Watchguard XTM 5 Series
-
I suggest you try just reducing the fan speed first. I replaced the fans in my x-peak box but only because there's no control on that. I think I detailed it in the x-peak thread.
The psu requirements are fairly low so most of the picoPSU models should work. No promises though. ;)Steve
-
Hello all,
First off, thanks so much for the work you did in getting this going. I acquired a decommissioned XTM 510 from my workplace and knew Watchguard well enough to realize it would take more money than I cared to spend (or my wife would allow) to get it going on my home network with the functionality it promised. Your work and PFSense changed that. Kudos!
So, as of this morning after some minor fiddling about in the console, I am up and running with a brand new install, fully functional from what my bleary eyes can see so far. This brings up the obvious question of "what next?". I utilized a 1 Gb CF card for the install and PFSense is reporting about 40% disk utilization so far. This seems high enough to me that I might want to consider putting in a bigger card and/or installing a spare drive in that beckoning slot next to the board.
1. Do I need to flash the BIOS to enable a higher capacity CF card and/or install a spare drive?
2. If yes, is the xtm5_83.rom mentioned on this thread sufficient to accomplish that?
3. Would it simply be a matter of SSHing into the box and sending this (fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom) and then following Stephen's subsequent directions?
4. What dragons should I expect to find?Once again thanks for the hard work of everyone involved. I was up until 3:30 AM just trying to apply what meager abilities I possess to get this going, so I can only imagine what late nights have been in by the efforts of this crew.
-
Hi. Another firebox saved from scrap. :)
You don't need to do anything to boot a larger CF card. I've not tried using a SATA HD in mine but I would assume that too boots no problem. Having said that you are unlikely to need a bigger card. That remaining space will only be used by adding further packages and there are only so many that can be run (usefully) under NanoBSD.
You can flash the BIOS by fetching it directly as you say. There are some other advantages to doing so: fully unlocked bios, LED the correct colour, speedstep enabled. Flashing the BIOS is always inherently risky but several other people have done it with that file without issue. Also, as I was forced to find out, it is possible to recover from a bad flash on that box but doing so is not straight forward.If you decide to bridge some of the ports (because you don't need that many subnets at home ;)) there is a bug in 2.1 that will bite you. It's since been patched but you have to apply the patch manually:
http://forum.pfsense.org/index.php/topic,66908.msg386279.html#msg386279You can add the WGXepc program to access the fan and arm/disarm led.
More hours than I care to admit! ::)
Steve
-
Thanks for the fast response! I'll take your advice and caution and just leave well enough alone for the time being. I upgraded the RAM to 2 Gb and checked over the available packages to see what, if any, might appeal to me. I'm satisfied enough at this point that I have a solid install going and a much faster piece of kit to replace my existing router/firewall. As I am connecting this directly to a 50 port switch, I don't see a need to bridge any interfaces at this point, though I appreciate the heads up on the 2.1 bug. Once I get the network fully fleshed out, I might be tempted to see what other goodies I can install or get going, but this so far makes my morning.
Thanks again!
-
No problem. :)
I forgot to mention the LCD, it's all in the wiki page though.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_FireboxSteve
-
Hi
I'm new to pfsense and would like to install it on some expired Watchguard boxes. I have some XTM's and Xcore.I'm trying it on a XTM505 first to see what it does but having some issues.
Can someone point me to the correct image I should be using for the XTM505? I've tried installing it on the 1GB CF card that was in the box but I can't get it booting.
Do I need to flash the BIOS? first or should I be ok with the default?
-
Hey,
No you don't have to flash the bios to boot pfSense.
How did you write the CF card? Did you see any errors?
The image you should use is:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-1g-i386-nanobsd.img.gz (you might choose a mirror closer to you)However manufacturers of CF cards like to label cards as 1GB even if they're actaully slightly smaller so if you see errors writing the card try the 512MB image instead:
http://files.bgn.pfsense.org/mirror/downloads/pfSense-2.1-RELEASE-512mb-i386-nanobsd.img.gzThe Celeron 440 in the XTM5 is 64 bit capable so you can run 64bit images instead. However I'm not sure the LCD driver is supported under 64bit. :-\
You should see the card boot on the serial console at 9600bps and it will wait at the assign interfaces prompt.
Steve
-
Thanks for the reply. I have a couple of different CF cards and will try all the different images :)
Will also post screen shots of errors if I get them again. But i'm not 100% this box is working 100% I did have boot issues when I flash the Fireware 11.7.4 onto it, but it boots fine with 11.7.
Otherwise i'll try it with my X770
-
The default bios will let you go into the setup and check the settings, the CPU temp etc but won't allow you to change anything. You can verify your console connection and that it's seeing your CF cards correctly that way.
To access the bios you have to set the serial console to 115200bps and press the TAB key at boot.Steve
-
Reflashed the 1G image and now working.
Also got a x550e working too :)
-
Hello I'm new to the XTM5 platform and need to flash the bios, I tried the instructions but realized pfsense does not have flashrom so the command fails to do anything.
Is there a simple fix for thisProbably the safest way to get this file, least chance of corruption, is to fetch it straight to the box.
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
xtm5_83.rom 100% of 1024 kB 1957 kBpsYou can then also check its MD5 sum is correct:
md5 xtm5_83.rom
MD5 (xtm5_83.rom) = e75bc93ca2db547a3facb8d611f0d441Then write it with flashrom from there:
flashrom -w xtm5_83.rom
flashrom v0.9.5.2-r1515 on FreeBSD 8.3-RELEASE-p8 (i386), built with libpci 3.1.9, GCC 4.2.1 20070719 [FreeBSD], little endian
flashrom is free software, get the source code at http://www.flashrom.orgCalibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R". Enabling flash write... OK.
Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED. -
First of all let me say that you do not need to flash the BIOS on the XTM5 in order to run pfSense. Flashing the BIOS involves some risk so unless you want the additional features you probably shouldn't.
You're right flashrom isn't included. You can add it easily enough though. First re-mount the CF card as RW:
/etc/rc.conf_mount_rw
then add flashrom:
pkg_add -r flashrom
Several packages will be added. Then:
rehash
Now you can run flashrom as above.
Steve
-
Thanks worked like a charm
-
Just had an XTM510 donated to the cause.
Spent some time with an incorrect console cable but the Cisco one I had in my kit worked. :)
Running-
2.1.2-RELEASE (amd64)
built on Thu Apr 10 05:42:17 EDT 2014
FreeBSD 8.3-RELEASE-p15
Had the same as you Steve- Armed light stayed green (but would flash on boot with the WG software). Once I flashed to bios the red light is now on. Play some more this weekend when I get some time. -
Great, glad neither of had trouble. :)
Steve
-
Checking for package installation…
Downloading https://files.pfsense.org/packages/amd64/8/All/lcdproc-0.5.6-amd64.pbi … (extracting)Just installed the LCDProc package +dev tonight with success.
64 bit seems to be a good fit on these so far.
edit- however-
[2.1.2-RELEASE][admin@pfsense.localdomain]/root(12): /conf/WGXepc -l green /conf/WGXepc: Exec format error. Binary file not executable.
-
Ah, I never considered 64bit. ::)
The code is sufficiently basic that it runs across multiple things. Code compiled in 8.1 still runs in 10 for example.
Are you running Nano? I take it the required 32bit compat libs and flags are not included.I don't have a 64bit FreeBSD machine running right now but feel free to compile te code yourself if you do:
https://sites.google.com/site/pfsensefirebox/home/WGXepc.cI'll have to do it myself eventually though.
Steve
-
I don't have a 64bit FreeBSD machine running right now but feel free to compile te code yourself if you do:
https://sites.google.com/site/pfsensefirebox/home/WGXepc.cSteve
Ah- I figured that might be the reason. Compiling is still above my paygrade a little. I may have to use the balance of the weekend and learn however… ;D
Im using this as my test box right now until the donator decides the 550e I built him isn't good enough... :(
-
Hi,
Thanks all of you guys, lot of information… I'm not bsd user but sometimes it saves my life.I just want to say, I installed Debian Wheezy and it works like a charm. But my eth1 ports is death.
If got something else usefull I'll share it in here.
Again thanks for everything...
-
I've recently aquired a XTM 510 which I'm installing PFsense on, I'd like to be able to boot off a hard drive in order to utilize caching, could someone point me in the write direction if that is even possible? Without a video output it seems the standard builds wont' work and the nano builds would only give 4gb of space?
Thanks
-
Ok. I've not tried this so it's based mostly on experience from other boxes….
The XTM5 has SATA connectors and a SATA power connector on the PSU so you can hook up a standard SATA drive. However you may have to construct some mounting hardware.
You may be able to boot the box from a USB stick with the memstick-serial image on it and then install directly to the SATA drive. Select the embedded kernel during the install to get a serial console. You probably need to have the unlocked BIOS to boot from USB though.
Alternatively you can install to the drive in a different box. Configure at least one interface so you can access the webgui and go in and select the serial console. Now transfer the drive back the XTM5 and boot. It will probably fail at the first boot because the sata connection number will be different. If it does then point it to the correct location at the mountroot> prompt and then edit the fstab once booted.Steve
-
http://www.cavium.com/acceleration_boards_FIPS.htm
Cavium provides a comprehensive Software Development Kit that includes C-source code for Linux and FreeBSD drivers. The SDK also includes APIs for OpenSSL, OpenSSH and PKCS#11, key management utilities, test utilities and reference code for easy portability. The Crypto-API’s are common between Cavium’s FIPS and the non-FIPS product providing customers with tremendous R&D leverage and re-use.
-
You are pointing out that they advertise FreeBSD as supported? That's true except there aren't actually any drivers instead there's an SDK to develop your own drivers and to get access to it you need sign an NDA etc. They are never going to end up in FreeBSD. I guess you may be able to poach them from some FreeBSD based commercial firewall, JunOS perhaps?
I tried to compile WGXepc by booting a 64bit live GhostBSD DVD but it was a no go. There are some references to i386 functions which wouldn't compile and their amd64 equivalents wouldn't either. I borrowed that code from LCDproc though and that seems to compile for 64bit so there must be a solution.
Steve
Edit: typo
-
You are pointing out that they advertise FreeBSD as supported? That's true except there aren't actually any drivers instead there's an SDK to develop your own drivers and to get access to it you need sign an NDA etc. They are never going to end up in FreeBSD. I guess you may be able to poach them from some FreeBSD based commercial firewall, JunOS perhaps?
I tried to compile WGXepc by booting a 64bit live GhostBSD DVD but it was a no go. There are some references to i386 functions which wouldn't compile and there amd64 equivalents wouldn't either. I borrowed that code from LCDproc though and that seems to compile for 64bit so there must be a solution.
Steve
I should have been to sleep by then when I posted that and didn't really finish what I meant to post. :o But you answered my question. Whether or not the drivers might be out there…
As always- thanks for the effort!
-
I've recently aquired a XTM 510 which I'm installing PFsense on, I'd like to be able to boot off a hard drive in order to utilize caching, could someone point me in the write direction if that is even possible? Without a video output it seems the standard builds wont' work and the nano builds would only give 4gb of space?
Thanks
Hi there. I run 2.1.2 on xtm 510 with 120GB SATA SSD drive. It works perfectly fine. Cache read speed for Squid is around 35MBps.
Edit:
-
Nice. :)
No gotchas in installing or mounting the drive?Steve
-
No problems at all. I have used a laptop to install pfsense on the HDD and then plugged it into Watchguard and that's it.
And stephenw10 I use your Bios on it. I also have x750e I use your bios on, version 8 - it allows booting from HDD (IDE) without any tweaks or any CF cards installed - nice. Thanks for this!
Edit:
WGXepc - I'm not knowledgeable enough to compile it to run on X64 so I stick to X86 on my xtm 510 until that's done by someone who knows what to do - stephenw10 - please let us know if you manage to get it compiled successfully.
-
No problem. Thanks for the feedback. :)
Steve
-
Forgot to mention that my xtm 510 runs with single 4GB DDR2-800 RAM stick. I did not boot with 8GB (2x 4GB) but it might do with say 6GB when running X64 would be useful.
-
Finally got the console to work, had to put together my own cable by splicing a standard serial cable into a different configuration, as mentioned it seems to be cisco standard but since I couldn't easily find pinouts here they are:
RJ45 - DB9
1 - 8
2 - 6 + 1
3 - 2
4+5 - 5
6 - 3
7 - 4
8-7Flashed the bios, some more options seem available but a lot of them seem to be view mode only though, I'll work on the HDD install after I get more familiar with PFSense and back into FreeBSD.
Edit: once the bios is flashed the battery has to be pulled to reset to default, that unlocked all the options in the bios and allowed it to boot normally again
Thanks for the help
-
Hey stephenw10,
i want to step deeper in what you have done.
Can you help me with opening the bios file in amibcp?
I tryed with your .rom file from page 3 and amibcp v4.53 but i always get the error: "Couldn't open the file."
What did you do to open the bios file in amibcp?
Thanks in advance. -
It's important to have the right version of AMIBCP. The first versions I had corrupted the BIOS pretty much every time. Unfortunately the machine I was using to run it was using XP so I retired it. It's now gathering dust so I need to get the data off it. I'll get back to you.
Did the rom file download OK, have you checked the MD5?Steve
-
Yes i checked the md5 and i flashed it on my XTM 5.
Everything works.
But im interested and want to get some feelings about modifing the bios.
Thanks in advance for your reply. I'll be waiting. -
I installed flashrom via pkg_add -r flashrom but I'm getting this when trying to read the original BIOS:
[2.1.3-RELEASE][root@pfSense.gorgarath.net]/root(8): flashrom -r og-bios.img flashrom v0.9.5.2-r1515 on FreeBSD 8.3-RELEASE-p16 (i386), built with libpci 3.1 .9, GCC 4.2.1 20070719 [FreeBSD], little endian flashrom is free software, get the source code at http://www.flashrom.org Calibrating delay loop... OK. Found chipset "Intel ICH7/ICH7R". Enabling flash write... OK. No EEPROM/flash device found. Note: flashrom can never write if the flash chip isn't found automatically.
I'd like to make sure I get a valid backup before flashing the modified BIOS. But as of right now, I can't flash the modified BIOS nor make a backup. Am I missing something or a jumper on the motherboard somewhere?
-
@lolman
You have to use the 3.XX series on the XTM5 bios. I believe the 4.XX is for UEFI bios only. I started out using 3.43 but that mostly corrupted the BIOS image! Using 3.51 allowed me to edit the Superio tables and didn't corrupt the BIOS.@mcdonnjd
Which model XTM5 do you have? It seems like it's different to those the rest of have so maybe it's one of the second generation models.Steve
-
@mcdonnjd
Which model XTM5 do you have? It seems like it's different to those the rest of have so maybe it's one of the second generation models.Steve
I was hoping you'd be the one responding as you seem to know a heck of a lot about these units. I just upped the memory to a pair of 2GB sticks and a Core2 Duo (E6550) @ 2.33GHz, though I'm thinking of downgrading one of the Core2 Quad (IRRC 3.0GHz) PCs down to a Core2 Duo once I check one to see what socket it is using.
I'm thinking I might have a different model, a later generation perhaps as I have 2 SATA power connectors on my PSU. I took some pics last night that I can post if needed. The BIOS version reported by the LCD and on the console match what you posted and I believe it's the same motherboard model, though I'd have to open it up (or check my pictures) again to be sure as I can't remember now.
On the back of it, it's a very generic XTM 5 Series and XTM 510. I don't see anything about revisions or anything to make it easy. If there's something you want me to look for or try, let me know.
Currently idling in the BIOS at 39 degrees on the CPU with the Core2 Duo. Didn't check what it was at before on the Celeron, though I only had it on at home in the living room before where it was much warmer than the server room at work. Doesn't sound like the fans are running loud either which is nice, though I can't really be sure they aren't as there's a ton of wind noise in this room already. Vcore is fluctuating at 1.319-1.334, I haven't looked up yet to see if that's in spec or not yet.
EDIT>>
I missed the label on the bottom of the chassis, Model #: NC2AE8.Also, do you think that either http://www.newegg.com/Product/Product.aspx?Item=N82E16811994023 or http://www.newegg.com/Product/Product.aspx?Item=N82E16817997007 would fit nicely inside so I could have a RAID-1 hard drive setup? They both probably would fit with some modifications, but curious if anyone things they would fit without having to do any work to them.
-
Hmm. Ok well the 510 is a 1st gen model. You have the same version of flashrom as everyone else, v0.9.5.2-r1515. And it looks like you're running 32bit, yes?
My box, which happens to be sat open beside me :), is also marked NC2AE8. It is also marked on the PCB 'MB-7580 W V1.0 C' and it has a small square sticker near the BIOS rom chip marked 'MB-7580 CK:9A80 2010-02-03'. The date in particular would be interesting if yours is newer.
It is possible to read the details from the BIOS rom chip if you look closely with a light (and possibly a magnifying glass!). The chip is labelled on the PCB as U34 and is immediately adjacent to a 10pin header labelled SPI-ROM1 (which is what I'm connected to in this picture)
The ROM chip in my box is marked: '25P80VG, 78227 VZ, PHL 0314' with the ST Microelectronics logo. Which agrees with what flashrom is saying:
Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
Careful when putting in more powerful CPUs. The XTM5 has a smaller PSU than the standard Lanner box it's based on. Though yours is different.
Steve
-
Hmm. Ok well the 510 is a 1st gen model. You have the same version of flashrom as everyone else, v0.9.5.2-r1515. And it looks like you're running 32bit, yes?
Perhaps they made small changes without changing the model. It does happen, sometimes even entire chipsets get changed though they keep the same model number and revision. (Which thankfully isn't too common, but more common than it should be.)
My box, which happens to be sat open beside me :), is also marked NC2AE8. It is also marked on the PCB 'MB-7580 W V1.0 C' and it has a small square sticker near the BIOS rom chip marked 'MB-7580 CK:9A80 2010-02-03'. The date in particular would be interesting if yours is newer.
The PCB is stamped 'MB-7580 W V1.0' and the sticker is marked 'MB-7580W CK: 9880 2010-02-03'. There is also a small sticker labeled '686, AMIBIOS, C1999, YK12, 2061' that you can see in the picture.
It is possible to read the details from the BIOS rom chip if you look closely with a light (and possibly a magnifying glass!). The chip is labelled on the PCB as U34 and is immediately adjacent to a 10pin header labelled SPI-ROM1
The ROM chip in my box is marked: '25P80VG, 78227 VZ, PHL 0314' with the ST Microelectronics logo. Which agrees with what flashrom is saying:
Found ST flash chip "M25P80" (1024 kB, SPI) at physical address 0xfff00000.
Man, that is one tiny chip! Whatever happened to the nice larger BIOS chips with sockets for hot flashing and such? Those were so much nicer. lol
Anyway, the U34 chip is labeled as '25P80VG, GHAAM V5, CHN 643B' (or CHN6438, not sure, looks more like a B to me) and then the ST logo and something inside a circle that my eyes are going buggy trying to read without a microscope… I'm not sure what the white on the corner of the chip is, but it doesn't seem to be something on top as it doesn't seem to come off.
Careful when putting in more powerful CPUs. The XTM5 has a smaller PSU than the standard Lanner box it's based on. Though yours is different.
Steve
I put the Quad Core2 chip in and seem to be idling in the BIOS around 55 degrees with a lower Vcore voltage. Once I get this up and running a bit more, I'll stress test it to make sure that it won't overheat. I've already looked up some higher capacity fans on Newegg if needed. Worst case scenario with the power supply not being able to handle it, would be an unstable system correct? There's also the chance of the power supply going, but I think an unstable system that's hard to diagnose as to what's causing it to be more worse case than a dead power supply that can be replaced.
My power supply is labeled as Model: ST-220FUB-05E with total power being marked as 220W although also marked as Max 204W… Ahh, the Max is for the 204W max on the +3.3V, +5V, and +12V buses and then the 16W Max for the -12V and +5VSB buses for the 220W total max.
EDIT>>
It seems it deleted all my comments and only posted the picture, one moment while I type it all back up...
Ok, I think that I answered everything and left all the comments I did before.
-
Hmm, I would have expected it to be a different chip. Like completely different, perhaps double the size as was often the case with the old style removable chips. Odd the flashrom doesn't see it. You are running it from root I assume?
You could try a 2.2 snapshot which will have a newer flashrom.
Steve
-
You could try a 2.2 snapshot which will have a newer flashrom.
SteveWhen I tried several weeks ago there appeared to be no flashrom under 2.2… Ill give it a try again to verify.