted. Try connecting a PC or a switch, at least then you'd know if the board is powering up at all.
Have you tested the cmos battery? Usually after a reset the board will automatically boot into the bios so you can set it up. Without a pci graphics card or console redirection you wouldn't know that is happening. If the battery is flat it will do that on every boot!
It could be just the screen that's broken. It could be a faulty PSU (only one rail). Try swapping it for a standard atx if you have one.
If the battery is good then I'd try re-seating all the components including the cpu. The board requires the cpu and some ram to post.Steve
-
Folks,
I've been following this large thread for quite some time now. I have a few posts a few pages back, where I commented on the fact that I aquired one of these boxes and tried pfsense. Of course, I got the timeout errors.
Today, I decided to try again with the latest 2.0 build (1/1/11). Low and behold, no timeouts!! The box has had an uptime of 9 hours with 4 ports (interfaces) configured as well as 3 or 4 IPSEC tunnels. It's also being used in production with no timeouts showing in system.log. The only issue I had was that I needed to remove the crypto card for IPSEC traffic to pass. No idea why, however I'm not too bothered as 1.2Ghz is plenty for me.
Have the watchdog timeouts been fixed, and are these cheap boxes excellent little pfsense gems?
-
Have the watchdog timeouts been fixed, and are these cheap boxes excellent little pfsense gems?
If that's true then it's great news. However I wouldn't get your hopes up just yet. Reading back through this and other threads on this issue, people have seemingly solved the timeout problem before only for it to come back after some time.
Have there been any changes to the re driver recently?Steve
-
If that's true then it's great news. However I wouldn't get your hopes up just yet. Reading back through this and other threads on this issue, people have seemingly solved the timeout problem before only for it to come back after some time.
Have there been any changes to the re driver recently?
SteveThere have not been changes to the driver, but rather in the way that pfsense 2.0 works.
By disabling device polling, hardware checksum offload, hardware tcp segmentation offload and hardware large receive offload, as well as changing the system tunables net.inet.tcp.tso and hw.bce.tso_enable to 0, watchdog timeouts are a thing of the past.Except for one situation: When accessing the webgui on a macbook pro over a 2.4ghz wirelss N connection coming from a first generation Apple time capsule, timeouts are thrown up.
Attempts to replicate this through other wireless base stations, different connections and different devices have failed, which leads me to believe that this is a different issue entirely.
That laptop is never used for accessing the webgui, so it is irrelevant to me.As usual, ymmv of course.
Edit: typo, shuffle sections
-
There have not been changes to the driver, but rather in the way that pfsense 2.0 works.
By disabling device polling, hardware checksum offload, hardware tcp segmentation offload and hardware large receive offload, as well as changing the system tunables net.inet.tcp.tso and hw.bce.tso_enable to 0, watchdog timeouts are a thing of the past.Are you saying that these things are changed by default? I haven't touched any of those settings.
BTW, I don't have access to the serial console. If timeouts were being thrown, where would I see them? In system.log?
I've had the traffic graph up all night and no matter what I do, I have yet to see one timeout with this build. Even Windows CIFS transfers work between interfaces