I have received a checkpoint firewall that has 2GB of ram and running a D525 CPU. I was thinking what can i do with it. Then i start doing the project that has been in my mind for a long time, which is to use FreeBSD as a firewall.

There is a main purpose of using FreeBSD is I want to use it as a bandwidth control device. Therefore, I start setting up the FreeBSD firewall before I get into the bandwidth control. Long story short, let s dive into the headless FreeBSD installation.

The device I have is a regular x86 machines. It does not have VGA port, but it has 6x 1Gbps network ports, 2x USB ports and 1x console port. I will use a USB stick for installing the FreeBSD and use the console port to manage it. I will be using i386 image for this installation in this case. The steps below was using FreeBSD 11 as the demo.

Components:
– 1x USB flash drive
– 1x FreeBSD installation media (memstick.img) (FreeBSD 11 )
– 1x device with console port (a check point firewall in my case.)
– 1x a device that runs FreeBSD. (this is to amend the boot/loader.conf)

Steps:
1. Download the installation file from the official web site. (https://www.freebsd.org/where/)

2. Prepare the installation file into the USB flash:

2.1. Insert the USB flash into the FreeBSD desktop.

2.2. Locate the USB flash drive in the computer
– #cat /var/log/messages
– the USB flash drive is da0


2.3. Copy the installation file into the USB flash:
– # sudo dd if=FreeBSD-1X.X-RELEASE-i386-memstick.img of=/dev/da0 bs=1M conv=sync status=progress

2.4. Amend the /boot/loader.conf.
Normally, the USB flash can be used for the installation now. Since we will be using console for setup, we will have to mount the USB flash to let us run the installation over the serial console port as an additional step.

2.4.1. to mount up the USB.
– # ls /dev/ | grep da0
– # mkdir /tmp/123
– # mount /dev/da0s1a /tmp/123/

2.4.2. to amend the boot/loader.conf with the following.
– # vi /tmp/123/boot/loader.conf

boot_multicons=”YES”
boot_serial=”YES”
comconsole_speed=”9600“
# suggested to use 115200 as the speed is faster, but the bios is 9600 and somehow it fails on me when i set to 115200. Then i have set it to 9600 to allie with the bios setting.
console=”comconsole,vidconsole”
# the config below should be the expected result afterward.



2.4.3. to save the file and exit from vi by using :wq

2.4.4. to umount the USB.
– # umount /tmp/123/

2.5. to unplug the USB flash and insert it to the device where you want to install the FreeBSD.

3. To process the installation as usual.

3.1. At the end of the installation, there is a pop up for “Manual Configuration”, Click “YES” in this step and go to the /boot/loader.conf.

3.2. Apply the settings below to allow the box being managed via serial console port.
boot_multicons=”YES”
boot_serial=”YES”
comconsole_speed=”9600“
# suggested to use 115200 as the speed is faster, but the bios is 9600 and somehow it fails on me when i set to 115200. Then i have set it to 9600 to allie with the bios setting.
console=”comconsole,vidconsole”
3.3. To apply the reboot after the amendment.

As a newbie, this is the newbie way to setup a headless machine.

Technical challenges:
1. I found that Ubuntu cannot edit the /boot/loader.conf as it cannot be mount or shown the content. I have to end up using either a virtual FreeBSD box or Juniper SRX firewall to edit this file.
2. I was trying to use 115200 speed for the console, but when I set it to 115200, the installation screen somehow is not showing correctly. The check point firewall is using 9600 by default. I cannot change the speed of it in the bios. I was using minicom in Ubuntu to talk via the console.
I have done the following attempts.
2.1. to set the minicom at 115200 and load the USB with 115200 in loader.conf. To connect the console and boot the firewall. (not working as characters are not showing correctly)
2.2. to set the minicom at 115200 and load the USB with 115200 in loader.conf. To boot the firewall and conect the console. (not working as characters are not showing correctly))
2.3. to set the minicom at 9600 and load the USB with 9600 in loader.conf. To connect the console and boot the firewall. (working)

Reference:
https://forums.freebsd.org/threads/installing-freebsd-over-serial-console.62005/