pfSense on Watchguard M370

ost0

@Squuiid some of the credit should go to WatchGuard for storing the password in plaintext in the UEFI module, and of course PfSense devs.

I would warn on the Noctua conversion that for the same PWM signal the Noctuas does have a lot less airflow than the stock fans, so temperatures might be higher, just something to keep in mind.

I've got a very similar setup, Cruical RAM, Noctua Fan conversion, though still on stock CPU. For the SSD I've got an mSATA to M.2 Adapter running an M.2 SATA SSD from an old laptop, and no issues so far!

nicknitro

Terrific Upgrades.
I'm waiting for the 7700 non T and a Dual 2.5" adapter to accommodate two 1tb SATA INTEL s4510. I'm going the virtualization way.
I think the only missing and important part for this m370s is a most recent Bios Update to comply with the CVEs and Microcodes.
Has anybody found a solution for updating a most recent BIOS?

stephenw10

The fan control system is based on the CPU temperature. If you put it under enough load the fans should ramp up anyway. The Noctua fans would just have to be ramped higher to get the same air flow but the default fans never run at maximum speed so it would likely be fine. By fitting them what you're really doing is reducing the minimum airflow which is where those boxes operate most of the time in my experience. The CPU runs pretty cool but other components will likely run hotter. I've seen no issues running with the standard fans at a reduced speed.

How much quieter are the Noctua fans compared to the standard fans set to run at speed a for example?

Steve

ost0

@stephenw10 I've not done a comparison for both at the same speed, but Noctua Fans with no PWM signal connected, so running at full, are quieter than the stock fans at a normal idle speed.

stephenw10

I'd guess a test at the same air flow would be needed, but I'm not sure how I'd do that! I guess setting the default fans to produce the same CPU temp at a known load would be fair.

Basically it's always been my belief that although the Noctua fans are aerodynamically better they achieve lower sound levels mostly by simply moving less air.

tapnet

@nicknitro

Hey Nick,

How did you go about installing exsi on a headless system?

I tried setting up a kickstarter file using this guide: https://www.virten.net/2014/12/unattended-esxi-installations-from-an-usb-flash-drive/

and setting up the serial console using parts from here: www.vmwareadmins.com/installing-esxi-serial-console-headless-video-card/

I can boot from USB but when it installs it cant seem to find any fixed disks and then installs to the USB stick, my guess is drivers but have you got any idea what I need to add to the iso at all?

soupman

@tapnet

Esxi 6.5 is the latest you can install..maybe 6.7. Definitely not 7.0 as that version does not support the sata ports.

I ran esxi 6.5 from usb. Used the msata to store iso's and sata ssd's to store the vm's

I switched to proxmox 8.0. Got a custom debian iso from https://fai-project.org/FAIme/# that gives an auto headless install with ssh. After that enable serial console and add the proxmox
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye and you are on your way.

tapnet

@soupman

Ah thats where I was going wrong then! I started off with 8.0 then 7.0 but nothing below that i'll give 6.7 a go, let people know how I get on, thanks again and for the heads up for promox too.

tapnet

@tapnet said in pfSense on Watchguard M370:

@soupman

Ah thats where I was going wrong then! I started off with 8.0 then 7.0 but nothing below that i'll give 6.7 a go, let people know how I get on, thanks again and for the heads up for promox too.

Just wanted to update on this.

6.7 installs fine works really well, I would recommend using a Kickstarter file for unnattneded access.

I upgrade the CPU with a i5 7600k without needing to make any changes to bios or microcode. I am still running on the standard bios.

Now just need to configure virtual pfsense and retire my USG-3P thanks again.

tapnet

@dfd1125

Did you or anyone get anywhere with this? I have a female to female pcie cable and a Intel X530-DA2 card I can see the card powering on and evidence of life in unfi but its not being seen at all by esxi I tried all in the latest VIB file from vmware but its being superseeded so wont install I am going to make a 3d printed enclosure for the card so it wont just sit out the case like that :)

stephenw10

@tapnet said in pfSense on Watchguard M370:

evidence of life in unfi

What exactly are you seeing there?

dlucas46

Hi ,

I am trying to upgrade the MSATA drive in these from the 16Gb supplied to 256Gb.

I know it is overkill but it is giving me CAM errors and write delayed errors, along with operation not permitted errors ATA retry command exhausted.

This is not a new drive, I had the same errors with a second hand 128Gb one.

I have destroyed the partitions and the drive should be blank.

But I get the same error messages each time.

I booted system rescue cd over serial and examined the drive whilst in the WatchGuard. Smartmon tools find the driver healthy with no errors.

I am going to try a 2.5 120Gb SSD instead of the MSATA, but I will have to order one in.

Any advise on anything else to try? Everything installs fine on the original 16GB Transcend.

stephenw10

CAM errors like that are almost always a bad drive or drive controller. Do you have the exact error you were seeing?

dlucas46

@stephenw10 said in pfSense on Watchguard M370:

CAM errors like that are almost always a bad drive or drive controller. Do you have the exact error you were seeing?

It's during the installer stage.

Everything installs fine with the original 16gb.

Anyway of capturing the installer data or do I need to manually write it down else where?

But from what I recall you choose zfs auto and it immediately says operation not permitted.

When you try and create a ufs system the drive spews these ATA timeout cam errors.

I booted system rescue cd over serial and ran smartmon tools and they pass the drive after a health check.

I agree that errors like this are normally a bad drive, just wondering if the msata port has a max drive limit?

stephenw10

I'm not aware of a limit. 256GB isn't especially large.

Can you not copy/paste the error from the terminal during the install? Or grab a screenshot?

dlucas46

@stephenw10 said in pfSense on Watchguard M370:

I'm not aware of a limit. 256GB isn't especially large.

Can you not copy/paste the error from the terminal during the install? Or grab a screenshot?

Possibly but the screen rolls the error and returns to the installer screen.

I can definitely get the data from smartmon tools.

I have just ordered an 120gb msata and another 2.5 120gb ssd.

That will give me enough new parts to test with.

dlucas46

@stephenw10 said in pfSense on Watchguard M370:

I'm not aware of a limit. 256GB isn't especially large.

Can you not copy/paste the error from the terminal during the install? Or grab a screenshot?

Ok terminal errors:

ada0:ahcich1:0:0:0): CAM status: ATA Status Error
(ada0:ahcich1:0:0:0): ATA status: 00 ()
(ada0:ahcich1:0:0:0): RES: 00 00 00 00 00 00 00 00 00 00 00
(ada0:ahcich1:0:0:0): Error 5, Retries exhausted
Input/output error
 GPT boot partition write failed 

gpart: Input/output error

(ada0:ahcich1:0:0x Initializ Input/output error (ada0:ahcich1:0:0:0): WRITE_FPDMA_QUEUED. ACB: 61 10 40 00 00 40 00 00 00 00 00 00u   wait.   
(ada0:ahcich1:0:0:0): CAM status: Auto-Sense Retrieval Failed
(ada0:ahcich1:0:0:0): Error 5, Unretryable error


Smartmon Tools output 

=== START OF INFORMATION SECTION ===
Device Model:     SAMSUNG SSD SM841 SED mSATA 256GB
LU WWN Device Id: 5 002538 500000000
Firmware Version: DXM44D6Q
User Capacity:    256,060,514,304 bytes [256 GB]
Sector Size:      512 bytes logical/physical
Rotation Rate:    Solid State Device
TRIM Command:     Available, deterministic, zeroed
Device is:        Not in smartctl database 7.3/5528
ATA Version is:   ACS-2, ATA8-ACS T13/1699-D revision 4c
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Wed Mar 27 16:32:08 2024 UTC
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
AAM feature is:   Unavailable
APM feature is:   Unavailable
Rd look-ahead is: Enabled
Write cache is:   Enabled
DSN feature is:   Unavailable
ATA Security is:  Unavailable
Wt Cache Reorder: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
                                        was never started.
                                        Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
                                        without error or no self-test has ever
                                        been run.
Total time to complete Offline
data collection:                (53956) seconds.
Offline data collection
capabilities:                    (0x53) SMART execute Offline immediate.
                                        Auto Offline data collection on/off support.
                                        Suspend Offline collection upon new
                                        command.
                                        No Offline surface scan supported.
                                        Self-test supported.
                                        No Conveyance Self-test supported.
                                        Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
                                        power-saving mode.
                                        Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
                                        General Purpose Logging supported.
Short self-test routine
recommended polling time:        (   2) minutes.
Extended self-test routine
recommended polling time:        (  20) minutes.
SCT capabilities:              (0x003d) SCT Status supported.
                                        SCT Error Recovery Control supported.
                                        SCT Feature Control supported.
                                        SCT Data Table supported.

SMART Attributes Data Structure revision number: 1
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAGS    VALUE WORST THRESH FAIL RAW_VALUE
  5 Reallocated_Sector_Ct   PO--CK   100   100   010    -    0
 12 Power_Cycle_Count       -O--CK   098   098   000    -    1571
175 Program_Fail_Count_Chip -O--CK   100   100   010    -    0
176 Erase_Fail_Count_Chip   -O--CK   100   100   010    -    0
177 Wear_Leveling_Count     PO--C-   088   088   005    -    420
178 Used_Rsvd_Blk_Cnt_Chip  PO--C-   100   100   010    -    0
179 Used_Rsvd_Blk_Cnt_Tot   PO--C-   100   100   010    -    0
180 Unused_Rsvd_Blk_Cnt_Tot PO--C-   100   100   010    -    9152
181 Program_Fail_Cnt_Total  -O--CK   100   100   010    -    0
182 Erase_Fail_Count_Total  -O--CK   100   100   010    -    0
187 Reported_Uncorrect      -O--CK   100   100   000    -    0
195 Hardware_ECC_Recovered  -O-RC-   200   200   000    -    0
241 Total_LBAs_Written      -O--CK   099   099   000    -    17757354518
242 Total_LBAs_Read         -O--CK   099   099   000    -    53456616621
                            ||||||_ K auto-keep
                            |||||__ C event count
                            ||||___ R error rate
                            |||____ S speed/performance
                            ||_____ O updated online
                            |______ P prefailure warning

General Purpose Log Directory Version 1
SMART           Log Directory Version 1 [multi-sector log support]
Address    Access  R/W   Size  Description
0x00       GPL,SL  R/O      1  Log Directory
0x01       GPL,SL  R/O      1  Summary SMART error log
0x02       GPL,SL  R/O      1  Comprehensive SMART error log
0x03       GPL,SL  R/O      1  Ext. Comprehensive SMART error log
0x06       GPL,SL  R/O      1  SMART self-test log
0x07       GPL,SL  R/O      1  Extended self-test log
0x09       GPL,SL  R/W      1  Selective self-test log
0x10       GPL,SL  R/O      1  NCQ Command Error log
0x11       GPL,SL  R/O      1  SATA Phy Event Counters log
0x30       GPL,SL  R/O      1  IDENTIFY DEVICE data log
0x80-0x9f  GPL,SL  R/W     16  Host vendor specific log
0xa0       GPL,SL  VS      16  Device vendor specific log

SMART Extended Comprehensive Error Log Version: 1 (1 sectors)
No Errors Logged

SMART Extended Self-test Log Version: 1 (1 sectors)
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%      6100         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
  255        0    65535  Read_scanning was never started
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

SCT Status Version:                  3
SCT Version (vendor specific):       256 (0x0100)
Device State:                        SCT command executing in background (5)
Current Temperature:                    40 Celsius
Power Cycle Min/Max Temperature:     40/40 Celsius
Lifetime    Min/Max Temperature:      0/70 Celsius
Under/Over Temperature Limit Count:   0/0

SCT Temperature History Version:     3 (Unknown, should be 2)
Temperature Sampling Period:         1 minute
Temperature Logging Interval:        1 minute
Min/Max recommended Temperature:      0/70 Celsius
Min/Max Temperature Limit:            0/70 Celsius
Temperature History Size (Index):    128 (0)

Index    Estimated Time   Temperature Celsius
   1    2024-03-27 14:25     ?  -
 ...    ..(125 skipped).    ..  -
 127    2024-03-27 16:31     ?  -
   0    2024-03-27 16:32    40  *********************

SCT Error Recovery Control:
           Read: Disabled
          Write: Disabled

Device Statistics (GP/SMART Log 0x04) not supported

Pending Defects log (GP Log 0x0c) not supported

SATA Phy Event Counters (GP Log 0x11)
ID      Size     Value  Description
0x0001  2            0  Command failed due to ICRC error
0x0002  2            0  R_ERR response for data FIS
0x0003  2            0  R_ERR response for device-to-host data FIS
0x0004  2            0  R_ERR response for host-to-device data FIS
0x0005  2            0  R_ERR response for non-data FIS
0x0006  2            0  R_ERR response for device-to-host non-data FIS
0x0007  2            0  R_ERR response for host-to-device non-data FIS
0x0008  2            0  Device-to-host non-data FIS retries
0x0009  2            2  Transition from drive PhyRdy to drive PhyNRdy
0x000a  2            2  Device-to-host register FISes sent due to a COMRESET
0x000b  2            0  CRC errors within host-to-device FIS
0x000d  2            0  Non-CRC errors within host-to-device FIS
0x000f  2            0  R_ERR response for host-to-device data FIS, CRC
0x0010  2            0  R_ERR response for host-to-device data FIS, non-CRC
0x0012  2            0  R_ERR response for host-to-device non-data FIS, CRC
0x0013  2            0  R_ERR response for host-to-device non-data FIS, non-CRC

stephenw10

Hmm, that error sure looks like a bad drive. But it could be some low level compatibility issue with the drive controller.

dlucas46

@stephenw10 said in pfSense on Watchguard M370:

Hmm, that error sure looks like a bad drive. But it could be some low level compatibility issue with the drive controller.

I have ordered a brand new 120GB MSATA and a 120GB 2.5" SSD.
As both of the MSATA drives I have tried are second hand I have no history and can only go by the data.

Odd thing that the smart data says healthy but I have seen a nearly dead drive reported as good before, so I always take the results it gives with a pinch of salt.

If I had an MSATA adapter I could try testing the drive on another machine but the M370 is the only MSATA device I have.

stephenw10

Mmm, I've got an m.2 SATA drive here that behaves similarly. It usually allows an install but throws errors continually. Shows as good in tests, though with a lot of ware. I wouldn't trust it with anything vaguely important! Odd to see the same on two drives though.