Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Watchguard Firebox X Peak platform

    Scheduled Pinned Locked Moved Hardware
    155 Posts 18 Posters 111.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mericksonj
      last edited by

      Steve,

      Have you been able to use the USB port for anything fun/useful?  I was thinking something like a thumb drive with an BSDNANO (since I'm running with HDD) but I think the Mobo has to support it first.

      I also used my mni PCI slot for a crypto chip from an X700 I bricked, so a USB WLAN would be interesting..  maybe even try to get my 3G Mifi (verizon) connected to it for a secondary WAN connection.

      –James

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        I tested it with a Belkin ethernet adapter I had to hand, I was recognised and came up as an interface no problem. Interestingly it was shown in dmesg as being connected to a USB 1 controller so the port on the front may be limited to 11Mbps. Or it maybe just a usb1 device, needs futher testing. There are certainly a number of usb conrollers in the firebox. Just next to the usb port on the board is what looks like another usb header with pins, could be interesting for internal usb.
        There are options for USB booting in the bios (fdd,hdd,zip,ls120,cdrom). Maybe I'll pull out my usb zip drive! :D
        By default it's set to try other boot devices so you could be in luck although it will try floppy, hdd0 and ls120 first.

        Do you actually use the crypto card? The one that's built in is way more powerful but there's no drivers.  :'(

        Steve

        1 Reply Last reply Reply Quote 0
        • M Offline
          mericksonj
          last edited by

          I haven't set up any encryption services on the box yet (it's still in staging process until I get a kid's room painted and the storage room cleaned out). I do have some hopes that the X700 crytpo card will work however.  It shows up in the Dmesg and I have run some tests with openssl as was described in one of the stickied forums here..  so as long as IPsec or whatever uses the correct engine it should use the crypto card without a problem.

          Zip drive huh?  ugh..  i used to work in the plant that made those disks..  ::Grin::  well good luck with that.. hope you haven't developed the "click of death" in storage.

          –James

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            The idea of going back something that big that only hold 100MB seems ridiculous, yet I remember when I first got a zip drive it was the answer to all my storage problems.  :P
            The Saftenet 1141 from the X-core is working just fine and is supported by the safe(4) driver unlike the 1841 in the X-peak. But check out the difference in performance:

            SafeXcel 1141
            IPSec Performance
            • 268 Mbps sustained ESP (AES,
            SHA-1, 1500 byte packets)
            • 160 Mbps sustained ESP (3-DES,
            SHA-1, 1500 byte packets)

            SafeXcel 1841
            IPSec Performance
            • Sustained ESP: SPI-3 (data) + EMI (SA)
            AES/SHA-1:
            2.0 Gbps (1500-byte packets)
            1.9 Gbps (350-byte packets)
            1.2 Gbps (64-byte packets)
            • Sustained ESP: PCI-X (data) + EMI (SA)
            AES/SHA-1:
            1.3 Gbps (1500-byte packets)
            900 Mbps (350-byte packets)
            510 Mbps (64-byte packets)

            Need to get onto the safe(4) maintainer with some bribes!

            Steve

            1 Reply Last reply Reply Quote 0
            • M Offline
              mericksonj
              last edited by

              Nice.

              Of course the 1141 fits my setup just right, no GigE on my network, but if this driver ever gets updated, I'll all over it!

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by stephenw10

                My poor knowledge of USB is being shown up badly!  :-[

                I can't make it boot from a usb flash. The same stick boots in my shuttle fine, similar bios different chipset though. But I did have to set the bios manually to USB-HDD.

                Important to note that the USB connector is recessed in the facia and a lot of things won't go into it properly. I had use a USB extension cable for everything that didn't have a cable connection.

                Looking at dmesg it would seems that the board has 3 usb controllers, 6 ports in total. uhub0 and uhub1 are USB1 and uhub2 is USB2. I'm pretty vague on this. However here is some output generated by plugging and unplugging stuff from front USB port.

                [root@pfSense.local]/root(2): unknown: at uhub2 port 1 (addr 2) disconnected
                
                aue0: <admtek 0="" 2="" usb="" to="" lan="" converter,="" class="" 0,="" rev="" 1.10="" 1.01,="" addr="">on uhub0
                miibus7: <mii bus="">on aue0
                acphy0: <acxxx 10="" 100="" media="" interface="">PHY 1 on miibus7
                acphy0:  100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
                aue0: Ethernet address: 00:05:1b:00:52:fc
                
                [1.2.3-RELEASE]                                                                
                [root@pfSense.local]/root(2): aue0: at uhub0 port 1 (addr 2) disconnected
                aue0: detached
                acphy0: detached
                miibus7: detached
                

                The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.

                More reading needed!  ;)

                Steve

                1 Reply Last reply Reply Quote 0
                • W Offline
                  wallabybob
                  last edited by

                  @stephenw10:

                  The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.

                  USB controllers capable of USB 2 speeds (480Mbps) automatically switch devices to different hubs depending on the speed capability of the device (480Mbps or 12Mbps).

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    Ah. Thanks!  :)
                    I knew it would be something like that but I couldn't find it.
                    Conclusion: the usb port on the front of the firebox is capable of USB2 speeds.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      Yeh, I have bios access!  ;D
                      I have concluded that the console redirect portion of the bios code in my firebox was so buggy it's unuseable. Certainly Watchguard never intended it to be used or they would have enabled it by default. Of course it could still be a number of bad cables. Anyway I was investigating the posssibility of adding usb port with an internal header. What I originally thought was USB turns out to be a PS2 header, under the ribbon cable to the LCD board. I have labled it in the photo on the first page of this thread, CN24. It is a standard pinout (I pulled a cable out of an ancient PC and was already wired correctly) as detailed in the other threads on the forum:

                      @jjgoessens:

                      7            1
                       –------------
                       ! o            o !
                       ! o   o   o   o !
                       --------------
                         8   6   4   2

                      pins 3 and 5 doesn't exist!

                      here is the wiring between firebox and PS/2:

                      Firebox        PS/2

                      1 : CLK ----- 5
                      2 : GND
                      4 : DATA-----1
                      6 : nc
                      7 : GND------3
                      8 : +5VDC---4

                      Anyway I didn't think this would work but it seems that if you can get into the bios via the console you can still use a keyboard attached to the PS2 port. I would have thought it would only accept input from the serial console. So now I can view the bios via the serial console whilst operating the attached keyboard, great. ;D

                      Some interesting things reveal themselves:
                      The values in the PC Health Status screen exactly match those shown by mbmon.
                      The system is set to boot hdd-0 then hdd-1 and nothing else.
                      It's not possible to enable ACPI as the entire power management section of the bios is disabled.
                      There is no possiblity to alter the CPU voltage or frequency.

                      I did try setting the bios to boot from USB-HDD but still couldn't boot it from my USB flash drive.

                      Anyone else with an X-peak care to post which bios version they have? Anyone got anything newer than 10/21/2004?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        I have modified the bios again to enable the power management setup menu. By default everything is disabled, HDD spindown, suspend mode etc.
                        I enabled ACPI. Now it won't boot.  ::) It seems to stall at 'Starting device manger (devd)….'. It doesn't hang as the system still returns information with Ctrl-T. This seems like the exact behaviour described for the Alix single port boards described here. Unfortunately although the thread is marked solved the solution is to disable ACPI!  >:(
                        Same behaviour with pf2 beta.

                        It seems as though it is possible to adjust the cpu frequecy (presumably FSB) from 100 to 132 but it seems to have no effect on the processor speed.

                        Still haven't manged to make it boot from USB. It looks as though it doesn't power up the ports untill after it has POSTed.

                        Investigating the internal USB ports, or lack thereof, there is what looks to be an unpopulated 9 pin usb header just behind the front usb port. Also there is a 5 pin header just next to that that seems to have data tracks coming from the same place. Unfortunately the data lines for all four ports pass through a row of components marked CK1 to CK4 or which only CK4 is present connecting up the front port. Not sure what they are, isolators perhaps? There are other headers to ivestigate

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by stephenw10

                          I'm no further with the usb headers (or any others) besides noting that J3 is almost certainly clear cmos.

                          I've been wanting to stress test my firebox since I have dramatically reduced the cooling and the CPU power.
                          After some looking I stumbled across cpuburn. It's a bit old so it's not optimised for anything modern, even the relatively old processors I'm using. It seems to do the job though and it's easy to use.

                          /etc/rc.conf_mount_rw
                          
                          pkg_add -r cpuburn
                          
                          /etc/rc.conf_mount_ro
                          
                          /usr/local/bin/burnP6 &
                          

                          This will install the package and run it i the background. I'm using the P6 burn but there are others for other CPUs.
                          Check that it's running with top:

                          74 processes:  2 running, 72 sleeping
                          CPU:  100% user,  0.0% nice,  0.0% system,  0.0% interrupt,  0.0% idle
                          Mem: 20M Active, 11M Inact, 35M Wired, 128K Cache, 29M Buf, 420M Free
                          Swap:
                          
                            PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
                          49772 root        1 118    0   132K    28K RUN     37:19 98.97% burnP6
                          48816 root        1  76   20  3656K  1360K wait     0:01  0.00% sh
                          23590 root        1  44    0  3316K  1240K select   0:01  0.00% apinger
                          28658 root        1  44    0  7996K  3568K select   0:01  0.00% sshd
                          

                          Keep an eye on the system temperatures:

                          [root@pfSense.localdomain]/root(13): /usr/local/bin/mbmon -I
                          
                          Temp.= 39.0, 27.5, 40.0; Rot.= 5672, 5443, 5232
                          Vcore = 1.15, 2.21; Volt. = 3.38, 5.03, 12.10, -12.04, -0.67
                          

                          As I've said before I don't think the actual cpu core temp is listed here. I'm pretty sure that T1 and T2 are both system/chipset sensors as they get hotter if you remove the case (reducing the airflow across the board). T2, although obviously miscalibrated, could be cpu as it rises when you run cpuburn and it tracks the heatsink temp. I have a thermocouple on the cpu heatsink and it seems to have leveled off at 40°C. I'm quite happy with that especially because under 'normal' conditions the cpu usage barely registers!  :D

                          Steve

                          Update: I ran it today for 6 hours with the cpu pegged at 100%, the heatsink got up to 41°C at one point but the room temperature fluctuated a little. Also the power meter shows the firebox draws 37W at idle and 51W at 100% cpu.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Edit: Anyone reading this: These are instructons are old and overly complex. See this post for a simpler updated solution.

                            Mostly for my own benefit because I completely hosed my install messing about with ACPI and have to reflash my CF card.  ::)
                            Here's some concise instructions for installing the firebox lcd software.
                            Download the file with the driver, lcdd3.tar, from here (can't attach it to this post  >:()
                            http://sites.google.com/site/pfsensefirebox/home/lcdd3.tar?attredirects=0
                            Copy it to the firebox to /var/tmp. This is a folder that only exists in memory and gets wiped at boot. I used WinSCP.
                            Connect to the box (with putty via ssh or serial or whatever). Then:

                            
                            [root@pfSense.local]/root(2): cd /var/tmp
                            
                            [root@pfSense.local]/var/tmp(5): tar -xvf lcdd3.tar
                            x ./install-embed.lcdd.sh
                            x ./lcdd/
                            x ./lcdd/drivers/
                            x ./lcdd/LCDd.conf
                            x ./lcdd/lcdd.sh
                            x ./lcdd/lcdproc
                            x ./lcdd/LCDd
                            x ./lcdd/drivers/curses.so
                            x ./lcdd/drivers/sdeclcd.so
                            x ./lcdd2.tar
                            
                            [root@pfSense.local]/var/tmp(7): ./install-embed.lcdd.sh
                            
                            [root@pfSense.local]/var/tmp(8): cd /lib
                            
                            [root@pfSense.local]/lib(10): /etc/rc.conf_mount_rw
                            
                            [root@pfSense.local]/lib(11): ln -s libc.so.7 libc.so.6
                            
                            [root@pfSense.local]/lib(12): ln -s libkvm.so.4 libkvm.so.3
                            
                            [root@pfSense.local]/lib(13): /etc/rc.conf_mount_ro
                            
                            [root@pfSense.local]/lib(14): /usr/local/etc/rc.d/lcdd.sh
                            
                            

                            And it should all be working!  ;)
                            I have removed a few steps from the other instructions on the forum. I have included the newest driver in the tarball. I found I didn't need to alter the permisions of the install script.
                            I tested this on a fresh install of the embedded 1.2.3-release.
                            It will not work on 2.0 beta, I tried!  :P

                            Steve

                            Edit: It does work in 2.0 you have to sym link both libkvm.so.3 and libkvm.so.4 to libkvm.so.5

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              For completeness I just thought I'd add this picture of the hard drive caddy that the X peak was designed for.

                              It's from Watchguards demanufacturing instructions.
                              Anybody got one on their box? Anyone ever seen one?  :P

                              It'd be nice to have.  ;)

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • C Offline
                                CaseyBlackburn
                                last edited by

                                I've got one, so I have seen one and have one. It works nicely for me, I boot from a harddrive in it.

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Bah! Why haven't I got one?!  >:(

                                  I think you must be lucky. I've not seen another on the X peak. All the Cores seem to have them though.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • M Offline
                                    mericksonj
                                    last edited by

                                    Cores have a caddy blank, there's no connector or tapped holes for screws.  I don't think they ever made/sold an actual HDD upgrade for the X Core series..  interesting to see they have one for the x Peak.

                                    Also,  anyone found a good source for decom X Peak units besides ebay?  I'm looking for about 3-4 more…

                                    --J

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by stephenw10

                                      They went as far as publishing some instructions for fitting the drive in Core hardware. Notice there's no photo of an actual drive in them though. ::)

                                      I'd be amased if they had completely designed the caddy from scratch. I bet the case manufacturer has something similar for other clients.

                                      I suspect that, unfortunately, a lot of Watchguard hardware goes straight into landfill/recycling.  :'(
                                      It's probably just not worth the time and effort to re-sell them. You can see how much some people are trying to charge for them on Ebay. With no passwords for software that's worthless anyway!  :o

                                      Any possibility of finding your bios version?

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • M Offline
                                        mericksonj
                                        last edited by

                                        Does the Bios version show up in serial connection during normal bootup or anywhere else while running?  I can open it up easily if it's printed anywhere, otherwise, you'll have to show me how you managed to sneak a peek at it, If I remember correctly from following your posts, you used a special software on your CF?

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Unfortunately it doesn't show up in normal boot.  :(
                                          Even now that I have turned on console redirection I still have to press tab and delete wildly to get the post to show. If I press nothing I get a couple of AT commands, as if it's looking for a modem, and then it boots normally. You could try pressing tab and delete and see if anything happens. Reading back through my posts I never really tried very hard before I modified the bios, since I expected to see something without having to randomly hit keys.  ::)
                                          The only reliable method I found was to boot into Freedos and use a dos command, biosid. Of course once you have that you can also read the bios to a file and write a new one etc. I could send you an image of the CF card I used if you'e willing to try it.

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • M Offline
                                            mericksonj
                                            last edited by

                                            Sure I'm willing.  Thanks!  I have several CF I can use if it makes any difference,  64M 128M and 4G.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.