Watchguard Firebox M400/M500
-
The baud rate probably. That image boots to a serial console at 9600.
autoexec.bat:
@ECHO OFF SET NLSPATH=C:\ SET HELPPATH=C:\ SET TEMP=C:\ SET TMP=C:\ SET WATTCP.CFG=C:\ SET PATH=C:\ SET PROMPT=$P$G SET DIRCMD=/OGN SET LANG=EN SET BLASTER=A220 I5 D1 H5 P330 if "%config%"=="" goto end if "%1"=="" goto mouse REM Shsucdx /D:?FDCD0001 /D:?FDCD0002 /D:?FDCD0003 :mouse if exist ctmouse.exe CTMOUSE IF "%CONFIG%" == "6" CALL .\LOADCD.BAT goto end :end beep beep beep mode com1 9600 n 8 1 echo Switching Console to COM1 at 9600 8N1 ctty com1 echo Freedos on COM1: date /d time /t -
@stephenw10 yea I verified the baudrate in autoexec every time I've made a freedos boot drive.
I tried flashing the freedos image you gave me, no output at all. Just doesn't make sense.
I put the pfsense serial image in and it boots up and gives me console output every time.
I have VGA cables now and can't seem to get any VGA output at all either!
If I boot with NO boot drives connected, I should some kind of picture/boot screen from the OG locked BIOS, right???
-
Sorry too many similar boxes!
No, you get no output at all until the FreeBSD boot loader runs with the default BIOS.
Do you hear the 3 beeps when FreeDOS boots?
Steve
-
@stephenw10 yea I do get three beeps, I even get beeps when I plug in/unplug a keyboard or mouse.
-
Well I got VGA working (finally broke down and got the soldering iron out)
I do get the American Megatrends output up when no boot drives are attached (bios locked when trying to access as usual)
Still can't get any Freedos images to boot. The standard PFSense installers are booting up fine. Any FreeDOS image I try to use says "insert proper boot drive press any key to continue... (or close to that).
-
So I got my M500 booted to freedos finally, and successfully flashed zanthos v6 BIOS, booting pfsense off an SSD on a SATA port, fans turned down, 16G (2x8g ECC UDIMM) of DDR3 I had laying around working without issues.
The only combination that worked for me was the freedos2 image provided here straight to the STOCK CF card. I tested both VGA and console output modifying that image and they worked. Reading back over the thread I noticed the other M500 users also had issues booting freedos from a USB - so that lines up with what I was seeing. I used Rufus and win32imager back and forth for everything and verified all the images I burned were booting fine on other devices.
M500 (my experience)
WORKED: freedos (image from you guys!) --> STOCK CF card = VGA (or serial) works OK
WORKED: PFsense serial install image --> USB (all sizes <16g)
WORKED: PFsense standard install image --> USB drive (all sizes <16g)
DID NOT WORK: freedos (custom image) --> USB drives = no serial output, no VGA output
DID NOT WORK: freedos (custom image) --> 2 random CF cards I had (both 4GB Verbatim, 2GB Transcend)Thanks to everyone in this thread!
-
Looks like this is still a pretty active thread on the Watchguard Firebox.
My work is throwing out a Firebox M400 so I took it. From some brief reading, it seems the CPU and RAM can be upgraded and pfSense might be able to installed on an SSD too!
I'm currently running my pfSense on a VM and it's been fantastic.. but of course I'd prefer my firewall to baremetal. My biggest concern is going to be performance.
Would anyone have any results from PPPoE testing? Running it in a VM, I get a max speed of 500-600MBPS, so I have opted to use the ISP's DMZ solution instead. Not ideal, but it's the only way I could get the symmetrical Gigabit speeds I pay for. So yeah, I don't mind buying another CPU for the upgrade, as long as it can perform well.
Thoughts?
-
You need good single thread performance. I would grab an i3-4130 and try it. They are pretty cheap most places and don't hit the reboot bug. I would expect it to be fine.
Steve
-
Looks like less than $50 on ebay, not bad at all. The host I use has a 2.66Ghz CPU, so hopefully the i3 is enough. I'd still be okay with not using PPPoE, not a huge deal for me.
Would you also know if controlling fan speed is possible without flashing the BIOS?
-
It is. You can use WGXepc64 to set the minimum fan speed after booting.
-
I recently bought a WatchGuard Firebox M400 which has an Intel i3-4130, the system was already pre-configured with pfSense and I didn't have to do any bios hack or installation of pfSense. All I did was reset the pfsense and started configuring it.
There are 2 fan's in the system and they are too loud running at 7000 rpm each. I followed the steps to get WGXepc installed on the box, ran the permissionchmod 0755 /conf/WGXepcbut when running./WGXepc -f 10I get Permission denied.
I have also tried to make WGXepc executable withchmod +xbut that doesn't work either
I also tried the
WGXepc64you linked about that didn't work either
permissions:
I really need to get the fans to slow down so I can use it at my home.
If you could help me out, it would be greatly appreciated, Also is there anything that monitors the Fan Speed in the GUI? -
I'll just point out that selling that with pfSense pre-installed is against the license restrictions. Whoever sold that to you has broken the terms.
I would also recommend re-installing anyway it since you have no idea what might have been modified. You can't be sure it's still secure.
It looks like is has been flashed with one of the modified BIOSes since we can see that Speedstep is active. That also means powerd is enabled which isn't part of the default install.
Depending on which BIOS was used that fans may already be set slower or you can enter the BIOS setup and set them.You need to use the 64bit version of WGXepc so WGXepc64. pfSense is 64bit only since 2.4.
You need to set the permissions but
chmod 0755should be sufficient for that.Try running it without a switch. it should report the hardware type and program version.
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ls -ls WGX* 28 -rwxr-xr-x 1 root wheel 27393 Nov 22 2020 WGXepc64 [2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 Found Firebox M400/500 WGXepc Version 1.6_1 22/11/2020 stephenw10 WGXepc can accept two arguments: -f (CPU fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -f2 (System fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -l (led) will set the arm/disarm led state to the second argument: red, green, red_flash, green_flash, red_flash_fast, green_flash_fast, off -b (backlight) will set the lcd backlight to the second argument: on or off. Do not use with LCD driver. -t (temperature) shows the current CPU temperature reported by the SuperIO chip. X-e box only. Not all functions are supported by all modelsSteve
-
Thank you for that, I was able to run WGXepc64 in the /root folder
originally I had it in/conffolder based on the site hexhound informationI install a fresh version of pfsense on the device and configure it. I didn't know that it's not allowed to be sold, there are lots of these things being sold on eBay pre-installed with pfsense.
Can you help me understand the Hex number 00-FF that I need to set, can it be queried to get the current running hex number or rpm of the fan?
-
Yes, it is showing
0xaas the current speed there. Which is odd because that implies 0x0a which is lower than 0x8c, by a lot!I am running:
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 -f Found Firebox M400/500 Current fanspeed is 22, minimum fanspeed is 1eSteve
-
The below value was something i was playing around with and not something that it came with
after taking both screenshots above I change the Smart Fan Configuration to auto
now when I run./WGXepc64 -fit is showing
-
Actually my last values were with my modified BIOS. Since you can access it you must have the Xanthos BIOS.
On an unmodified box I have used:
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 -f 16 Found Firebox M400/500 Minimum fanspeed set to 16 at 45°C or lessSteve
-
Can anyone offer some guidance on creating a freedos boot device as the images I've seen posted and linked to this thread I'm unable to create a bootable cf card with freedos on. The m400 just doesnt seem to want to boot freedos. Using the same cf card with pfsense image on it booted no problem and I was able to use that to install pfsense onto an ssd attached.
-
@mithermo1 I had the same problems. The only combo I could get working was with the provided freedos image from this thread and the STOCK CF CARD that came with the watch guard.
I had multiple other brands/sizes of CF cards and none would boot on the M400 - but the stock card that was in it would (same image same write method same size card etc...)
Check out my post from awhile back in this thread it shows all the combos I tried to boot from.
Makes no sense why it did what it did - but I tested and retested (and verified all images worked on other hardware). I also ended up connecting VGA output straight to the motherboard at some point - that helped a bunch with troubleshooting.
-
@mithermo1 I can't say specifically for the M400/M500 but I have had a similar issue with a M570, only pfsense would output to the console enabling me to do an install.
My way around this was to install my non-pfsense OS on another machine and config the bootloader to enable serial/tty0 output as well as screen/console output, I then moved the SSD from that machine into the M570 and was able to review the output screens, complete the install and modify IP addresses using the console.
I've had VMware ESXi v7 and ProxMox running on the M570 thanks to this method.
-
@jutg987654321 said in Watchguard Firebox M400/M500:
@mithermo1 I had the same problems. The only combo I could get working was with the provided freedos image from this thread and the STOCK CF CARD that came with the watch guard.
Looks like this was the same issue I had. Used the stock 4GB card that came with it, freedos booted and bios flashed. Thank you.
