Watchguard Firebox M400/M500
-
@stephenw10 @Deathwarror @Scorch95 and everyone else with the reboot problem with an i3 CPU: I developed an open source hardware workaround for this! It's basically a microcontroller that checks the state of the power supply and one of the SFP LEDs (since those are lit when it hangs on reboot) and uses the internal power button connector to "manually" reboot the box.
All the details, sources and gerber files for the PCB are available in a post I made on my blog today and I hope it's ok to post the link here: Firebox RebooterI have a few of the boards left since I couldn't order less than 5 and I would be happy to give them away to interested people if they pay for shipping (I live in Germany so outside of EU it's probably cheaper to order the boards from a PCB fab yourself)
-
Huh that's novel! I'd prefer a software solution but that's an option at least.
Steve
-
Hello all, thanks for all this info. slight Noob here so...feel free to lecture if needed.
Happened to get an M500 and wanted to replace my aging hardware with slightly less aged hardware, but I can't seem to get FreeDOS to boot no matter what I try to get the BIOS updated.
Steps so far:
Stock M500 (literally never used) Booted up fine, console out put (115200) no issues, access CLI with default login, did a show sysinfo for giggles, then did shutdown command:
***M500 stock won't shutdown via CLI? The processes show shutting down, disk shutdown etc.., but the box just sits there and fans continue spinning (left it for 20mins). Never used Watchguard, thought I would mention it since everyone was having shutdown issues?Replaced 2x4gig RAM with 2x8gig I had lying around. Boots fine, get into watchguard CLI, show sysinfo - verify RAM numbers, all OK. (still won't shutdown via SHUTDOWN command)
4gig Compact Flash I had handy, used Rufus to flash FreeDOS. Replaced stock CF card. No output on serial (115200, 9600 etc..). 3 Beeps, fans full speed (same beeps as if no boot media installed)
Put back Original stock CF card, boots fine, serial output (115200)
Flashed PFsense USB serial image to CF card (via Rufus). No serial output, 3 beeps again. Fans full speed (intermittently wind up or down)
Flashed PFsense USB serial image to USB stick, added SSD, removed CF card completely, BOOTS OK. Install to SSD fine, reboot to PFSENSE fine. Access WEB UI for giggles - All OK. shuts down fine via CLI and web GUI.
Flashed FREEDOS to other USB sticks (3, 4g, 8g, 16g) via Rufus, added Zanthos files, no console output at all (still 3 beeps at boot). Verified USB sticks boot fine in other PC (old workbench PC Z97 mobo set to legacy BIOS boot)
Flashed FreeDOS image from FreeDOS site (Rufus again, 3sticks, 4g, 8g, 16g), repeat of previous steps. No output via console.
So I'm stumped. FYI I have two console cables, both work on everything else I try them on - Cisco, junper, Unifi gear etc... one is an OG CISCO blue cable, one came straight out of the M500 box still in plastic bag.
Going to get VGA working hopefully this weekend, maybe will show me something when I try to boot?
Any recomnendations on WTF I'm doing wrong with flashing the FreeDOS images?
Thanks again for everyone sharing work, never get any of this done without you guys!
-
You only tried the FreeDOS image from their site? There is no serial output on that by default.
Try this. If that boots you can add the required BIOS and programmer.You don't actually need to flash the BIOS though.
Steve
-
Ah actually you should be seeing some output from the BIOS, the version and password prompt.If you're not seeing that you might need a different serial adapter. Been a while since I've seen that but it used to be a common issue on the older boxes. -
@chpalmer what did you append? (Sorry for the 2 year follow-up!!)
-
The baud rate probably. That image boots to a serial console at 9600.
autoexec.bat:
@ECHO OFF SET NLSPATH=C:\ SET HELPPATH=C:\ SET TEMP=C:\ SET TMP=C:\ SET WATTCP.CFG=C:\ SET PATH=C:\ SET PROMPT=$P$G SET DIRCMD=/OGN SET LANG=EN SET BLASTER=A220 I5 D1 H5 P330 if "%config%"=="" goto end if "%1"=="" goto mouse REM Shsucdx /D:?FDCD0001 /D:?FDCD0002 /D:?FDCD0003 :mouse if exist ctmouse.exe CTMOUSE IF "%CONFIG%" == "6" CALL .\LOADCD.BAT goto end :end beep beep beep mode com1 9600 n 8 1 echo Switching Console to COM1 at 9600 8N1 ctty com1 echo Freedos on COM1: date /d time /t
-
@stephenw10 yea I verified the baudrate in autoexec every time I've made a freedos boot drive.
I tried flashing the freedos image you gave me, no output at all. Just doesn't make sense.
I put the pfsense serial image in and it boots up and gives me console output every time.
I have VGA cables now and can't seem to get any VGA output at all either!
If I boot with NO boot drives connected, I should some kind of picture/boot screen from the OG locked BIOS, right???
-
Sorry too many similar boxes!
No, you get no output at all until the FreeBSD boot loader runs with the default BIOS.
Do you hear the 3 beeps when FreeDOS boots?
Steve
-
@stephenw10 yea I do get three beeps, I even get beeps when I plug in/unplug a keyboard or mouse.
-
Well I got VGA working (finally broke down and got the soldering iron out)
I do get the American Megatrends output up when no boot drives are attached (bios locked when trying to access as usual)
Still can't get any Freedos images to boot. The standard PFSense installers are booting up fine. Any FreeDOS image I try to use says "insert proper boot drive press any key to continue... (or close to that).
-
So I got my M500 booted to freedos finally, and successfully flashed zanthos v6 BIOS, booting pfsense off an SSD on a SATA port, fans turned down, 16G (2x8g ECC UDIMM) of DDR3 I had laying around working without issues.
The only combination that worked for me was the freedos2 image provided here straight to the STOCK CF card. I tested both VGA and console output modifying that image and they worked. Reading back over the thread I noticed the other M500 users also had issues booting freedos from a USB - so that lines up with what I was seeing. I used Rufus and win32imager back and forth for everything and verified all the images I burned were booting fine on other devices.
M500 (my experience)
WORKED: freedos (image from you guys!) --> STOCK CF card = VGA (or serial) works OK
WORKED: PFsense serial install image --> USB (all sizes <16g)
WORKED: PFsense standard install image --> USB drive (all sizes <16g)
DID NOT WORK: freedos (custom image) --> USB drives = no serial output, no VGA output
DID NOT WORK: freedos (custom image) --> 2 random CF cards I had (both 4GB Verbatim, 2GB Transcend)Thanks to everyone in this thread!
-
Looks like this is still a pretty active thread on the Watchguard Firebox.
My work is throwing out a Firebox M400 so I took it. From some brief reading, it seems the CPU and RAM can be upgraded and pfSense might be able to installed on an SSD too!
I'm currently running my pfSense on a VM and it's been fantastic.. but of course I'd prefer my firewall to baremetal. My biggest concern is going to be performance.
Would anyone have any results from PPPoE testing? Running it in a VM, I get a max speed of 500-600MBPS, so I have opted to use the ISP's DMZ solution instead. Not ideal, but it's the only way I could get the symmetrical Gigabit speeds I pay for. So yeah, I don't mind buying another CPU for the upgrade, as long as it can perform well.
Thoughts?
-
You need good single thread performance. I would grab an i3-4130 and try it. They are pretty cheap most places and don't hit the reboot bug. I would expect it to be fine.
Steve
-
Looks like less than $50 on ebay, not bad at all. The host I use has a 2.66Ghz CPU, so hopefully the i3 is enough. I'd still be okay with not using PPPoE, not a huge deal for me.
Would you also know if controlling fan speed is possible without flashing the BIOS?
-
It is. You can use WGXepc64 to set the minimum fan speed after booting.
-
I recently bought a WatchGuard Firebox M400 which has an Intel i3-4130, the system was already pre-configured with pfSense and I didn't have to do any bios hack or installation of pfSense. All I did was reset the pfsense and started configuring it.
There are 2 fan's in the system and they are too loud running at 7000 rpm each. I followed the steps to get WGXepc installed on the box, ran the permissionchmod 0755 /conf/WGXepc
but when running./WGXepc -f 10
I get Permission denied.
I have also tried to make WGXepc executable withchmod +x
but that doesn't work either
I also tried the
WGXepc64
you linked about that didn't work either
permissions:
I really need to get the fans to slow down so I can use it at my home.
If you could help me out, it would be greatly appreciated, Also is there anything that monitors the Fan Speed in the GUI? -
I'll just point out that selling that with pfSense pre-installed is against the license restrictions. Whoever sold that to you has broken the terms.
I would also recommend re-installing anyway it since you have no idea what might have been modified. You can't be sure it's still secure.
It looks like is has been flashed with one of the modified BIOSes since we can see that Speedstep is active. That also means powerd is enabled which isn't part of the default install.
Depending on which BIOS was used that fans may already be set slower or you can enter the BIOS setup and set them.You need to use the 64bit version of WGXepc so WGXepc64. pfSense is 64bit only since 2.4.
You need to set the permissions but
chmod 0755
should be sufficient for that.Try running it without a switch. it should report the hardware type and program version.
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ls -ls WGX* 28 -rwxr-xr-x 1 root wheel 27393 Nov 22 2020 WGXepc64 [2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 Found Firebox M400/500 WGXepc Version 1.6_1 22/11/2020 stephenw10 WGXepc can accept two arguments: -f (CPU fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -f2 (System fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -l (led) will set the arm/disarm led state to the second argument: red, green, red_flash, green_flash, red_flash_fast, green_flash_fast, off -b (backlight) will set the lcd backlight to the second argument: on or off. Do not use with LCD driver. -t (temperature) shows the current CPU temperature reported by the SuperIO chip. X-e box only. Not all functions are supported by all models
Steve
-
Thank you for that, I was able to run WGXepc64 in the /root folder
originally I had it in/conf
folder based on the site hexhound informationI install a fresh version of pfsense on the device and configure it. I didn't know that it's not allowed to be sold, there are lots of these things being sold on eBay pre-installed with pfsense.
Can you help me understand the Hex number 00-FF that I need to set, can it be queried to get the current running hex number or rpm of the fan?
-
Yes, it is showing
0xa
as the current speed there. Which is odd because that implies 0x0a which is lower than 0x8c, by a lot!I am running:
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 -f Found Firebox M400/500 Current fanspeed is 22, minimum fanspeed is 1e
Steve