Netgate SG-1000 microFirewall

Author Topic: Watchguard XTM505 & AES NI  (Read 233 times)

0 Members and 1 Guest are viewing this topic.

Offline Mat1987

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Watchguard XTM505 & AES NI
« on: December 06, 2017, 03:24:26 am »
Hey All

I was looking at buying two watchguard XTM 505 last night then came across AES NI in 2.5 which looks like XTM505 do not support.  So first of all shame but 2nd of all is there anything for around 125 i can buy that is as sleek as a watchguard unit to support AES NI?

Mat
« Last Edit: December 06, 2017, 04:44:09 am by Mat1987 »

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1759
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: Watchguard XTM505 & AES NI
« Reply #1 on: December 06, 2017, 08:47:16 am »
Why shame?

https://www.netgate.com/blog/more-on-aes-ni.html

I for one think it is a good move.

My XTM5 was brand new when I got it and it has done pfSense duty ever since. I figure its got three good years to go if I care about keeping up with the latest. But that gives me plenty of time for an upgrade path.

One of those paths will entail contacting Lanner to ascertain if they have a replacement motherboard (that will fit the box) which has AES-NI.. 
P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com

Offline Mat1987

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: Watchguard XTM505 & AES NI
« Reply #2 on: December 06, 2017, 09:11:01 am »
I just dont want to spend money and have to worry about upgrading.

I run my current pfsense on vmware and i noticed it is AES NI ready so i will just use that and add an additional box with carp as a fail over.

Mat

Offline diesel678

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Watchguard XTM505 & AES NI
« Reply #3 on: December 07, 2017, 05:16:59 am »
Yes requiring AES NI means all older units like X700, X750e core-e boxes and XTM boxes will no longer be able to update. another annoying step after recently removing NANO bsd images!!

Offline Mat1987

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: Watchguard XTM505 & AES NI
« Reply #4 on: December 08, 2017, 04:44:52 am »
Yes requiring AES NI means all older units like X700, X750e core-e boxes and XTM boxes will no longer be able to update. another annoying step after recently removing NANO bsd images!!

All watchguard box apart from the new M models and there mega money. :(

Offline diesel678

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Watchguard XTM505 & AES NI
« Reply #5 on: December 10, 2017, 07:38:32 am »
Yes its a shame XTM 5 will no longer support updates because it was a great little box for pfsense

Offline dlucas46

  • Newbie
  • *
  • Posts: 15
  • Karma: +4/-0
    • View Profile
Re: Watchguard XTM505 & AES NI
« Reply #6 on: December 10, 2017, 08:16:10 am »
Yes requiring AES NI means all older units like X700, X750e core-e boxes and XTM boxes will no longer be able to update. another annoying step after recently removing NANO bsd images!!

All watchguard box apart from the new M models and there mega money. :(

The units to look for as an upgrade are going to be M400/M500 as they use FCLGA1150 sockets.
The CPU IN both units would need to be replaced as the installed one's do not support AES but plenty of 1150 CPU's do support it.
However until somebody gets one and opens it up we will not know how well it has been locked down or even what the motherboard looks like.
I have seen them on eBay UK occasionally but they are normally selling for near a 1000. I am just hoping that by the time 2.4 is EOL these units will have come down in price quite a bit since they would be nearly 10 years old by then.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11914
  • Karma: +468/-15
    • View Profile
Re: Watchguard XTM505 & AES NI
« Reply #7 on: December 10, 2017, 10:17:57 am »
Just to be clear 2.4 will still be supported for a year after 2.5 is released and that's not happening for a good while yet.

So if you have one of those already you're looking at maybe close to 2 years before you need to upgrade.

If you're looking for hardware to use longer than that do you really want to be buying something with a CPU from 2007? (the original XTM5)

The reasons to use a Watchguard box were that they were very cheap for a rack-mount unit with a lot of interfaces. Plus, for me at least, there was fun to be had poking at the hardware but still for minimal outlay. If you have access to a box that would otherwise be discarded as they are end of life they still make a great introduction to pfSense but if you're spending serious money it's probably time to consider what you're spending it on. Most of those boxes cost a fortune when new but most of that was software licensing and you're not getting that when you buy from ebay.

Steve