Now that pfSense is running on your WatchGuard firewall, it is time to control the fans. By default, the fans run at full speed resulting in a firewall that sounds like it’s getting ready for take off! Thankfully, the community has written a tool – WGXepc – that is able to control the fan speed, report temperatures, and control the status LEDs on the WatchGuard 1U appliance.
Installing WGXepc
Here’s a quick video explaining how to install WGXepc and quiet the fans down
For your reference, these are the needed commands. SSH into pfSense (ssh@[your-firewall’s-IP] port 22, login (user:root password: [admin password] is default), and select option 8 for shell access)
/etc/rc.conf_mount_rw
fetch -o /conf https://sites.google.com/site/pfsensefirebox/home/WGXepc
chmod 0755 /conf/WGXepc
cd /conf
./WGXepc -f 10
After you are done, you should re-mount to read-only by typing /etc/rc.conf_mount_ro . Flash memory can only tolerate a finite number of read/write cycles before it wears out; mounting as read only protects your compact flash card.
Note that while the fan speed I recommend above is the hex value 10, the slowest fan speed that should be selected in the BIOS is BB which is much faster. Stability problems have been reported when using the BIOS to slow down the fans; WGXepc does not have these limitations.
(Automatically) Controlling the Fan Speed at Boot
The previous commands installed WGXepc on the WatchGuard and successfully slowed the fans down. However, these settings are temporary and the fans will return to full speed the next time the firewall is restarted/rebooted. We can fix this one of two ways: Option A involves installed a script to automatically control the fan speed based on CPU temperature while Option B is “dumb” and simply forces the fans to a slow speed at boot. Option B is accomplished by installing a plugin called “shellcmd” and having the necessary commands run at boot time. I recommend Option A as it is much safer than B.
[Option A] Install Automatic Fan Speed Control Script
Several members at the pfSense forums have worked on an automatic fan control script – many thanks go out to Steve and wwwdrich! I have taken wwdrich’s latest script and modified it to work with the WGXepc location above; you can grab it here: https://www.hexhound.com/files/fanctrl-new.zip
Install by running the following commands:
/etc/rc.conf_mount_rw
fetch -o /usr/local https://www.hexhound.com/files/fanctrl-new.zip
cd /usr/local
tar -xzf fanctrl-new.zip
touch /etc/rc.conf.local
vi /etc/rc.conf.local
Press “i” once, then type “fanctrld_enable=”YES” ” with the YES in double quotes. Press escape, then the colon : and type “x”, then press return to save and exit. Sorry, this step can be a little advanced if you’re not used to VI.
Reboot and you should be good to go!
NOTE: If you don’t reboot, run /etc/rc.conf_mount_ro to set the file system back to read only.
[Option B] Install shellcmd
Begin by opening the pfSense web console and navigating to System -> Packages.
Select the “Available Packages” tab.
Scroll down until you see “shellcmd” in the name column (leftmost column), then click the floating “+” on the right
Click “OK” when prompted to install the package. You will be redirected to the package installer tab. (NOTE: I already have shellcmd installed and used “Notes” for the screenshot.)
With shellcmd installed, select it from the Services -> Shellcmd menu.
Click the “+” to add a new command.
Change the type to “shellcmd” and enter “/conf/WGXepc -f 10” to hold the fan speed at 10 at boot. Commands entered here act the same as being typed on the console and are automatically run at boot. Click “Save” when done.