WatchGuard – pfSense – Tweaks

Continued work on improving pfSense running on my Watchguard x550e/x750e/x1250e firewalls. I got the x750e firewall nicely mounted at the utility board where my internet connections arrive at home.

Though I ran into an issue mounting the firewall due to its depth. The standard bracket was not long enough to fit the firewall with the power cable protruding out the back. I ended up picking up a 90 degree cable that just made it fit.

Had the firewall running for a while now and during this time I’ve worked on it a bit more. There’s a known issue with the MSK interfaces timing out under pfSense 2.0. I’ve experienced MSK failure twice since installing 2.0. I’ve since upgraded to 2.1 Beta and so far it’s been stable. Was pretty happy about the fact that all I had to do to upgrade to 2.1 was to backup the config from 2.0 and simply restore it on 2.1 once I wrote out the new 2.1 image to the compact flash card.

In the meantime I also implemented a few more tweaks to all the firewalls.

Throttle down CPU
Enabled PowerD in System->Advanced->Miscellaneous. This however caused a flood of errors in the log and console when the system was attempting to throttle down the CPU.

kernel: timecounter TSC must not be in use when changing frequencies; change denied
kernel: timecounter TSC must not be in use when changing frequencies; change denied
kernel: timecounter TSC must not be in use when changing frequencies; change denied
kernel: timecounter TSC must not be in use when changing frequencies; change denied

This was easily fixed via a new tunable under System->Advanced->System Tunables.
Added a new tunable.
Tunnable Name: kern.timecounter.hardware
Value: i8254
Then rebooted the firewall.

Throttle Fans / Change Armed LED
Another great tweak was the Fan Throttle mod. The firewall is fairly loud with the fans running at 100%. This can be resolved thanks to the people on the pfSense forums. The program to control the Watchguard fans (and LED) is called WGXepc

Simply upload the file to the firewall. I used the File Manager package to upload the file to /tmp. One word of warning, by default the file system on the nanobsd build is set to read only. It has to be made writable by executing:

[2.1-BETA0][admin@aura.olympia.local]/tmp(4): /etc/rc.conf_mount_rw
[2.1-BETA0][admin@aura.olympia.local]/tmp(5):

One the file has been uploaded to /tmp

[2.1-BETA0][admin@aura.olympia.local]/(7): cd /tmp
[2.1-BETA0][admin@aura.olympia.local]/tmp(8): gunzip WGXepc.gz
[2.1-BETA0][admin@aura.olympia.local]/tmp(9): copy WGXepc /home
[2.1-BETA0][admin@aura.olympia.local]/tmp(10): cd /home
[2.1-BETA0][admin@aura.olympia.local]/home(11): chmod +x WGXepc

To add the automatic fan throttle to bootup process execute the following script. The value can be anywhere between 00 and FF (hex 0-255).

[2.1-BETA0][admin@aura.olympia.local]/home(12): echo "/home/WGXepc -f 30" >> /etc/rc.local

Lastly it would be nice to change the Armed LED to green when bootup is complete.

[2.1-BETA0][admin@aura.olympia.local]/home(13): echo "/home/WGXepc -l green" >> /etc/rc.local

Functional LCD
Also got the LCD working on the unit. This was actually quite simple simply install LCDProc and LCDproc-devel packages and configure as follows.

There is an issue currently with this as on reboot the processes do not correctly start in the proper order and cause the package to crash. The solution right now is to simply manually start the service once the firewall has completed booting.

3 thoughts on “WatchGuard – pfSense – Tweaks

  1. Pingback: >How to install pfsense 2.0 on a Watchguard x750e Core | PracticalKungFu.net

Leave a Reply