[As Good As Solved!] Watchguard Firebox Arm/Disarm LED

iFloris

Good guess!  ./writeio 0x408f 19 turns the led green without blinking.

Edit: Seeing as you now know how to turn the led green on both the x peak and x core devices, perhaps someone can help you with building a package for everyone using a flavor of the firebox?

stephenw10

@iFloris:

Edit: Seeing as you now know how to turn the led green on both the x peak and x core devices, perhaps someone can help you with building a package for everyone using a flavor of the firebox?

That's the long term plan. Hopefully we can also include the lcd driver so we can have a single package for Firebox users that doesn't get broken every time you update.

It seems like we're missing something here though. The control is very different to the other two boxes.
Can you tell me what the out outs of these are:

./readio 0x409a
./readio 0x409b

Do you have bios access to your box? You can set the initial led status in the bios on the X-core. I can't remember what you could set it to but it was a load of different settings. We should be able to get, at least, all of those.

Anyway it seems like we are mostly victorious!  ;D

Steve

iFloris

Nice, but strange that the control is so very different.
Output for the commands is:

[2.0-BEAT5][admin@firebox1.domain]/etc/rc.d(3): ./readio 0x409a
Reading 409a :4
[2.0-BEAT5][admin@firebox1.domain]/etc/rc.d(4): ./readio 0x409b
Reading 409b :0

And no, I don't have access to the bios.
It has been at least ten years since I touched a pci video card..

stephenw10

Clearing out some stuff over the weekend I found an ISA video card!  Couldn't bring myself to dispose of an antique like that.  ::)

Hmm, 00 04 indicates that none of the gpios are set to flash, yet they are flashing….

@iFloris:

./writeio 0x408f 0x03 does the same, but turns the led back to red.

When you said that did you mean just fast flashing red or did you mean flashing red then green?

With the led set to green solid (0x408f = 0x19) try setting 0x409B to 0x10. It should make the led flash slowly (about 1Hz) but it may be between green and (some other state!).

Steve

iFloris

@stephenw10:

When you said that did you mean just fast flashing red or did you mean flashing red then green?
With the led set to green solid (0x408f = 0x19) try setting 0x409B to 0x10. It should make the led flash slowly (about 1Hz) but it may be between green and (some other state!).

OT: ISA, amazing! I think the only time I ever had anything to do with ISA was when I tried to upgrade my (then modern!) 386.

But I digress. What I meant by the same but ted was that the led flashed as fast as when it was green, but that it was the red led that was flashing.
So just red flashing.

./writeio 0x409B 0x10 results in slow (1 second/Hz) flashing, alternating between red and green (as you thought it might).

To iterate what we've found so far:

./writeio 0x408f 0x11    - turns the led green and blinks (fast)
./writeio 0x408f 0x03    - turns the led red and blinks (fast)
./writeio 0x408f 19      - turns the led green without blinking
./writeio 0x409B 0x10  - turns the led green and blinks (slowly)
./writeio 0x0408f 0x09  - turns the led red without blinking

Is that correct?
And does this give us the means to control the led completely, or is there something else that we need to test?

stephenw10

That looks correct.
Since 0x03 and 0x01 are the same it appears the other two gpios do not have any function for the led.

One weird thing is that there's no 'off'. As I said in an earlier post I think that Watchguard probably used a software method to flash the leds since they have fast and slow flash on all the boxes. However to do this you would need an off state to switch to.

I can certainly plug those numbers in my program and we will then have control via an easy to use command line.
Something tells me we're missing something though. This is definitely different to the other boxes where the gpios control the led directly, here we seem to be talking to some intermediate piece of hardware.

Steve

stephenw10

Here is the new program incorporating all the new values for the X-Core.
Obviously rename it WGXepc (remove the .png extension). Copy it to your box and chmod it to 0755. Run it!  ;D

Because the new memory locations were quite high I felt it would be dangerous to simply write all the values on every box, which is what the previous programs did. This new one tries to find out which Firebox model it's running on by reading the gpio_sel register and comparing it with known values. It works fine for me here on the three boxes I've tested it on but I don't have an X-Core and I can imagine that a different bios version might cause detection problems. Deal with that if it happens. Hopefully this might stop people randomly installing it on any box and messing with some important setting!  ::)

It seems to run fine on 1.2.3 and 2.0Beta5.

Steve

Edit: Now tested as working on the X-core boxes and under 2.0RC2

WGXepc.png

jimp

For bonus points, convert it to an led(4) driver :-)

http://www.freebsd.org/cgi/man.cgi?query=led&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&format=html
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/dev/led/

See also: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/i386/i386/geode.c

fastcon68

will this work on the embedded version 1.2.3?
RC

stephenw10

It should work fine with any install type.
I've tested it with NanoBSD installs of 1.2.3-release and 2.0Beta.

Steve

brcisna

stephenw10.

I been trying to follow this thread as of late. I am a bit confused on WG FB hardware versioning? Will your proggy work on an x550 WG FB?
If so,Ill give it a spin in a couple days and post a report.

Thanks,
Barry

stephenw10

I'm assuming you mean the X550e right?
If so then yes it should work fine. I used the X750e to test it and that's the same box but with a 4 port add on card.
You get all the functions on that box.

Steve

Edit: Just to add, if you have an unusual Firebox then it probably won't be detected as a Firebox and the program will just exit. Even if it happens to have the gpio_sel register set in such a way that it is detected as a Firebox the likely result is that nothing will happen. Even if, in a bizarre coincidence, there is something present at the gpio being altered it all gets reset by the bios at boot time so you can just turn it off and on again.  ;D

iFloris

Sorry for the delay.

I've tried the program and it seems to work!

[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(15): chmod 0755 WGXepc 
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(16): ./WGXepc
Found Firebox X-Core
WGXepc Version 0.3 17:2:2011
WGXepc can accept two arguments:
 -f (fan) will return the current fan speed or if followed
    by a number in hex, 00-FF, will set it.
 -l (led) will set the arm/disarm to the second argument:
    red, green, red_flash, green_flash, off
Not all functions are supported by all models
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(17): ./WGXepc -l green
Found Firebox X-Core
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(18): ./WGXepc -l red
Found Firebox X-Core
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(19): ./WGXepc -l red_flash
Found Firebox X-Core
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(20): ./WGXepc -l green_flash
Found Firebox X-Core
[2.0-BETA5][admin@firebox1.domain]/etc/rc.d(21): ./WGXepc -l green
Found Firebox X-Core

The commands do what they are supposed to, and response is immediate.

stephenw10

Excellent!  ;D

brcisna

stephen,

I will have to look at my WG FB. I am thinking mine is not the 'e' suffix? Doesn't the 'e' suffixed WG FB's have the gigE ethernet?
Mine only has 10/100 nics in it. I should know what the model is too?:(.
Won't know for a couple days,when I get back to work. I'll give your prog a spin regardless and report.
I guess,I'm not real clear. Does your prog do the 'native' green to red routine at bootup,when everything is up, ,or is it simply capable of you manually toggling the led to do whatever you want it to?

thanks,
Barry

stephenw10

Hmm, x550 no e?
Be interesting to see if it detects it.
At the moment the program is 'manual' only.
It's easy to put a bash script in /usr/local/etc/rc.d to make it go green at the end of boot.

Steve

Edit:
I can't find any mention of the x550 on Watchguard's website, but a lot of the good information is hidden away. The models I haven't yet any gpio information on are:
X-Peak-E; almost certainly the same as the X-Core-E but with more ram, faster CPU and vpn card.
SSL-100; looks like an X550E with different software, maybe an encryption card, 2GB ram!
SSL-500/1000; also same as X550E.
SSL-Core; looks like an X-Core but has different software using the harddisk bay!

All the other newer models are still way too valuable to show up on Ebay!  ::)

Edit: X-Peak-E confirmed working. Same board as the X-Core-E.

brcisna

stephenw10,

I miscombobulated on the model number. My FB is x500 ( no 'e').
I believe this is/was the first generation 1u cased FB. It has the 1.2GHZ celeron cpu,FYI.
I would guess the mobo is significantly different than the board you were testing on.
The second gen 1u cased FB's were numbered x550e,x750e,etc,I believe the 'e' designates gigE nics?
In three-four days ill down your code and try it on this box and file a report,,,:)
FWIW. This simple box does handle two 3mb up/down connections with about 350 pc's and 1000 users,(possible)
Using squid,squidGuard,Lightsquid, load balance,failover.

Take Care,
Barry

stephenw10

X500 (all the X-Core boxes) have been confirmed working. No off mode for the led for some reason.

Steve

hmeister

@stephenw10:

Here is the new program incorporating all the new values for the X-Core.
Obviously rename it WGXepc (remove the .png extension). Copy it to your box and chmod it to 0755. Run it!  ;D

Because the new memory locations were quite high I felt it would be dangerous to simply write all the values on every box, which what the previous programs did. This new one tries to find out which Firebox model it's running on by reading the gpio_sel register and comparing it with known values. It works fine for me here on the three boxes I've tested it on but I don't have an X-Core and I can imagine that a different bios version might cause detection problems. Deal with that if it happens. Hopefully this might stop people randomly installing it on any box and messing with some important setting!  ::)

It seems to run fine on 1.2.3 and 2.0Beta5.

Steve

Steve - what syntax do I use when I copy this to the /tmp dir. to run this? (yes-will rename it first!)
thx
H.

stephenw10

You can use the upload feature in the web gui to copy it /tmp. However /tmp only exists in memory so you have to move it somewhere else if you want it to survive a reboot.
It's up to you where you put it but /usr/local/bin seems good. Since you are running a full install you shouldn't have any problems with a read-only filesystem.
You can use WinSCP (if you're running Windows) to copy the file directly to /usr/local/bin.

Then you can put a script in /usr/local/etc/rc.d that runs on startup.
Here's mine, called WGXepc.sh

#!/bin/sh
#
/usr/local/bin/WGXepc -l green

Steve

Edit: And make sure the file permissions are set to 0755 or it won't run. You can do this from WinSCP or from the command line:

chmod 0755 /usr/local/bin/WGXepc