Watchguard XTM 5 Series

stephenw10

No problem.  :)

I forgot to mention the LCD, it's all in the wiki page though.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

Steve

hobbit666

Hi
I'm new to pfsense and would like to install it on some expired Watchguard boxes.  I have some XTM's and Xcore.

I'm trying it on a XTM505 first to see what it does but having some issues.

Can someone point me to the correct image I should be using for the XTM505? I've tried installing it on the 1GB CF card that was in the box but I can't get it booting.

Do I need to flash the BIOS? first or should I be ok with the default?

stephenw10

Hey,
No you don't have to flash the bios to boot pfSense.
How did you write the CF card? Did you see any errors?
The image you should use is:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-1g-i386-nanobsd.img.gz (you might choose a mirror closer to you)

However manufacturers of CF cards like to label cards as 1GB even if they're actaully slightly smaller so if you see errors writing the card try the 512MB image instead:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gz

The Celeron 440 in the XTM5 is 64 bit capable so you can run 64bit images instead. However I'm not sure the LCD driver is supported under 64bit.  :-\

You should see the card boot on the serial console at 9600bps and it will wait at the assign interfaces prompt.

Steve

hobbit666

Thanks for the reply.  I have a couple of different CF cards and will try all the different images :)

Will also post screen shots of errors if I get them again.  But i'm not 100% this box is working 100% I did have boot issues when I flash the Fireware 11.7.4 onto it, but it boots fine with 11.7.

Otherwise i'll try it with my X770

stephenw10

The default bios will let you go into the setup and check the settings, the CPU temp etc but won't allow you to change anything. You can verify your console connection and that it's seeing your CF cards correctly that way.
To access the bios you have to set the serial console to 115200bps and press the TAB key at boot.

Steve

hobbit666

Reflashed the 1G image and now working.

Also got a x550e working too :)

FryerCNC

Hello I'm new to the XTM5 platform and need to flash the bios, I tried the instructions but realized pfsense does not have flashrom so the command fails to do anything.
Is there a simple fix for this

Probably the safest way to get this file, least chance of corruption, is to fetch it straight to the box.
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
xtm5_83.rom                                  100% of 1024 kB 1957 kBps

You can then also check its MD5 sum is correct:

md5 xtm5_83.rom
MD5 (xtm5_83.rom) = e75bc93ca2db547a3facb8d611f0d441

Then write it with flashrom from there:

flashrom -w xtm5_83.rom
flashrom v0.9.5.2-r1515 on FreeBSD 8.3-RELEASE-p8 (i386), built with libpci 3.1.9, GCC 4.2.1 20070719  [FreeBSD], little endian
flashrom is free software, get the source code at http://www.flashrom.org

Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R". Enabling flash write... OK.
Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.

stephenw10

First of all let me say that you do not need to flash the BIOS on the XTM5 in order to run pfSense. Flashing the BIOS involves some risk so unless you want the additional features you probably shouldn't.

You're right flashrom isn't included. You can add it easily enough though. First re-mount the CF card as RW:

/etc/rc.conf_mount_rw

then add flashrom:

pkg_add -r flashrom

Several packages will be added. Then:

rehash

Now you can run flashrom as above.

Steve

FryerCNC

Thanks worked like a charm

chpalmer

Just had an XTM510 donated to the cause.

Spent some time with an incorrect console cable but the Cisco one I had in my kit worked.  :)

Running-

2.1.2-RELEASE (amd64)
built on Thu Apr 10 05:42:17 EDT 2014
FreeBSD 8.3-RELEASE-p15
Had the same as you Steve-  Armed light stayed green (but would flash on boot with the WG software).  Once I flashed to bios the red light is now on.  Play some more this weekend when I get some time.

stephenw10

Great, glad neither of had trouble.  :)

Steve

chpalmer

Checking for package installation…
Downloading https://files.pfsense.org/packages/amd64/8/All/lcdproc-0.5.6-amd64.pbi …  (extracting)

Just installed the LCDProc package +dev tonight with success.

64 bit seems to be a good fit on these so far.

edit-  however-

[2.1.2-RELEASE][admin@pfsense.localdomain]/root(12): /conf/WGXepc -l green
/conf/WGXepc: Exec format error. Binary file not executable.

stephenw10

Ah, I never considered 64bit.  ::)
The code is sufficiently basic that it runs across multiple things. Code compiled in 8.1 still runs in 10 for example.
Are you running Nano? I take it the required 32bit compat libs and flags are not included.

I don't have a 64bit FreeBSD machine running right now but feel free to compile te code yourself if you do:
https://sites.google.com/site/pfsensefirebox/home/WGXepc.c

I'll have to do it myself eventually though.

Steve

chpalmer

@stephenw10:

I don't have a 64bit FreeBSD machine running right now but feel free to compile te code yourself if you do:
https://sites.google.com/site/pfsensefirebox/home/WGXepc.c

Steve

Ah-  I figured that might be the reason.  Compiling is still above my paygrade a little.  I may have to use the balance of the weekend and learn however…  ;D

Im using this as my test box right now until the donator decides the 550e I built him isn't good enough...  :(

muratbeser

Hi,
Thanks all of you guys, lot of information… I'm not bsd user but sometimes it saves my life.

I just want to say, I installed Debian Wheezy and it works like a charm. But my eth1 ports is death.

If got something else usefull I'll share it in here.

Again thanks for everything...

Corellon

I've recently aquired a XTM 510 which I'm installing PFsense on, I'd like to be able to boot off a hard drive in order to utilize caching, could someone point me in the write direction if that is even possible?  Without a video output it seems the standard builds wont' work and the nano builds would only give 4gb of space?

Thanks

stephenw10

Ok. I've not tried this so it's based mostly on experience from other boxes….
The XTM5 has SATA connectors and a SATA power connector on the PSU so you can hook up a standard SATA drive. However you may have to construct some mounting hardware.
You may be able to boot the box from a USB stick with the memstick-serial image on it and then install directly to the SATA drive. Select the embedded kernel during the install to get a serial console. You probably need to have the unlocked BIOS to boot from USB though.
Alternatively you can install to the drive in a different box. Configure at least one interface so you can access the webgui and go in and select the serial console. Now transfer the drive back the XTM5 and boot. It will probably fail at the first boot because the sata connection number will be different. If it does then point it to the correct location at the mountroot> prompt and then edit the fstab once booted.

Steve

chpalmer

http://www.cavium.com/acceleration_boards_FIPS.htm

Cavium provides a comprehensive Software Development Kit that includes C-source code for Linux and FreeBSD drivers. The SDK also includes APIs for OpenSSL, OpenSSH and PKCS#11, key management utilities, test utilities and reference code for easy portability. The Crypto-API’s are common between Cavium’s FIPS and the non-FIPS product providing customers with tremendous R&D leverage and re-use.

stephenw10

You are pointing out that they advertise FreeBSD as supported? That's true except there aren't actually any drivers instead there's an SDK to develop your own drivers and to get access to it you need sign an NDA etc. They are never going to end up in FreeBSD. I guess you may be able to poach them from some FreeBSD based commercial firewall, JunOS perhaps?

I tried to compile WGXepc by booting a 64bit live GhostBSD DVD but it was a no go. There are some references to i386 functions which wouldn't compile and their amd64 equivalents wouldn't either. I borrowed that code from LCDproc though and that seems to compile for 64bit so there must be a solution.

Steve

Edit: typo

chpalmer

@stephenw10:

You are pointing out that they advertise FreeBSD as supported? That's true except there aren't actually any drivers instead there's an SDK to develop your own drivers and to get access to it you need sign an NDA etc. They are never going to end up in FreeBSD. I guess you may be able to poach them from some FreeBSD based commercial firewall, JunOS perhaps?

I tried to compile WGXepc by booting a 64bit live GhostBSD DVD but it was a no go. There are some references to i386 functions which wouldn't compile and there amd64 equivalents wouldn't either. I borrowed that code from LCDproc though and that seems to compile for 64bit so there must be a solution.

Steve

I should have been to sleep by then when I posted that and didn't really finish what I meant to post.  :o  But you answered my question. Whether or not the drivers might be out there…

As always- thanks for the effort!