WatchGuard x750e Hard drive install

stephenw10

Success! :D but weird behaviour. :P

Ok so I have an X750e that can, reliably and repeatedly, boot from a HD connected via the rear drive bay caddy connector.
Here's what I did:
Put the drive in a laptop and boot the laptop from the pfSense 2.0.1 i386 install CD.
Select straight to install and the prompt (I), choose the default settings for everything and the SMP kernel (the standard kernel).
Boot the laptop into pfSense and setup one interface sufficient that you can reach the webgui.
In the webgui enable serial port console in System: Advanced: Admin Access:
Could you do those steps from the CLI negating any hassles with laptop NICs? Probably.
Shut down the laptop and tranfer the drive to the Watchguard box.
In order for the drive to boot at all it must be set as slave using the drive jumpers. Cable select doesn't work.
There must be a CF card in the slot. I used a random <512MB card. I haven't tried a larger card.
In the bios set everything on both drives to auto and make sure harddisk boot priority is set to the detected slave HD.
Boot the box. You will see that the green 'Storage' LED stays lit far longer than usual.
Now here's the weird part: you must select verbose boot (option 6) at the menu. The default boot won't correctly detect the HD as ad1.
When it fails at the mountroot> enter ufs:/dev/ad1s1a
The box should boot correctly from here, mine does.
When it has booted you must edit /etc/fstab and change the references to ad0 to ad1. You can do that either via the edit file page in the webgui or from the command line using: ee /etc/fstab (or vi if you're a masochist).
In order to make it boot verbose every time you need to add boot_verbose="1" to /boot/loader.conf.local. You can do it easily from the command line:

echo 'boot_verbose="1"' > /boot/loader.conf.local

Having done those steps my box boots from the HD every time but I'm at a loss to explain why. :-
This may be a clue: http://forums.freebsd.org/showthread.php?t=20693
I think there are two separate quirks at work here: buggy bios and FreeBSD weirdness.
It's quite possible you could remove the CF card and set the drive as master as long as you have to right CHS settings. My drive initially booted when the BIOS still had the previous settings for a 4GB CF card. It seems possible that it will boot any drive as long as it appears less than 512MB.

Steve
I am using a Toshiba 20GB drive, MK2018GAP.

wallabybob

@stephenw10:

Having done those steps my box boots from the HD every time but I'm at a loss to explain why. :-\

It might not be relevant but due to the extra console output a verbose boot will proceed more slowly than a standard boot, possibly giving more time for hardware to get into the state anticipated by software.

Maybe the kern.cam.delay boot variable could be used to accomplish the same result.

stephenw10

Good suggestion, didn't work. ::)
I was quite confident but no dice.
More research needed.

Steve

CaseyBlackburn

It's been awhile since I've done this and when I did it was still just 1.2.3 version. Really the easiest and less modification needing is if you can attach a CD drive and a video card/serial console and install it directly from the Firebox.

stephenw10

Most X-Core-E boxes do not have the IDE header populated as far as I know. 1 out of 4 I've looked in.

Here's the dmesg.boot from a successful boot for anyone looking for clues.

Steve

dmesg.boot.txt

Sacrilegious

Hi Steve,

Thanks for this I will have a go tomorrow, and let you know how it goes.

@stephenw10:

Success! :D but weird behaviour. :P

Ok so I have an X750e that can, reliably and repeatedly, boot from a HD connected via the rear drive bay caddy connector.
Here's what I did:
Put the drive in a laptop and boot the laptop from the pfSense 2.0.1 i386 install CD.
Select straight to install and the prompt (I), choose the default settings for everything and the SMP kernel (the standard kernel).
Boot the laptop into pfSense and setup one interface sufficient that you can reach the webgui.
In the webgui enable serial port console in System: Advanced: Admin Access:
Could you do those steps from the CLI negating any hassles with laptop NICs? Probably.
Shut down the laptop and tranfer the drive to the Watchguard box.
In order for the drive to boot at all it must be set as slave using the drive jumpers. Cable select doesn't work.
There must be a CF card in the slot. I used a random <512MB card. I haven't tried a larger card.
In the bios set everything on both drives to auto and make sure harddisk boot priority is set to the detected slave HD.
Boot the box. You will see that the green 'Storage' LED stays lit far longer than usual.
Now here's the weird part: you must select verbose boot (option 6) at the menu. The default boot won't correctly detect the HD as ad1.
When it fails at the mountroot> enter ufs:/dev/ad1s1a
The box should boot correctly from here, mine does.
When it has booted you must edit /etc/fstab and change the references to ad0 to ad1. You can do that either via the edit file page in the webgui or from the command line using: ee /etc/fstab (or vi if you're a masochist).
In order to make it boot verbose every time you need to add boot_verbose="1" to /boot/loader.conf.local. You can do it easily from the command line:
echo 'boot_verbose="1"' > /boot/loader.conf.local
Having done those steps my box boots from the HD every time but I'm at a loss to explain why. :-
This may be a clue: http://forums.freebsd.org/showthread.php?t=20693
I think there are two separate quirks at work here: buggy bios and FreeBSD weirdness.
It's quite possible you could remove the CF card and set the drive as master as long as you have to right CHS settings. My drive initially booted when the BIOS still had the previous settings for a 4GB CF card. It seems possible that it will boot any drive as long as it appears less than 512MB.

Steve
I am using a Toshiba 20GB drive, MK2018GAP.

Sacrilegious

Steve, wallabybob you have been complete gents this is now up and working :-) thank you.

I have quietened it down with WGXepc, i have a sort of working LCD display though it doesn't seem to be controllable but it looks better than "booting watch os",

Regards Neil

stephenw10

Excellent. :)

Steve

stephenw10

Just to follow up here I had some time to run a few further tests this afternoon.
I have found:
The bios will boot from a hard drive or CF card that is set as master as long as it sees it as less than 512MB. When I say boot I mean it correctly passes the address of the MBR to the processor and the pfSense (or whatever) bootloader is run.

pfSense will not be able to correctly detect and mount root unless something resembling the correct geometry is passed to it. And then only when booted in verbose logging mode, which I still find just bizarre. :-\

The procedure I outlined earlier in this thread is the only way I have found to correctly boot pfSense on ans X-Core-e box.

It's strange because GEOM has not problem seeing and mounting rooting correctly from a large CF card even though you have to fudge the CHS figures to make it less than 512MB.

It would be very intersting to look inside a Watchguard SSL box (SSL100, 500 or 1000) to see how they did it. Those boxes have HDs but I'm unsure if they had a CF as well. They might have even had a fixed bios. ;)

Steve

ColinN

@stephenw10:

About the only other thing I am seeing commonly in FreeBSD problem threads are odd problems caused by a bad cable. How have you attached the drive?
Just a bad drive? That Hitachi must quite old by now. :-\

I think I'm going to have to pull out an old laptop drive and give this a go myself. I've only tried it once, it was a long while ago and I only did it as an experiment. I don't remember it being too difficult though.

Steve

I'm Currently running PFsense full install on an 80Gb HDD in an X750e with NO CF card installed.

here's the steps that i took to get the system running.

load spare 80Gb HDD into a laptop (used a HP NC6120)
load pfsense full 2.0.1 cd and boot from cd.
I was presented with an error on boot up to press R to enter recovery console or press I to enter installer mode.
Press I to enter installer mode. Pfsense installer launched.
select defaults for the VGA and Keyboard options.
select quick/standard install of PFsense. accepted defaults all way through.
selected embedded kernel. no VGA or keyboard.
Pfsense requires reboot after install. At this point shut down clean and power off laptop.
remove HDD from laptop and confirm that drive is set as master.

Flash bios as per Stephenw10's instructions. using X750eB6 bios image.
reset bios after flash via the cmos reset jumper on the board.
connect to firebox via serial cable 115000 8-n-1 no flow control.
press tab to enter bios and select the option to reset bios to defaults.
Shut down Firebox and install HDD
Power on Firebox and enter bios.
Select autodetect for HDD, and accept the findings. no changes made to heads or sectors.
at this point you can enter other parts of the bios and switch off devices that are not required, (eg com2 serial port parallel port etc)
DONT Disable com1 or you will loose your connection and will have to reset bios to defaults again to get back in.
Save changes and reboot box.

connect via com port at 115200 to confirm HDD detected
At PCI device listing change com port to 9600 8n1
let Pfsense boot as normal.
initial configuration done through serial, then via web configuration page.

Attached image showing storage devices attached to system.

hope this helps someone.

Colin

ugh.jpg_thumb

stephenw10

Ah interesting.
Differences I can see between what you did and what I did:
You used the embedded kernel, I used the standard (SMP) kernel.
You disabled stuff in the bios, I didn't.

I chose to use the standard kernel since most people who want to do a full install do so because they want to use all the packages. None of which are available with the embedded kernel. Why are you using a HD?

I may have to go back and test again. Thanks for your results.

Steve

ColinN

steve, i dont think the stuff that i disabled in the bios would make much difference, i only disabled the stuff that wasnt required like LPT1 and com2. guess its my old throw back to the old DOS days, trying to free up memory resources. As im new to freebsd i wasnt sure on how it managed its memory, even though i have 1Gb of ram installed in the box.

The reason i moved over to a HDD was that even though having a 16Gb sandisk CF card installed. i was running in to issues trying to load packages, i was attempting to run snort and dansguardian and the HVAP antivirus. but for some reason everytime HVAP would try and update it would overload the log files and use all the available memory and then crash the box.

Even though im using the embedded kernel, it looks like thier are more packages available, than what thier is on the nano CF card images. As i have noticed that freeswitch is now available for install. i will need to do a comparison between the nano and full installs to find out whats available, package wise that is.

Btw just seen the pic that you uploaded of your firebox setup. you need help ;D
im sure thier is bound to be a support group some of some kind for that kind of fixation lol.
do watchguard phone you up if they are looking for spares.

Colin

stephenw10

Ah. Well that's interesting about packages with the embedded kernel. I must be confusing it with the old (pre-nano) embedded install. :-\

It can't hurt to free up resources. Even if you have loads of ram that won't help when you run out of interrupts or I/O address space because some device is misbehaving.

The reason you were having trouble with HAVP is likely that it uses /tmp to download update to. In the Nano install /tmp is a ramdrive of a fixed size that can be exceeded. Having a larger CF card won't help. In fact anything over 4GB isn't used anyway unless you rolled your own image for 16GB. It is possible to set the size of /tmp larger though if you have sufficient memory.

Yes I need help. ::)
It started out that I wanted to use pfSense at home and looking for suitable hardware. I wanted as many interfaces as I could reasonably afford for maximum isolation between network segments and reading through the forums the Firebox seemed an ideal platform. I was looking at X500s and X700s and ebay for a while when the X6000 came up for very little money and I couldn't resist. Then after I got more involved on the forum people were asking questions about boxes I didn't have and they were so cheap on ebay I couldn't resist. Then I was addicted! ;D
Just a few weeks ago some XTM5 boxes sold for ~£100. It was all I could do to resist. That's just stupid cheap compared to a 7 interface firewall platform new.

Steve

ColinN

Ive just checked the amount of packages available on the full install with the embeded kernel. i have 87 packages available for install. i dont have the nano image running at the moment so cant do a direct comparison between the two. but thier is definitely more packages available.

Colin

stephenw10

I appear to have 82 available under Nano.

If you look at the list xml file: http://www.pfsense.org/packages/pkg_config.8.xml there are 6 packages marked 'noembedded':
pure-ftpd
ntop
FreeSWITCH
FreeSWITCH Dev
Lightsquid
phpSysInfo

Clearly I've misunderstood quite what the embedded kernel provides. :-\

Steve

ColinN

steve

I've Just been playing about with the PHPsysinfo package, it looks quite good at reporting back some of the data from the box regarding temps and disk/memory usage. it looks like thier might be an issue with the package reading the fan data back, but i think that might just be due to the monitoring chip in the box. The speeds reported are way out. i have your WGXepc app running and have the fans throttled back to 20% of normal.

A couple of screen grabs attached of the PHPsysinfo report.

Colin

phpsys.jpg_thumb

ColinN

Forgot to attach the second screen grab.

phpsys2.jpg_thumb

stephenw10

Nice!
Yes the PWM employed by the SuperIO chip to control the fan speed completely screws the speed readout once you go below a certain level. Hex value BB I seem to recall. That's why you can't use a value below BB in the bios for the initial fan speed. The completely fictitious huge values crash the bios setup code.

Steve