Watchguard Firebox M400/M500
-
But does it reboot though?
I did a reboot this morning via the GUI "reroot" reboot. Came up fine. Is there another method you want me to try? This one is my primary firewall and I have to do things after hours unless I want to join "wine hour" here.. and Im fresh out of cheese.
(for those already typing.. yes I know how to spell whine. ;) )
-
After some more testing with the new CPU.. Normal reboot does hang. Reroot reboot does not. I generally do not shut this one down ever so a non issue for me.
This box is 2.6..
-
Urgh. Disappointing. I wish I knew what caused that.
-
Anyone run into issues with putty spitting out giberish on startup?
Downloaded Memstick installer, used balena etcher (from my understanding Balena will automatically un zip the .gz file) to flash to the same exact model CF card (Except mine is 8gb and not 4gb). Popped the CF card in, powered on the M400, used COM3 port and its just spitting out random letters and characters. -
Typically that happens if the baud rate is mismatched. It's 115200bps by default.
-
@stephenw10 Yup that did it! ive been so used to cisco It never occurs to me that would ever need to change. When I get to the part where it has me select the target disk it doesn't let me select the CF card. I hit enter with the CF card highlighted and it returns the message "Not Enough Disks selected. 0 < 1 minimum" any Ideas on this?
-
You can't install onto the drive you booted from. You can install to a SATA SSD after booting from CF. Or you can boot from USB and and install to CF.
-
I never realized that my M400 (i3-4370T) has been sucking away 40W 24/7. Thinking about doing the BIOS upgrade to enable SpeedStep as my system is barely stressed (1% CPU at this moment). Just curious - for anyone who has already enabled SpeedStep, what kind of power savings have you seen?
-
Does it reboot correctly with that CPU out of interest?
The power draw can be affected by a number of things. Addtional drives. NIC that are linked. Fan speed. 40W does seem high though, how are you measuring it?
-
@stephenw10 No, the i3-4370T has the reboot hang issue. Not a big deal as instead I just do a HALT, then power off and on with the button afterwards.
I'm measuring with an Emporia outlet device. At 1% load, I'm mostly idling. If SpeedStep is significant (e.g. drops it to less than 10W) it would be a worthwhile update, but I have no idea what to expect by enabling it.
-
Enabling high C states usually has a greater affect, especially if your CPU is mostly idle.
Check the available C state and the 'lowest' value. The default Celeron and BIOS don't offer much:[2.7.0-DEVELOPMENT][admin@pfsense.fire.box]/root: sysctl dev.cpu.0 dev.cpu.0.temperature: 39.0C dev.cpu.0.coretemp.throttle_log: 0 dev.cpu.0.coretemp.tjmax: 100.0C dev.cpu.0.coretemp.resolution: 1 dev.cpu.0.coretemp.delta: 60 dev.cpu.0.cx_method: C1/hlt dev.cpu.0.cx_usage_counters: 66905813 dev.cpu.0.cx_usage: 100.00% last 620us dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_supported: C1/1/0 dev.cpu.0.%parent: acpi0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 _CID=none dev.cpu.0.%location: handle=\_PR_.CPU0 dev.cpu.0.%driver: cpu dev.cpu.0.%desc: ACPI CPU
-
@stephenw10 Sounds like it may be worth a try. I may try to pick up another M400 so I'll have a backup and maybe try to "downgrade" it to a i3-4130T as well. Lower clock should use less power and I hear it doesn't have the reboot issue so a win-win. Might also upgrade that machine to pfsense 2.6 as I'm on 2.4.5 currently.
-
With an i3-4160 and unlocked BIOS to enable speedstep:
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: sysctl dev.cpu.0 dev.cpu.0.temperature: 37.0C dev.cpu.0.coretemp.throttle_log: 0 dev.cpu.0.coretemp.tjmax: 100.0C dev.cpu.0.coretemp.resolution: 1 dev.cpu.0.coretemp.delta: 63 dev.cpu.0.cx_method: C1/hlt dev.cpu.0.cx_usage_counters: 20326 dev.cpu.0.cx_usage: 100.00% last 1186us dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_supported: C1/1/0 dev.cpu.0.freq_levels: 3600/54000 3400/49609 3200/45377 3000/41815 2900/39829 2700/36458 2500/32748 2300/29177 2100/26204 1900/22916 1700/20193 1500/17168 1400/15710 1200/13290 1000/10588 800/8400 dev.cpu.0.freq: 800 dev.cpu.0.%parent: acpi0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 _CID=none dev.cpu.0.%location: handle=\_PR_.CPU0 dev.cpu.0.%driver: cpu dev.cpu.0.%desc: ACPI CPU
Kill-a-Watt style device shows it idles at ~27W
That CPU doesn't reboot though so upgrades are a PITA!
-
@stephenw10 Oh, the i3-4130T is also on the reboot naughty list? I thought someone had posted in this thread that the 4130 was OK?
-
@stephenw10 Oops, ignore my comment - just realized you were posting about the 4160 and not the 4130 re: reboots. I just bought another M400 on eBay for $50 and ordered a i3-4130T for a whopping $10! I'll probably set that up from scratch then swap firewalls keeping the current as a backup if I don't brick it doing the bios update.
-
With Xanthos fully unlocked BIOS you can enabled higher C-states:
dev.cpu.0.temperature: 35.0C dev.cpu.0.coretemp.throttle_log: 0 dev.cpu.0.coretemp.tjmax: 100.0C dev.cpu.0.coretemp.resolution: 1 dev.cpu.0.coretemp.delta: 65 dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc dev.cpu.0.cx_usage_counters: 210 8837 dev.cpu.0.cx_usage: 2.32% 97.67% last 1629us dev.cpu.0.cx_lowest: C2 dev.cpu.0.cx_supported: C1/1/1 C2/2/148 dev.cpu.0.freq_levels: 3600/54000 3400/49609 3200/45377 3000/41815 2900/39829 2700/36458 2500/32748 2300/29177 2100/26204 1900/22916 1700/20193 1500/17168 1400/15710 1200/13290 1000/10588 800/8400 dev.cpu.0.freq: 800 dev.cpu.0.%parent: acpi0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 _CID=none dev.cpu.0.%location: handle=\_PR_.CPU0 dev.cpu.0.%driver: cpu dev.cpu.0.%desc: ACPI CPU
Note that it spends almost the entire time in C2 if enabled. Idles at ~24W.
The CPU claims to support higher C states but pfSense doesn't see them. -
@stephenw10 Just finished downloading Xanthos' files and various instructions posted between him and yourself. Do you think disabling the i3's iGPU in Xanthos' unlocked bios will reclaim a few watts?
Too bad it wasn't possible to get the 13W Xeon to work, that would have been crazy.
-
The TDP rating of a CPU is only a guide to the cooling solution needed to run at full power. It does not tell you the minimum power consumption. Whilst the lower TDP devices usually do run at lower idle power it's often not by much. No where near what you might think if you only look at the TDP.
Using a CPU without on-board GPU can save a few Watts, I've tested that on earlier gen CPUs. I'm not sure if disabling it does much though. On more recent devices other users have demonstrated that loading a graphics driver that can put the GPU into an idle state can produce a decent saving. -
@stephenw10 BIOS update successful, but I have an embarrassing question - how do I install pfsense? ha ha
The last time I did it was when we had nano-bsd images and now we have the memstick images. I RUFUS'ed the image to CF, inserted it into the M400, booted, select install, select keyboard, then I get stuck when asked to partition the disk. ZFS takes me down some RAID path, UFS BIOS says "device busy", UFS EUFI also says "device busy". Any pointers?
Thanks!
-
@eisenb11 oh, nevermind - I just had to try a few times and it moved forward.
-
I have an M400 which I have tried to flash with Zanthos' BIOS. Have used a CH341A SPI Flash Reader and ASprogammer. When I start up the Wathguard it is on for 3-4 seconds and then it turns off again. Is there something I did wrong or has the flash itself failed? It said that everything was successful.
-
Hmm, that's not good. Could be either with those symptoms.
You might try re-flashing it. Or restoring the old file if you backed it up.
-
@stephenw10 Tried to reflash and restore back to the original BIOS without success. Have also tried another PSU, but with the same result.
-
Hmm, not sure what else to suggest. Had you swapped out any hardware before that?
-
@stephenw10 Have not replaced any hardware. It should be said that I tried a long time ago to flash the bios with software flash with Zanthos' version and that's when it failed. Finally ordered an SPI reader and thought it would work. I extracted the original BIOS from an identical M400 that I have that works. It might not work?
-
I would expect it to work. It's possible you had a hardware failure that happened to coincide with the original BIOS flash attempt of course. Seems pretty unlikely but....
-
@stephenw10 Tried to find a detailed overview of the motherboard, but can't find it anywhere. Do you know where I can possibly find it?
-
The Lanner FW-7585 manual is the closest you're likely to find. It's not exactly the same but close enough.
-
@stephenw10 Thank you very much! Will have to see if I can get the M400 to stay on.
-
@stephenw10 Hello. I tried the link you shared for the fan control software, but it's doesn't work anymore.
I went to git and downloaded the .c code, but it won't run. I assume I need to compile it which I'm unfamiliar with how to do.
When I do try to run it even as root, I get permission denied.
This is on an M400 with Stock bios.
Thanks -
Which link? I put a compiled binary up on github that should work, here.
Otherwise, yes, you'd have to compile it in FreeBSD and copy it to pfSense.
Steve
-
@stephenw10 said in Watchguard Firebox M400/M500:
Turns out it was relatively easy to add the fan control to WGXepc as it's pretty much identical to the Mx70 boxes. Though I managed to break it several times by not setting enough things and ending up with a negative temperature/speed ramp.
So find the updated code: https://github.com/stephenw10/WGXepc/blob/master/WGXepc.c
And a compiled binary here for those willing to trust it.This is the file I'm referring to.
-
So fetch it onto your firewall, change the permissions so it's executable, run it:
[2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: fetch https://github.com/stephenw10/WGXepc/raw/master/WGXepc64 WGXepc64 26 kB 3625 kBps 00s [2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: chmod +x WGXepc64 [2.7.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 Found Firebox M400/500 WGXepc Version 1.6_1 22/11/2020 stephenw10 WGXepc can accept two arguments: -f (CPU fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -f2 (System fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -l (led) will set the arm/disarm led state to the second argument: red, green, red_flash, green_flash, red_flash_fast, green_flash_fast, off -b (backlight) will set the lcd backlight to the second argument: on or off. Do not use with LCD driver. -t (temperature) shows the current CPU temperature reported by the SuperIO chip. X-e box only. Not all functions are supported by all models
-
@stephenw10 Just changing the permissions of the file resolved the issue. I set the CPU fan to 5 instead of 14 as you had done, and it initially lowered the fan speed, but it's been ramping up and down even though the interface temp values are reporting that it's only getting to 35C. Is this normal?
-
Yes the actual fan speed should vary with temperature. The value you set there is the minimum fan speed, the actual speed is determined by the minimum plus a value proportional to the CPU temp above a minimum temp value.
-
I'm running into the weirdest issue. I've been super happy with the M400 that I upgraded the BIOS and installed 2.6 on so I decided to do the same for my backup M400. Both M400s have i3-4130T CPUs.
Updated the BIOS, used Rufus to install the 2.6 image to CF... but I'm stuck in the installer where it partitions the CF.
I selected EUFI, then GPT... but I keep getting an error. "File exists. geom 'ada0'". I can't get past this to do the install.
Would you happen to have any pointers on how to get past this?
-
You can't install to the CF card if you wrote the installer image to the CF card and booted that.
You need to boot from USB and install to CF. Or boot from CF and install to SSD etc.
-
@stephenw10 That makes total sense, I’ll try that later… but somehow it worked when I did it on the first machine! Twilight Zone! Ha ha
-
@stephenw10 Wow, I'm just having terrible luck this go-around.
I used Rufus to put the 2.6 image on a thumb drive. Booted off the thumb drive. Had it to install to ad0. When it was ready to reboot, I shut down and removed the thumb drive. Power back up and then get an error message that it can't find a proper boot device. It appears that it didn't format the CF to be bootable. Did I miss a step in the install somewhere?
-
@eisenb11 I figured it out. I went back into the bios and looked under boot and it had a weird selection for the boot order. I changed it and it can now boot correctly.