Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Watchguard Firebox X Peak platform

    Scheduled Pinned Locked Moved Hardware
    155 Posts 18 Posters 111.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      charlie0440
      last edited by

      @stephenw10:

      I trying to buy a x8000 and have read the whole thread. Thanks for all the work steve.

      What is the best way to integrate Wifi into the firebox? I can see you have an antenna, what are the options ie USB or minipci? Model number of working devices would be appreciated. I don't mind modding the case but I have never done any soldering so hopefully none is needed.

      1 Reply Last reply Reply Quote 0
      • M Offline
        mmiller
        last edited by

        I have a x8000 and your only option is the minipci slot.  There is only one USB slot and it's a v1.0 or 1.1 not v2.0 USB.  You could try usb but get less than the 12 megabits of bandwidth you would be expecting.

        1 Reply Last reply Reply Quote 0
        • C Offline
          charlie0440
          last edited by

          So will this one work: Atheros AR5213A AR5004G Super G 108 Mbps Mini PCI Card.

          How do you attach an antenna to a minipci?

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            That should work ok although there are issues with the driver. I get the 'stuck beacon' report in the logs a lot if I'm on a busy channel.
            You need to use a short adapter cable to connect to the minipci card known as a 'pigtail'. I recovered the antenna and cable from an old access point.

            Steve

            1 Reply Last reply Reply Quote 0
            • C Offline
              charlie0440
              last edited by

              Thanks. Im gonna try this card: Atheros AR5008 (Model: AR5BMB-0072TA) plus it comes with the pigtail cables.

              My x8000 should arrive in the next few days.

              stephenw10: Noise is my concern I have a X700 sat here next to me and its LOUD. Do I need to replace the processor in the X8000 or can I leave the stock processor in and just change the heatsink fan. I read about your pin mod

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                The standard fans are loud!. The standard CPU, 2.8GHz P4, is a hot chip with a 70w TDP. Also it has no power saving features which means it runs hot even though you almost certainly won't be using most of it's processing capacity.
                There are loads of compatible processors available for almost nothing that use less Watts. It's worth trying something cooler if you are fitting slower fans. Although I ran the original CPU and it wasn't running too hot with slower fans but I wasn't stressing it.

                Steve

                1 Reply Last reply Reply Quote 0
                • S Offline
                  sevilla
                  last edited by

                  Im using X1250e and bought a 4GB CF and tried to install it pfsense 2.0. I cant get signal from console. Its appears the CF isnt recognized. I tried from 512 CF with the same version (512MB version) and all works well.

                  Any idea?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    The X1250e is not the X-peak platform, it's X-e a later model.
                    It's the same hardware as the x550e, x750e etc.

                    In order to boot from a CF card larger than 256MB you need to make some adjustments in the bios.
                    See the x550e thread, here, for a huge ammount of information!

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • W Offline
                      WGFX5000
                      last edited by

                      Watchguard Firebox X5000 Motherboard Diagnostic LED: D3 and D4 Green, D5 Red
                      LCD Flashing But Nothing On It.
                      System Can't Boot.

                      What's the problem of the hardware?Please Help

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Hmm, it's been a while since I took the cover off mine but I don't remember it having any diagnostic LEDs.
                        Are you sure you don't have an X5500e?
                        I'll look tomorrow.

                        Steve

                        Edit: Wait are they next to the CF card?

                        1 Reply Last reply Reply Quote 0
                        • W Offline
                          WGFX5000
                          last edited by

                          Model:X5000

                          LED.jpg_thumb
                          LED.jpg
                          ![Motherboard Model.jpg_thumb](/public/imported_attachments/1/Motherboard Model.jpg_thumb)
                          ![Motherboard Model.jpg](/public/imported_attachments/1/Motherboard Model.jpg)

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            shanon
                            last edited by

                            Thanks Steve for your response on the X700 thread.

                            I haven't made any further progress on my issue with the X8000 at this stage, but I have been ordering up some diagnostic equipment (POST diagnostic card, MINI PCI VGA adapter.  Also a flash programmer / spare chips soon).

                            I have nil BIOS development experience, but I'm certainly willing to give it a go, should I get some spare time.  I've had a look at coreboot (one of the open source BIOS firmware efforts) and at first blush there seems to be a better-than-even chance that I could get something out of it.  There's also serial console redirection for most embedded SuperIO chipsets!

                            I don't expect that the issue will be with the size of the bootable partition or the size of the CF card, however that's something I'd like to experiment with further.

                            I had also pondered doing a firmware upgrade from the GUI… I'll likely give that a go over this coming weekend on a spare CF card.

                            I've also compared sector 0 between the original WG installation, v1.2.3RC1 and newer versions.  There's not much evident yet -- all end with the MBR signature 0x55AA.  There are three different sets of boot code, and different partition layouts.  Perhaps the only thing that could be said for the non-working examples at the moment is that the first primary partition is the bootable one, and partitions start on head # > 0.  I haven't de-compiled the code yet, but I'm wondering if the early stages of each bootloader may be using different CHS or LBA addressing?

                            Final piece of speculation for tonight: if I remember correctly, before I put back the lid, the label indicated that my BIOS was v1.1.  I think I've seen a label with v1.2 photographed on this forum... perhaps leading credence to a theory that there are different BIOS firmware versions in the wild with slightly different defaults?

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              The BIOS in the Watchguard box is far more complex than a standard bios. However most of the extra functionality it provides is not necessary to run pfSense.
                              For example the Watchguard BIOS:

                              • Has code to drive the LCD and read the keypad.
                              • Can choose to boot different things depending on the keypad status
                              • Has a complete copy of RedBoot built into it for restoring the OS remotely.

                              Clearly none of that is required for pfSense.
                              I looked at CoreBoot a few times but without external eprom equipment it looked too risky.
                              I don't think the serial port uses the SuperIO chip (though there are ports on that) it's using the built in ports on the ICH chip 6300ESB. Looking at a datasheet I could be wrong.

                              Just having two different bios versions would be interesting.
                              What is yours listed as?
                              You can see in the first post here that mine is 10/21/2004.

                              Steve

                              Edit: Actually I think you're right, it's on the SuperIO chip:

                              
                              sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
                              sio0: type 16550A, console
                              

                              I must be getting confused with the X-e box.  ::)

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S Offline
                                stephenw10 Netgate Administrator
                                last edited by

                                @WGFX5000

                                Clearly they should all be green before it boots up.
                                There is no public documentation to explain what the LEDs do so it's a guessing game. I can try to look at the boot sequence to see when D5 should turn green.
                                If there is nothing at all on the display then it's not running the bios code (or the display is broken!). In order to run the code it must have a CPU, some RAM and the correctly programmed bios eprom.
                                Try reseating the CPU and RAM.

                                Steve

                                1 Reply Last reply Reply Quote 0
                                • S Offline
                                  shanon
                                  last edited by

                                  @shanon:

                                  I had also pondered doing a firmware upgrade from the GUI… I'll likely give that a go over this coming weekend on a spare CF card.

                                  Well, due to a busy week at work and a number of recent lock-ups, I haven't been able to try an upgrade. I suspect one cap of leaking electrolyte and have also had a bit of a thermal issue with the Scythe replacement fans partially failing in the middle of summer.

                                  Earlier in the week I was able to dump the BIOS firmware in-place via the firmware hub using a BSD port of the flashrom program.  Haven't had a chance to analyse the file with any particular tool, though, as there wasn't anything quickly to hand for my Mac or Windows machines.  Not sure what the build date on the firmware is, however I did check (and pull-up to confirm flash chip part no.) the stick-on label.  It did say V1.21 after all.  'strings' didn't find any date in ASCII format, but a quick glance at the dumped image file suggests it intact, and I'll probably load some tools up in a virtual machine in the coming days to delve further.

                                  I'm awaiting arrival of a few parts to debug further – I'll report back any significant findings.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    You can open it and poke around in the menu settings with modbin6 in DOS/Windows. It doesn't give access to anything really interesting though. For that you probably need a decompiler and a lot of patience!

                                    Have you ever read this: http://sites.google.com/site/pinczakko/pinczakko-s-guide-to-award-bios-reverse-engineering

                                    I've tried to a number times!  ::)

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      power_matz
                                      last edited by

                                      Hi,

                                      I am trying to use the other NIC's of my FireBox as normal Ethernet ports like the ones of a switch/hub.

                                      E.g: my LAN port is port 1, port 0 is WAN. The other ports (2 - 5) should all be the same like the LAN port.
                                      I found some threads where these ports are "bridged" together. Is this the right way?
                                      But then I have difficulties with the DHCP server for example.
                                      Or is it even more simple???

                                      Does anyone here is using the spare ports of a watch guard like I want it to do?

                                      Matthias

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Yes, you have to bridge the ports together to use them like that.
                                        The procedure changed slightly between 1.2.3 and 2.0 so I'm not entirely sure but from memory:
                                        You create a bridge interface and then add to it all the interfaces to be bridged. Then you use the bridge interface for your firewall rules and DHCP server.

                                        However you need to be aware that when you do this all traffic flowing between ports on the bridge is screened and filtered by pfSense so it puts a high load on the CPU compared to an external switch.

                                        http://doc.pfsense.org/index.php/Interface_Bridges

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • P Offline
                                          power_matz
                                          last edited by

                                          Thank you for your answer.
                                          Do you know if this will work also with VLANs and the IGMP proxy?

                                          1 Reply Last reply Reply Quote 0
                                          • S Offline
                                            shanon
                                            last edited by

                                            Thanks for the link Steve, hadn't read it.

                                            I have a bit of experience in debugging x86 code.  I'm okay with assembly / dis-assembly, but haven't tackled anything near as complicated as reversing a full BIOS.  Time will likely be my biggest enemy, but I'm keen to go at least a little further with this.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.