OPNsense Forum

English Forums => Hardware and Performance => Topic started by: bdario on October 21, 2021, 07:58:20 am

Title: OpnSense on WatchGuard
Post by: bdario on October 21, 2021, 07:58:20 am

Hello folks,
I just got a couple of firewall WatchGuard XTM 810 and my target is to install OpnSense on it.
Tooking a look on google i found a treat regarding Pfsense so I decided to ask you for a help:
Is there a way to install OpnSense on WathGuard?
Can someone explain me (better if step by step) how can I do?
Thanks so much for your precious help.
Kinds regards.
Dario

Title: Re: OpnSense on WatchGuard
Post by: estragon on February 02, 2022, 08:07:50 pm

Hello,

i have a XTM-870 and works with pfsense until 2.4 than go on opnsense and was ok until 21.7 but the 22.1 can't be installed for the moment. It's a APEI probleme, but tray to found a solution.

Your machine is from LANNER FW-8758 familly (you can found intresting manual on it).

1/ i have install a vga connexion
2/ flash a CF card with OS to install
3/ go on bios to boot on it
and works for me (until the new freebsd problemes .... until 12.1 ok, but all after versions are for the moment ko e work around is to set in boot loader hint.apei.0.disabled=1)

best regards

Title: Re: OpnSense on WatchGuard
Post by: lilsense on February 05, 2022, 09:38:16 am

Here's a YT vid on installing OPNSense on watchguard XTM 5, so I would not think it will be much different...

https://www.youtube.com/watch?v=tetolRGMImM

Title: Re: OpnSense on WatchGuard
Post by: dennis_u on August 31, 2022, 02:21:28 pm

Were you able to install it?

I put a CF card into the Watchguard XT 810. The console output stops in the moment of the loaded kernel. The machine boots, since I can here the melody. But I cannot go any further.

//edit: the serial speed is set to 115200, I can see the BIOS prompts.
//edit2: the install process was possible via SSH. LAN interface was chosen as WatchGuard Interface 0. The serial port is still not usable. The LCD prompts something with BIOS...

Title: Re: OpnSense on WatchGuard
Post by: Neloas on September 05, 2022, 02:29:44 pm

Have you done any throughput testing on this? This really has me interested especially if it can handle 1Gbps symmetrical

Title: Re: OpnSense on WatchGuard
Post by: dennis_u on September 06, 2022, 08:39:14 pm

Quote from: Neloas on September 05, 2022, 02:29:44 pm

Have you done any throughput testing on this? This really has me interested especially if it can handle 1Gbps symmetrical

Once we replace the single gateway with the cluster, I'll run an iperf test and share the results.

Title: Re: OpnSense on WatchGuard
Post by: dennis_u on September 15, 2022, 03:08:27 pm

as promised:

Code: [Select]

sysadmin@server1:~$ iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size:  128 KByte (default)
------------------------------------------------------------
[  1] local 10.10.26.10 port 5001 connected with 10.10.26.2 port 35810
[ ID] Interval       Transfer     Bandwidth
[  1] 0.0000-10.0109 sec  1.04 GBytes   892 Mbits/sec
[  2] local 10.10.26.10 port 5001 connected with 10.10.26.2 port 14193
[ ID] Interval       Transfer     Bandwidth
[  2] 0.0000-10.0022 sec  1005 MBytes   843 Mbits/sec
^CWaiting for server threads to complete. Interrupt again to force quit.
^Csysadmin@server1:~$ iperf -s -w1K
WARNING: TCP window size set to 1024 bytes. A small window size
will give poor performance. See the Iperf documentation.
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 2.25 KByte (WARNING: requested 1.00 KByte)
------------------------------------------------------------
[  1] local 10.10.26.10 port 5001 connected with 10.10.26.2 port 24734
[ ID] Interval       Transfer     Bandwidth
[  1] 0.0000-10.0310 sec  28.0 MBytes  23.4 Mbits/sec

^Csysadmin@server1:~$ iperf -s -w64K
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size:  128 KByte (WARNING: requested 64.0 KByte)
------------------------------------------------------------
^Csysadmin@server1:~$ iperf -s -w400K
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size:  416 KByte (WARNING: requested  400 KByte)
------------------------------------------------------------
[  1] local 10.10.26.10 port 5001 connected with 10.10.26.2 port 36810
[ ID] Interval       Transfer     Bandwidth
[  1] 0.0000-10.0047 sec   946 MBytes   793 Mbits/sec

Copy of 3 GB file with random data via SSH:

Code: [Select]

sysadmin@perfbox:~$ scp large_file sysadmin@server1:~
sysadmin@server1's password:
large_file                                                                                                             100% 3000MB  36.8MB/s   01:21   
sysadmin@perfbox:~$ scp large_file sysadmin@server1:/dev/null
sysadmin@server1's password:
large_file                                                                                                             100% 3000MB  36.4MB/s   01:22   

Test setting: Perfbox is a small flexible wearable box, server1 is a virtual machine. The is only one hop between both (the OPNsense of course). The OPNsense itself is quite vanilla, no IPS or similar services are started.

edit:
Another test with IPS enabled:
Drop down to 660 to 750 Mbits/sec (top output is attached)
/edit

============
Overall rating:
- the LCD plugin works great
- the fans are noisy
- the interface assignment are odd (no alignment between outside labels and emX).
- shutdown is not possible, it reboots
- the serial is not working after the OPNsense kernel boots (the BIOS is visible).