Main container

Archive for the ‘Hardware’ Category

Clock Signal Component Issue

Netgate has become aware of an issue related to a component manufactured by one supplier that affects some of our products. This is a widely-used component that is used by many companies around the world.

There is a lot of confusion and misinformation on the subject, and most systems will never experience the issue.  Those that do will not suddenly stop working, but if the component fails, the system will not successfully reboot. We are working with the component supplier and our manufacturing partner to resolve this issue as quickly as possible.

Although most Netgate Security Gateway appliances will not experience this problem, we are committed to replacing or repairing products affected by this issue for a period of at least 3 years from date of sale, for the original purchaser.

A board level workaround has been identified for the existing production stepping of the component which resolves the issue.  This workaround is being cut into production as soon as possible after Chinese New Year.  Additionally, some of our products are able to be reworked post-production to resolve the issue.

We apologize for the limited information available at this time. Due to confidentiality agreements, we are restricted in what we can discuss. We will communicate additional information as it becomes available.

As always, please be assured we will do the right thing for our customers at Netgate and the pfSense community.

I’ve got 99 problems, but a switch ain’t one.

If you’re havin’ loop problems I feel bad for you son, I got 99 problems but a switch ain’t one.

The SoC used for the SG-1000 (also known as “uFW”) includes an on-die 3 port gigabit Ethernet switch.   By leveraging VLANs, it’s possible to build a ‘router on a stick‘ on one board.  In order to make this switch as functional as possible, we decided to leverage the FreeBSD etherswitch(4) framework.  Support for the on-die switch on SG-1000 was directly upstreamed to FreeBSD in revision 309113.

Support for this framework then needed to be added to pfSense.   First support was added to the PHP module that provides the glue layer between FreeBSD and PHP via a series of commits. Here are two of them: 1 2. Once this was done, we could start designing the components of the web GUI. Switch_system.php shows which switches are attached to the system.  It has no controls.

pfSense_localdomain_-_Interfaces__Switch__System

Switch_ports.php show the ports available on the selected switch. Since the SG-1000 only has one switch, the selector that allows you to choose which switch you are looking at is hidden.

pfSense_localdomain_-_Interfaces__Switch__Ports

Multiple switches attached to one firewall causes a selector to appear so you can choose which one to work on.  Obviously there is only one switch on the SG-1000, but I’ve faked things here (“cd /dev: ln -s etherswitch0 etherswitch1”) to show the selector, and in order to show that we’re “thinking forward”.

pfSense_localdomain_-_Interfaces__Switch__VLANs (1)

The VLAN page allows you to view/create/edit a VLAN.

pfSense_localdomain_-_Interfaces__Switch__VLANs

Switch_vlans_edit.php allows you to create or edit a VLAN. Clicking on any port in the “Available ports” column adds it to, or deletes it from the “members” list.  While we accommodate up to 128 ports, this is a SG-1000, so there are only 3 ports to choose from.  There is some pretty fancy jQuery in this page.

pfSense_localdomain_-_Interfaces__Switch__VLANs__Edit

The SG-1000 is not the only product we have coming that has built-in switches. Here is a sneak peek at another.

IMG_8956 3

The systems you see in this photo are a Broadwell-DE with either 6 x 10G on SFP+ on top (bcc-1) or 16x1G on RJ45 (with 2 10Gbps uplinks), plus 4 x 10G on SFP+ on bottom (bcc-0).  Both systems additionally have 2 1Gbps Ethernet ports on SFP, as well as redundant power, 2 x M.2, miniPCIe 4 x SATA3 as 2.5″ drives, and a PCIe 3.0 x16 slot for expansion.  Both of these have QuickAssist cards installed, enabling high-speed encryption and compression, but bypass NICs (for IDS/IPS) will likely prove popular as well.

Both also contain a “uBMC“, which is remarkably similar to the SG-1000, and runs pfSense with support for our coming (but unannounced) remote management product.  In fact, the germination of the SG-1000 occurred because of uBMC.  We noticed that a lot of people (including us) use pfSense to control access to the IPMI/BMC ports on their servers in colocation, so we thought, “Why not put pfSense in the BMC?”

Of course, since pfSense software is open source, this means that you’re no longer beholden to your IPMI vendor for security patches and updates.  More details on those systems, uBMC and the remote management product will be provided in future posts.

 

Five Things to Know About pfSense

(1) The pfSense store now sells hardware! Working with various manufacturers, we’ve put together a wide range of throughly-tested pfSense appliances that are bundled with 1-year of support. Go to the store for more information.

(2) The pfSense team now does professional services. This includes penetration testing, CARP configuration, network design, conversion from your old firewall to pfSense, and systems/infrastructure install. Please see our professional services page for more information.

(3) There’s only one place to get official pfSense Training. Our August class is full! Our next class is September 5-6 in Austin, Texas! Use coupon code BBC425FF for an instant $500 discount! Details are at pfSense University

(4) pfSense Gold is our premium membership subscription program, designed to provide special benefits to our members while supporting ongoing development of the Open Source pfSense project. The membership is a great way to enhance your ownership of one of our appliances with access to the official pfSense book, monthly on-line meet-ups, and more! Get more info here!

(5) Anyone purchasing a support-eligible product in the month of AUGUST will receive a coupon code for a FREE one year subscription to pfSense Gold (a $99.00 value). Eligible products include the VK-T40E pfSense® Firewall Hardware Appliance, C2758 1U pfSense® Firewall Hardware Appliance, and our latest offering, the FW-7551 pfSense® Firewall Hardware Appliance. Just e-mail your invoice from the store after purchase to help [at] pfSense [dot] org to request your code!

Head on over to the pfSense store and get yours today.

New Hardware!

Gotcha!

At NEW-HQ (Netgate / ESF World HQ), we are makers of both hardware and software. We also sell hardware.

Someone has to assemble and test the hardware we sell, and that involves powering up each system in order to test it.

In order to make the process smoother/faster, we’re building a little controllable power-board. You can think of this as a serial-controlled power strip, but its a wee bit more sophisticated than that. The hint about it’s future uses is in the mis-match between the fuses mounted in the laser-cut acrylic and the number of pads for the solid-state switches.

The micro-controller used here is an Atmel ATMEGA328P, the same as your garden-variety arduino. While we’ve been working on porting pfSense to smaller systems such as the Ubiquiti Edge Router Lite, I doubt we will ever make pfSense run on anything as small as the atmega328.

1973867_4277426871665_4255041075847735915_o

10285759_4277425831639_4836257664819236890_o

This is really Jeremy’s project, I’m just reporting on it. More when it’s finished. Enjoy the photos.