I've managed to acquire one of these devices for cheap recently.
It is (like most appliances of gateprotect lineup, apparently) just a x86 system with a normal BIOS, redirected to a console port that follows Cisco rj-45 standard (the "ethernet port" connector used to carry RS-232 serial port). default serial port speed for BIOS and stock firmware is 9600, all other settings are the usual defaults for serial. You can change this value in BIOS to 115200, no problem
The "firmware upgrade" sequence for their appliances is literally booting from a USB that was prepared with their windows tool (that installs their Linux OS on it), so it should be very easy to take over any other gateprotect device and install OpenWrt.
Just check the firmware update instructions for the device you want to buy to make sure this is still correct.
Now, back to the GPO 110.
It has a single core CPU, an AMD T24L, so no AES-NI
2 GB of DDR3 RAM on a SO-DIMM socket (standard laptop RAM modules), it can take up to 4 GB modules, no problem. (I don't see why you should need more than 1GB on this device anyway)
There are 4 ethernet ports on the back, each provided by a Gigabit Realtek controller
There are 2 USB 2.0 ports, on the back
The board has a Sata port with a 16Gb Sata DOM (a small and slow SSD for industrial applications), where the stock "firmware" is written.
There is also a compact flash card slot.
The unit becomes warm when in use and there is a small (but very quiet) fan on the side that keeps it from overheating.
There is a PCIe slot on the board but there is no space in the case to use it (I'm not sure it has PCIe lanes connected or if it is just a proprietary interface using a PCIe physical connector)
The BIOS interface is fully featured, it also has UEFI boot and secure boot settings with key management (which is enabled by default and must be disabled to allow boot from something that is not the default OS).
The device is using around 12w when powered on.
The chassis is sturdy metal, painted a nice red color and easy to open (there are just three screws, two on the sides and one under a "warranty void" sticker)
dimensions of this device are 17x11x5 cm so it is pretty compact
routing performance is decent, even if the CPU is garbage by x86 standards it manages to push around 920 Mbit on OpenWrt (practically gigabit speed, which is around 950 Mbit in practice), and 750 MBit/s on pfSense. CPU load on OpenWrt goes up to 90% when doing this, and 100% on pfSense.
Final verdict: it's not amazing, but it's at least useful for basic use or Gbit routing. If you can get it for cheap it's ok. For more than 50 euro you can probably find a lot better like PC Engines APU1 that have at least the quadcore CPU of the same generation.
Being a mostly german firewall appliance company, their used hardware is more common from german sellers.
So if you are in germany you can probably get good deals on more powerful used appliances from gateprotect you can repurpose
I just did a quick check via google: on the first two pages of the searchresults I was not able to spot a cheap source for this device in Germany. Nothing either in .cz and .jm. Found on ebay.de for 200€ (yuck!).
Even in Germany this device seems to be hard to find.
My main point with that statement is that it seems all their firewall devices are just x86 PC hardware so this is just the tip of the iceberg, you can get any other of their appliances and it will most likely be a x86 PC with a BIOS that is booting from a DOM. Just check the firmware upgrade procedure for the appliance and if it tells you to make a flash drive and boot from it to install it over serial console, it's most likely similar to this device and you can just boot whatever you want
Thanks a lot for these hints (also the simplewan and sophos ones), it's providing quite some food for thoughts.
In practice it sadly appears to be quite a minefield as well (unclear model names, opaque hardware specifications, vastly different hardware revisions, etc.), with a lot of luck and persistence necessary as well. At least in continental Europe, the interesting models appear to be rather scarce and relatively high priced, with quite some not so nice surprises in the hat (power consumption for the older ones, slow first- and second generation Atom SOCs and the fun with the Atom c2000/ Avoton series of CPUs). Still, chosen wisely, there appear to be real gems among these options.
--
Personally, I am idly looking for something slightly better than the APU2 series, potentially capable of 1 GBit/s line-speed with SQM (don't need either right now, but if something interesting shows up…), but low-noise/ low-idle-power.
I had my eyes on a Gateprotect device for quite some time, and finally decided grab one. It's not actually a "Gateprotect" device anymore, it's a GPO-150v2 from the short time it was "Rohde & Schwarz Cybersecurity" (tee hee), after Gateprotect was sold to them and before they were sold on to Lancom Systems.
It's a really pretty device, Celeron J1900, 4 intel gigabit ports. I didn't even try any firmware upgrade mechanism, instead I immediately opened it up, replaced the stock 32GB SSD with a 2GB industrial size SATA module (plenty for OpenWrt) containing OpenWrt x86 64-bit, and I replaced the stock 4GB memory stick with a 2GB stick I had lying around (again, plenty for OpenWrt.)
It boots up in 15 seconds and so far it reacts to everything I throw at it with indignant boredom, I have no doubt it will serve me well once my line exceeds my current 100 mbit, that one it routes with a load of 0.25 (out of a possible 4.0).
However, what I couldn't manage to find out is ...
how can I get into BIOS through the console port? Try as I might, I can't find any hint on how to do that. The first thing I see on the console is GRUB, both on stock software and on OpenWrt.
Edit: I seem to be able to get into BIOS by attaching a USB keyboard and hitting the delete key right after boot. It looks like it doesn't go to GRUB then, but I can't tell what it's doing, the console port serial remains empty. These things don't have hidden video ports, do they?
Edit²: I really need to tinker with docker containers in OpenWrt, this machine seems like a perfect candidate for that (InnoDB/Grafana dockers come to mind). I might "un-downgrade" memory and disk space in this case.
On the GPO 110 If you see the Grub menu and OpenWrt your serial console is set at 115200. OpenWrt like all normal modern things sets the serial port of the device at the fastest speed when it is running.
The BIOS sets the port of the device at 9600 baud speed while it is active, so you need to set your serial console to 9600 baud speed, then you can see the BIOS prompt and you can press the key to enter it.
The GPO 110 had no headers for that, it did have a PCIe slot but I never tried adding a GPU on that because I was afraid it was not electrically PCIe (in many devices they use PCIe connectors internally to bridge two boards because they are cheap and sturdy, but electrically it's just carrying whatever they want on the contacts)
Interesting, our devices differ in their conduct then. With the vendor firmware, I saw GRUB at 9600, with OpenWrt it is at 115200 (of course), but with neither speed I see a BIOS prompt, GRUB is the first thing I see from either one.
(Idea I will try later: disconnect boot disk, see if and which complaint it throws. Edit: Nothing, console stays blank. It seems like on my model, neither POST nor BIOS does not come through to the console.)
Edit: At long last, I found a manual for the firewall's mainboard. This thing actually has a VGA pin header inside, a "quiet boot" setting in the BIOS, and a CMOS reset jumper that changes notihing about how it behaves. That gives me reason to believe that maybe "quiet boot" has been perma-default-enabled by Gateprotect. But looking at the BIOS settings in the manual I also can't find any reason to change anything, so I won't bother with that anymore. It boots fine and works fine as it is.
I'm new on OpenWRT forum (just registered my account), though I'm no stranger to OpenWRT contents ... been reading various posts for quite some time now. I would send you a PM if I could, but given restrictions for newcomers, I resorted to "jump on the wagon" of OpenWRT discussions by replying to your post. I hope that admins won't be too hard on me, for "hijacking" this old thread, particularly as OpenWRT is not what I have in mind, in reference to the core of my message (it's a pfSense project);
I just got my hands on Lancom / Rohde & Schwarz UTM appliance - UF-300 (aka Gateprotect GP-U 300, GPA-300V2, model No. CAR-2051). It's a Caswell CAR-2051 based platform, with Atom C2000, 8x Gigabit LAN + RJ45 console port. Like yourself, I was scratching my head at first, as to how to access the BIOS via RJ45 serial console port. The CAR-2051 User Manual gave me the clue, to use either DEL key (not applicable, as there's no VGA output so I can't connect monitor) or TAB key for remote access, which I presume refers to serial console access. I'm using minicom serial communication program on Ubuntu laptop, connected to R&S UF-300 appliance with Cisco console cable and PL2303 USB converter. Serial port settings in minicom are 9600 8N1 (19200 baud rate, as per CAR-2051 User Manual, doesn't work). I do get the serial console output as appliance boots up (basic system info and login prompt, screenshot in attachment), but when I start up appliance and hit the TAB key, nothing happens ... appliance continues to boot and the console output remains blank, until the basic system info shows up and then the login prompt.
You said that you managed to get into BIOS by attaching a USB keyboard to your GPO-150v2 and hitting DEL key. That's a standard way for accessing BIOS, when using external monitor and keyboard, but ... since you couldn't use monitor (no VGA on GPO-150v2), I assume you had the laptop connected with console cable to GPO-150v2. So how does a separate USB keyboard, attached to GPO-150v2, fit into this setup ? I must be overlooking something rather obvious here, so please excuse me my ignorance ...
I would appreciate for feedback enormously (others are welcome to chime in)...
I assume that is what happens because the firewall does not continue booting. I still don't have a VGA connected (I am failing to dredge up a 2(!)mm pitch 2x8 connector that plugs into the internal pin header), and the BIOS output is not reflected to the console (which, as I said, may very well be a BIOS setting, so there's a chicken-egg scenario here), that's why I still don't have any way of knowing what is actually happening.
You're right, it shouldn't be necessary to enter the BIOS, but since the BIOS is not reflected to the console, it probably also doesn't listen to console input. The USB keyboard is just another way to get keystrokes through to the BIOS.
But I must admit that at some point I just didn't continue fiddling around trying to get into the BIOS. The device runs well as-is, and from the BIOS screenshots in the mainboard manual I can't see anything that I actually would want to change in there (except, if possible, turn on BIOS reflection to the console). Eventually my curiosity faded.
That's fine, better actually, this discussion may help others so it's better held out in the open.
what a pleasant surprise ... receiving a swift response, after dredging an ancient thread ... never happened to me before.
To sum up what I learned from your response;
You did not get the BIOS screen displayed in the console window, which is contrary to what I assumed when I had read your post.
You were not concurrently using the laptop with serial cable AND external USB keyboard (when I do this on my UF-300, it inhibits the console output completely), only USB keyboard connected to GPO-150v2, to see how appliance reacts when you hit the DEL key on cold start (LEDs, beeps, etc). Due to absence of expected behavior, you assumed that appliance entered BIOS, waiting for your input.
I wish I was as lucky as you are, having onboard VGA header, but there's none present, so I'll have to "crack" this one the hard way ... figure out why the TAB key on my laptop doesn't invoke the BIOS screen of UF-300. The OEM Caswell CAR-2051 board, which is what R&S UF-300 really is, does have the provision for serial port redirection (enabled by default), but Rohde & Schwarz may have opted to disable it in BIOS, which would explain why I don't see anything in serial console output, until the OS kicks in and displays basic system info and login prompt. So all I need is to know a magic key (or combo of keys), to get the BIOS screen displayed in console output. Sounds like a daunting task, since neither Caswell nor Rohde & Schwarz are keen to help the customers without support contract.
Hoping someone else on this forum will shed the light on solution ...
