Watchguard XTM 5 Series

stephenw10

Yes you need a cable. The supplied cable is rj45 to rs232 (9pin) and I use an rs232 to USB adapter with it. I'm sure you could get a single cable that did it but using two is more versatile.

Steve

Hawk78

Well, i received my used XTM 505 unit with no cables. I will try to connect it to console…

The unit draws ~30W at idle. I'll remove the VPN acclerator card. What can i do to reduce power consumption and fan noise furthermore?
Are there any recommended silent fans ? Do I need all fans running?

stephenw10

The fans have thermal speed control by default but the minimum speed is quite high. The most recent version of WGXepc can reset it lower. I spent some time enabling speedstep (see earlier in this thread) but I couldn't ever see much improvement in power consumption. The higher C states seemed to overwhelm the P state savings. You need to swap out the CPU with something speedstep enabled to see that though. Other than that you can replace the psu with something more efficient, typically a dc-dc psu such as the picoPSU.

Steve

Hawk78

Steve, thanks for your reply. I'll try to find some silent 40x40 fans because the original ones are very loud. I have no experience in picoPSU. Can you recommend a suitable one?

stephenw10

I suggest you try just reducing the fan speed first. I replaced the fans in my x-peak box but only because there's no control on that. I think I detailed it in the x-peak thread.
The psu requirements are fairly low so most of the picoPSU models should work. No promises though. ;)

Steve

bragle

Hello all,

First off, thanks so much for the work you did in getting this going.  I acquired a decommissioned XTM 510 from my workplace and knew Watchguard well enough to realize it would take more money than I cared to spend (or my wife would allow) to get it going on my home network with the functionality it promised.  Your work and PFSense changed that.  Kudos!

So, as of this morning after some minor fiddling about in the console, I am up and running with a brand new install, fully functional from what my bleary eyes can see so far.  This brings up the obvious question of "what next?".  I utilized a 1 Gb CF card for the install and PFSense is reporting about 40% disk utilization so far.  This seems high enough to me that I might want to consider putting in a bigger card and/or installing a spare drive in that beckoning slot next to the board.

1.  Do I need to flash the BIOS to enable a higher capacity CF card and/or install a spare drive?
2.  If yes, is the xtm5_83.rom mentioned on this thread sufficient to accomplish that?
3.  Would it simply be a matter of SSHing into the box and sending this (fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom) and then following Stephen's subsequent directions?
4.  What dragons should I expect to find?

Once again thanks for the hard work of everyone involved.  I was up until 3:30 AM just trying to apply what meager abilities I possess to get this going, so I can only imagine what late nights have been in by the efforts of this crew.

stephenw10

Hi. Another firebox saved from scrap.  :)

You don't need to do anything to boot a larger CF card. I've not tried using a SATA HD in mine but I would assume that too boots no problem. Having said that you are unlikely to need a bigger card. That remaining space will only be used by adding further packages and there are only so many that can be run (usefully) under NanoBSD.
You can flash the BIOS by fetching it directly as you say. There are some other advantages to doing so: fully unlocked bios, LED the correct colour, speedstep enabled. Flashing the BIOS is always inherently risky but several other people have done it with that file without issue. Also, as I was forced to find out, it is possible to recover from a bad flash on that box but doing so is not straight forward.

If you decide to bridge some of the ports (because you don't need that many subnets at home  ;)) there is a bug in 2.1 that will bite you. It's since been patched but you have to apply the patch manually:
http://forum.pfsense.org/index.php/topic,66908.msg386279.html#msg386279

You can add the WGXepc program to access the fan and arm/disarm led.

More hours than I care to admit!  ::)

Steve

bragle

Thanks for the fast response!  I'll take your advice and caution and just leave well enough alone for the time being.  I upgraded the RAM to 2 Gb and checked over the available packages to see what, if any, might appeal to me.  I'm satisfied enough at this point that I have a solid install going and a much faster piece of kit to replace my existing router/firewall.  As I am connecting this directly to a 50 port switch, I don't see a need to bridge any interfaces at this point, though I appreciate the heads up on the 2.1 bug.  Once I get the network fully fleshed out, I might be tempted to see what other goodies I can install or get going, but this so far makes my morning.

Thanks again!

stephenw10

No problem.  :)

I forgot to mention the LCD, it's all in the wiki page though.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

Steve

hobbit666

Hi
I'm new to pfsense and would like to install it on some expired Watchguard boxes.  I have some XTM's and Xcore.

I'm trying it on a XTM505 first to see what it does but having some issues.

Can someone point me to the correct image I should be using for the XTM505? I've tried installing it on the 1GB CF card that was in the box but I can't get it booting.

Do I need to flash the BIOS? first or should I be ok with the default?

stephenw10

Hey,
No you don't have to flash the bios to boot pfSense.
How did you write the CF card? Did you see any errors?
The image you should use is:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-1g-i386-nanobsd.img.gz (you might choose a mirror closer to you)

However manufacturers of CF cards like to label cards as 1GB even if they're actaully slightly smaller so if you see errors writing the card try the 512MB image instead:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz

The Celeron 440 in the XTM5 is 64 bit capable so you can run 64bit images instead. However I'm not sure the LCD driver is supported under 64bit.  :-\

You should see the card boot on the serial console at 9600bps and it will wait at the assign interfaces prompt.

Steve

hobbit666

Thanks for the reply.  I have a couple of different CF cards and will try all the different images :)

Will also post screen shots of errors if I get them again.  But i'm not 100% this box is working 100% I did have boot issues when I flash the Fireware 11.7.4 onto it, but it boots fine with 11.7.

Otherwise i'll try it with my X770

stephenw10

The default bios will let you go into the setup and check the settings, the CPU temp etc but won't allow you to change anything. You can verify your console connection and that it's seeing your CF cards correctly that way.
To access the bios you have to set the serial console to 115200bps and press the TAB key at boot.

Steve

hobbit666

Reflashed the 1G image and now working.

Also got a x550e working too :)

FryerCNC

Hello I'm new to the XTM5 platform and need to flash the bios, I tried the instructions but realized pfsense does not have flashrom so the command fails to do anything.
Is there a simple fix for this

Probably the safest way to get this file, least chance of corruption, is to fetch it straight to the box.
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
xtm5_83.rom                                  100% of 1024 kB 1957 kBps

You can then also check its MD5 sum is correct:

md5 xtm5_83.rom
MD5 (xtm5_83.rom) = e75bc93ca2db547a3facb8d611f0d441

Then write it with flashrom from there:

flashrom -w xtm5_83.rom
flashrom v0.9.5.2-r1515 on FreeBSD 8.3-RELEASE-p8 (i386), built with libpci 3.1.9, GCC 4.2.1 20070719  [FreeBSD], little endian
flashrom is free software, get the source code at http://www.flashrom.org

Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R". Enabling flash write... OK.
Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.

stephenw10

First of all let me say that you do not need to flash the BIOS on the XTM5 in order to run pfSense. Flashing the BIOS involves some risk so unless you want the additional features you probably shouldn't.

You're right flashrom isn't included. You can add it easily enough though. First re-mount the CF card as RW:

/etc/rc.conf_mount_rw

then add flashrom:

pkg_add -r flashrom

Several packages will be added. Then:

rehash

Now you can run flashrom as above.

Steve

FryerCNC

Thanks worked like a charm

chpalmer

Just had an XTM510 donated to the cause.

Spent some time with an incorrect console cable but the Cisco one I had in my kit worked.  :)

Running-

2.1.2-RELEASE (amd64)
built on Thu Apr 10 05:42:17 EDT 2014
FreeBSD 8.3-RELEASE-p15
Had the same as you Steve-  Armed light stayed green (but would flash on boot with the WG software).  Once I flashed to bios the red light is now on.  Play some more this weekend when I get some time.

stephenw10

Great, glad neither of had trouble.  :)

Steve

chpalmer

Checking for package installation…
Downloading https://files.pfsense.org/packages/amd64/8/All/lcdproc-0.5.6-amd64.pbi …  (extracting)

Just installed the LCDProc package +dev tonight with success.

64 bit seems to be a good fit on these so far.

edit-  however-

[2.1.2-RELEASE][admin@pfsense.localdomain]/root(12): /conf/WGXepc -l green
/conf/WGXepc: Exec format error. Binary file not executable.