November 5, 2023 16:22
What?
I recently got some old firewalls - the “Rhode & Schwarz GP T-10” (they are even still oficially supported by the latest software release by the manufacturer!). These are embedded devices build to be deployed in workshops (or any other harsh environment) and are therefore fanless designed. They are also very small and have a very low power consumption. The hardware is quite old, but still more or less capable for a firewall. The only problem is, that the operating system is not open source and therefore not very flexible. So I decided to replace the operating system with OPNsense.
Replace the Operating System
Open it up
The box contents - firewall, cables (LAN, serial) and a quick-start guide.
The device from the front, with 2x SFP, 5x 1GBE, 2x USB 2.0 and one RS-232.
The right side: The redundant power connector. Remove the marked screws.
Because the the firewall does not come with an included power supply, you should by a cheap AC/DC adapter (24V, 3A) and cut off the connector. Then you can connect the power supply to the firewall using the left DC IN port. The power supply is not included, because the firewall is designed to be powered by a redundant power supply (e.g. in a server rack)… Also try not to flop the polarity, because the device does my not like it.
The back side: The hut-rail connector. Remove the marked screws.
The left side: Remove the marked screws.
One screw is under the “security”-sticker. Just ensure it is warmer than 30°C and you can remove it without damaging it.
The inside - a custom mainboard with the soldered CPU, modular RAM and SATA-SSD.
There is also a VGA-header on the board available, but I have never figured out what the correct pinout is…
The bottom: Some heatsinks and the SSD!
What a disappointment: Where did they find 32GB SSDs?!
Operating System Selection & Flashing
Let’s choose the correct variant of OPNsense. Because the UEFI-BIOS is locked with an unknown password, we are not able to use an own EFI-bootloader, because we can’t enroll the keys. But the original OS did not support EFI-boot anyways, so we just have to flash an own MBR-legacy system. The OPNsense nano
-edition (for amd64
) is perfect for that. Just grab the image from their website, extract it and flash it to the SSD. Do not worry if your OS does not recognize the partitions on the SSD, they will be expanded during the first boot. I personally just used the gnome-disk-utility
because it is easy to use and available on most Linux distributions.
Then make sure that the SSD is properly written by ejecting it with the eject
command or the GUI. Then you can put the SSD back into the firewall and close it up again.
Debian should also be able to run on the hardware, as it is generally better compartible than FreeBSD (base of OPNsense). I think you can also use the Debian netinst
-image to install on the firewall - especially if you use an USB-stick to boot, as the boot-selection is not locked (and the BIOS will drop into an EFI-shell if it has no boot device anyways). I assume you’ll have to install via serial due to the lack of a VGA-output (see here), but I have not tried it yet.
Performance
Well, as I’ve said the CPU (an Intel Atom Processor N2600) is not very fast and is somewhat limited in expandability (only up to 2GB RAM). Also, as the SFP-interfaces are limited to 1GB/s, you can’t expect to get more than that throughput. In reality the system will be able to handle around 700MBit/s of burst-traffic and then it will clock down due to thermal throttling and limit the throughput to around 300MBit/s. Not very impressive… Maybe the BIOS has some settings for better performance, but I have not found a way to unlock it yet - the password is compiled into it and can’t be reset using the jumper on the boards or by removing the battery.
Some Internals…
Here are some more shots of the inside…
Pre-Installed RAM Sticks: 2GB DDR3
Unpopulated express card (?) connector
The mainboard…
Closing words
Well, I’ve got the firewall for free, so I can’t complain about the performance. But I would not recommend to buy one of these devices, as they are quite old and not very powerful. But if you have one laying around, you can use it as a low-power firewall or a router. 🤷♂️