Watchguard Firebox XTM 8 Series

stephenw10 · Dec 19, 2013, 3:11 PM

If you configure only one interface, WAN, then that is the only way to access the webgui so the default firewall rule is there. There is no need to disable the firewall from option 8. However as soon as you add another interface the default rule moves to LAN.
If you are going to create a new image you could just start out with two interfaces defined, WAN and LAN, which would avoid any console configuration. That's how the Alix box works out of the box.

You could also try to set the comconsole to com2 after boot which would be useful.

Steve

angelkiller · Dec 19, 2013, 3:57 PM

Need a little hint to doing that set console output to com2. Aborting boot process and than on the cli and there with set command? If this doing a output to com there is no need to do a backup image.

Edit:

Found it!
With 7 interrupt boot
set console=comconsole [Enter]
change putty from 118200 to 9600 and hit [Enter]
boot [Enter]

boot and output via console ;-)

Now there is no need to make backup.
With this info everyone can install pfsense on it.
I think there is no need to flash the original bios.

angelkiller · Dec 19, 2013, 4:28 PM

:-( console output ends with "Bootup complete"

i attached a bootlog

xtm8bootlog.txt

angelkiller · Dec 20, 2013, 6:47 AM

I made the backup with lan interface configured to a static ip and dhcp server on. Good to know, when configure em0 to wan and em1 to lan, than em0 is port0 and lan is port 4 of interfaces in front of the Watchguard XTM 8 Series. ;)

stephenw10 · Dec 20, 2013, 11:51 AM

Hmm, that's slightly odd about the ports being 1 and 4. The numbering in pfSense is determined by he order in which they're probed..

I'm confused as to what you did to get that bootlog, I've forgotten quite where we were. ::)
So firstly it includes some information about the serial redirect module which is something I've not seen on any other box.
I assume that you got this from the rear com port whilst booting the Nano-VGA image. In which case I think it's safe to assume that it only got there by being redirected by the module (which is set to continue after boot). That could explain why you don't see anything after 'bootup complete'. The redirect module can only handle basic text so perhaps the menu is drawn in some way that it can't handle?

See: https://www.freebsd.org/doc/handbook/serialconsole-setup.html#serialconsole-com2
Seems to imply that simply selecting the I/O address of the port selects the com port. That's why I was hopeful that changing the port address in the bios would suffice. It seems not. :-\

Steve

angelkiller · Dec 20, 2013, 7:59 PM

Yes, its from the rear com port. Baudrate 118200 is showing system initializing and bios and the first boot process only to the question how to boot. At this point the boot must interupt with 7 and tell the box to use comconsole for output. After this command the baudrate must set to 9600 and it is showing the rest and stops with "Boot completed".

But now we know the way and i think with my backup from the default installation there is no need to do complete serial output. But i will test more in the new year.

stephenw10 · Dec 20, 2013, 10:45 PM

Ah, maybe similar to the serial quirk then:
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Serial_Port_Quirk
In the X-core box that stops in exactly that place.

Even if it's not necessary to have access to the serial console it's very useful to have it in case you are locked out of the webgui.

Steve

angelkiller · Dec 21, 2013, 5:40 PM

Not at home for christmas. Will test it in a few days.

merry xmas!

_Adrian_ · Feb 27, 2014, 5:41 PM

Any updates ???

I'm looking at an XTM810 and would like to know the ins and outs which seem it may need a bit a messin about but the end product is well worth it!

ScottMcNaught · Jun 2, 2014, 2:18 PM

Hey guys,

I have recently bought an XTM 810. I can get it to boot but I lose video & console input.
Can see boot loader, can see first pfSense options menu, after this I lose video and it continues to boot completely with the startup noise. (The video and input disappear after the first pfSense options menu.)

So I press 7 to exit to shell. But when I type:
set console=comconsole

… I lose all video and control. This is noted to be due to it redirecting output to COM1 which is a blank header at the front of the board. COM2 at the back as discussed. Note: I have tried Putty at 9600 and tried comconsole_speed="115200" in /boot/loader.conf and /boot/loader.conf.local.

My question is: How did you get it to use COM2 instead of COM1?

On another note, angelkiller, if you get stuck at the step "Bootup complete", on other Watchguard products, as a work around with this serial quirk you can Control+C the bootup right before "Bootup complete", and then run /etc/rc.initial via command. This will give you the configuration menu and allow you to setup the interfaces and IP addresses.

Cheers,
Scott

stephenw10 · Jun 2, 2014, 3:40 PM

Replied to your PM before I read this. ::)
I don't think anyone has got com2 to work yet, Angelkiller used a Nano+VGA image I think. However JimP rcently posted a possible method for changing com ports:
https://forum.pfsense.org/index.php?topic=76382.msg418066#msg418066

Steve

ScottMcNaught · Jun 11, 2014, 7:01 AM

Hey Guys,

I bought off eBay this item: http://www.ebay.com/itm/VGA-Graphics-Card-Bracket-Header-Cable-11pin-12P-Small-/150600480861?ssPageName=ADME:L:OC:AU:3160

It makes life so much easier. It works with both the XTM 5 and the XTM 8 series.
USB ports work on both devices. You can access the BIOS etc.

I bought another 4 of these today. My plan is to case-mod the chassis of all my boxes and permanently add this to the side of the box. Honestly, it is the best money I have ever spent.

XTM 8 works great out of the box with nano-bsd vga, and this vga header cable.

Cheers,
Scott

stephenw10 · Jun 11, 2014, 12:42 PM

Thanks for the link. Good to know. :)

Steve

mcdonnjd · Jul 1, 2014, 12:23 AM

I'll have to keep this in mind for down the road. Don't really need VGA as the serial works rather well on the XTM 5, but always nice to have options.

Eams · Aug 1, 2014, 9:45 AM

I'm back!

I see there's been some good activity and progress on here with the XTM 8's now more readily available :)

I'm still stuck with my duff XTM 8 but I now want it working!

I tried various SPI programmers but got nowhere, is my only option to source a bios chip and replace my current one or is there an easier way?

Considering the bios chip is a SMD and therefore it will be very hard to remove/replace :(

Regards
Eamon

stephenw10 · Aug 3, 2014, 12:23 AM

Welcome back! ;)
Perhaps you could remind us of your stuation, what have you tried so far. Did you ever try the '4 resistors' parallel port meathod? Have you tried any software other than flashrom?

Steve

Eams · Aug 4, 2014, 9:50 AM

Thanks :)

Ok so I flashed the Bios, it gave an error, I tried to reflash it back to normal but no joy, rebooted and now it's in an endless reboot loop without completing POST :(

I never did try the 4 resistor method, would this work do you think?

Unable to try any other software on the XTM 8 as it won't boot to a command prompt :(

Eamon

stephenw10 · Aug 4, 2014, 10:16 PM

When I bricked my xtm5 the 4 resistors/parallel port connection was the only thing that worked. Though I only tried one other thing! I know when you first had trouble you tried various versions of flashrom, any of them show anything different?
Did you try anything other than flashrom via the SPI connector?

Steve

jimkisa · Aug 6, 2014, 1:09 PM

Eams thanks for this topic , it's really help me .

Eams · Aug 6, 2014, 8:31 PM

No Probs Jimkisa, - stephenw10 helped too :)

Ste,

Flashrom is what got it bricked, so since then I tried a couple of SPI programmers (BlackCat and some other one off ebay - has no name on it but it had good reviews on the net).

The software for both were pretty much garbage and I couldn't get anywhere with them.

Whats needed for the parallel port hack? I might as well give that a try!

Eamon