Watchguard XTM 5 Series
-
Ah, you edited while I was typing. ;)
The bios in the gen2 box may be more or less locked down. No way to know until you try it.
The BIOS appears on the serail console by default at 115200 on the gen1. You can enter the setup by pressing 'TAB' (not del) but the only thing you can change is the time and date.There's a strong possiblity that the only thing that changed between gen1 and gen2 was the CPU in which case everything is much easier. :)
Steve
Please fill in the terminal emulation settings below for the BIOS screen and pfsense installation:
To access the Watchguard BIOS Screen:
Speed (baud): 115200
Data Bits: ?
Stop Bits: ?
Parity: ?
Flow Control: ?pfsense Installation (v 2.1.5):
Speed (baud): 9600
Data Bits: ?
Stop Bits: ?
Parity: ?
Flow Control: ? -
You can write the NanoBSD image to a hard drive and it will run from there no problem.
What you can't do is boot from the CF card with a Nano image on it and then install to a HD from there.You can use the 1GB image on a 2GB CF card. And in fact I'd recommend that you do. It's writes much faster to the card but more importantly CF cards that claim to be 2GB are often actually smaller than that causing the 2GB image not to fit.
Steve
I am trying to understand your comment about "What you can't do is boot from the CF card with a Nano image on it and then install to a HD from there." In the section of the installation guide called "Installing pfSense to Hard Disk", it looks like you can install pfsense on a hard drive after booting from the CF card with a Nano image on it.
Additionally, if the BIOS is locked, I will be forced to run from the CF card.
-
You can write the NanoBSD image to a hard drive and it will run from there no problem.
What you can't do is boot from the CF card with a Nano image on it and then install to a HD from there.You can use the 1GB image on a 2GB CF card. And in fact I'd recommend that you do. It's writes much faster to the card but more importantly CF cards that claim to be 2GB are often actually smaller than that causing the 2GB image not to fit.
Steve
I am trying to understand your comment about "What you can't do is boot from the CF card with a Nano image on it and then install to a HD from there." In the section of the installation guide called "Installing pfSense to Hard Disk", it looks like you can install pfsense on a hard drive after booting from the CF card with a Nano image on it.
Additionally, if the BIOS is locked, I will be forced to run from the CF card.
I found a thread with questions about unlocking the BIOS and running from a hard drive with the XTM 505 model.
https://forum.pfsense.org/index.php?topic=83670.msg458501#msg458501
-
The settings are '8N1' which is pretty standard. However they're ordered differently in putty. See screenshot attached.
The CF card appears to the BIOS as the first hard drive so I believe it will boot from a real HD if that's the only one. They are IDE and SATA though.
You only get the option to install if you've booted from a CD or a memstick image. If you look at the screenshots shown in that part of the doc they are taken from 1.0Beta in 2006!
If you want to do it all on the box you might be able to flash the CF card with the 'memstick-serial' image and boot that. You would then have an install option. However be prepared for trouble if you try that because it will expect to be attached via USB not IDE.Try running Nano from a CF card for starters. Check the hardware is good. Move on from there.
Steve
-
The settings are '8N1' which is pretty standard. However they're ordered differently in putty. See screenshot attached.
The CF card appears to the BIOS as the first hard drive so I believe it will boot from a real HD if that's the only one. They are IDE and SATA though.
You only get the option to install if you've booted from a CD or a memstick image. If you look at the screenshots shown in that part of the doc they are taken from 1.0Beta in 2006!
If you want to do it all on the box you might be able to flash the CF card with the 'memstick-serial' image and boot that. You would then have an install option. However be prepared for trouble if you try that because it will expect to be attached via USB not IDE.Try running Nano from a CF card for starters. Check the hardware is good. Move on from there.
Steve
I am trying to understand how this person in the thread below got pfsense installed on a hard drive that is in a XTM 505 model.
https://forum.pfsense.org/index.php?topic=83670.msg458501#msg458501
-
Re question 2:
Yes it booted off the SATA HDD no BIOD modding required. I simply installed pfSense using an old laptop and selected standard kernel as the last option.He put his target hard drive into and old laptop and then booted the laptop from a pfSense CD. Then installed to the hard drive choosing the standard kernel so that it could boot on the laptop presumably.
If you do that then you must boot and setup pfSense sufficiently that you can access the webgui in order to enable the serial console. Alternatively when you are running the install choose the 'embedded' kernel and it will default to the serial console. That means it won't boot on the laptop but will when you move it back to the XTM5.
If you use a 2.2Beta image instead the 64bit version has both vga and serial consoles by default so there's no worries there. ;)Steve
-
Re question 2:
Yes it booted off the SATA HDD no BIOD modding required. I simply installed pfSense using an old laptop and selected standard kernel as the last option.He put his target hard drive into and old laptop and then booted the laptop from a pfSense CD. Then installed to the hard drive choosing the standard kernel so that it could boot on the laptop presumably.
If you do that then you must boot and setup pfSense sufficiently that you can access the webgui in order to enable the serial console. Alternatively when you are running the install choose the 'embedded' kernel and it will default to the serial console. That means it won't boot on the laptop but will when you move it back to the XTM5.
If you use a 2.2Beta image instead the 64bit version has both vga and serial consoles by default so there's no worries there. ;)Steve
Is the 2.2 Beta image safe to use? It's only for home use..
I am trying to understand your previous post. So there are 2 options to install on a hard drive:
1. He put his target hard drive into and old laptop and then booted the laptop from a pfSense CD. Then installed to the hard drive choosing the standard kernel so that it could boot on the laptop presumably.
2. Alternatively when you are running the install choose the 'embedded' kernel and it will default to the serial console. That means it won't boot on the laptop but will when you move it back to the XTM5.So what image file would I use for Option #1 and #2?
-
Is the 2.2 Beta image safe to use?
Ive got it running in production at one of my satellite offices, a customers (due to reasons) and on my testbox without any issues. Besides looks to go RC next snapshot when they start up again. :)
-
Yep, I'm running 2.2 on my XTM5, no problems.
Sorry I was unclear about those options. It's the same file, both are from the ISO CD image.
When you install you get given a choice of which kernel you'd like to use. The only difference between them is that the 'standard' kernel uses the monitor and keyboard for its console and the 'embedded' kernel uses the serial port.Choosing the embedded kernel seems like the right choice there, because the XTM5 has a serial console port, but that does mean that you can't boot the laptop into pfSense from the HD to test it, not necessarily a problem.
If you choose the standard kernel you can still enable a serial console afterwards using an option in the gui.
I have used both before, though not in the XTM5, and they work equally well.
Steve
-
Yep, I'm running 2.2 on my XTM5, no problems.
Sorry I was unclear about those options. It's the same file, both are from the ISO CD image.
When you install you get given a choice of which kernel you'd like to use. The only difference between them is that the 'standard' kernel uses the monitor and keyboard for its console and the 'embedded' kernel uses the serial port.Choosing the embedded kernel seems like the right choice there, because the XTM5 has a serial console port, but that does mean that you can't boot the laptop into pfSense from the HD to test it, not necessarily a problem.
If you choose the standard kernel you can still enable a serial console afterwards using an option in the gui.
I have used both before, though not in the XTM5, and they work equally well.
Steve
During the initial installation, pfsense will ask me for the LAN and WAN interface name based on the current hardware that I am running the installation on. Will those interface names be different in the local PC/laptop versus the XTM5 device therefore preventing me from using the initial setup configuration in the XTM 5 machine? Please advise.
-
Yep, I'm running 2.2 on my XTM5, no problems.
Sorry I was unclear about those options. It's the same file, both are from the ISO CD image.
When you install you get given a choice of which kernel you'd like to use. The only difference between them is that the 'standard' kernel uses the monitor and keyboard for its console and the 'embedded' kernel uses the serial port.Choosing the embedded kernel seems like the right choice there, because the XTM5 has a serial console port, but that does mean that you can't boot the laptop into pfSense from the HD to test it, not necessarily a problem.
If you choose the standard kernel you can still enable a serial console afterwards using an option in the gui.
I have used both before, though not in the XTM5, and they work equally well.
Steve
During the initial installation, pfsense will ask me for the LAN and WAN interface name based on the current hardware that I am running the installation on. Will those interface names be different in the local PC/laptop versus the XTM5 device therefore preventing me from using the initial setup configuration in the XTM 5 machine? Please advise.
OK… During the pfsense installation process using my laptop to install the software on a hard drive that will eventually be installed in the XTM5 machine, I assume I need to stop at the reboot screen so I don't get to the screen for the setup of the WAN and LAN interface. When my XTM5 box arrives, I will install the hard drive in the XTM5 machine, boot from the hard drive and I should now see the reboot screen. I will reboot and now I should be able to setup the WAN and LAN interface on the XTM5 machine. Is that the proper procedure?
-
Yes, that's it. As long as you've chosen the embedded kernel (in 2.1.5) or are using 2.2 64bit then the initial interface assign screen will appear on the console when you boot the drive in the XTM5.
Steve
-
Yes, that's it. As long as you've chosen the embedded kernel (in 2.1.5) or are using 2.2 64bit then the initial interface assign screen will appear on the console when you boot the drive in the XTM5.
Steve
I will be using version 2.2 beta now…. So what image file should I use?
-
Your timing is great because 2.2 just went RC. :D
https://blog.pfsense.org/?p=1506
So use the 2.2RC 64bit ISO to make an install CD and use the procedure we discussed.
http://files.bgn.pfsense.org/mirror/downloads/pfSense-LiveCD-2.2-RC-amd64.iso.gzSteve
-
The settings are '8N1' which is pretty standard. However they're ordered differently in putty. See screenshot attached.
The CF card appears to the BIOS as the first hard drive so I believe it will boot from a real HD if that's the only one. They are IDE and SATA though.
You only get the option to install if you've booted from a CD or a memstick image. If you look at the screenshots shown in that part of the doc they are taken from 1.0Beta in 2006!
If you want to do it all on the box you might be able to flash the CF card with the 'memstick-serial' image and boot that. You would then have an install option. However be prepared for trouble if you try that because it will expect to be attached via USB not IDE.Try running Nano from a CF card for starters. Check the hardware is good. Move on from there.
Steve
Just want to confirm that the baud rate to access the serial console for pfsense version 2.2 is 115200 and not 9600. Please confirm.
-
Yes.
@https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes#OS_Changes:
Default serial speed is now 115200
-
I just got my XTM 525 machine in the mail today.. I am having a hard time trying to open the case. I unscrewed the 2 screws from the back.. Are there more? What is the secret to open this case?
-
There's third screw in the centre at the back under the warranty sticker (assuming it's like the 1st gen box). Then the whole top slides back a little before lifting off.
Steve
-
There's third screw in the centre at the back under the warranty sticker (assuming it's like the 1st gen box). Then the whole top slides back a little before lifting off.
Steve
Well I got pfense up and running on my XTM 525 from a SSD drive. I had to unplug the CF card in order to boot from the SSD drive. The BIOS is locked down. The unit comes with 2GB of RAM and has the Celeron E3400 2.6GHZ CPU.
I have a few questions:
My WAN is connected to the first gigabit port (em0) on the XTM 525, however the port is registering as 100baseTX half-duplex. My LAN connection (second gigabit port (em1)) is registering as 1000baseT full-duplex. It looks like pfsense is only detecting that the first 2 gigabit ports link is up (em0 & em1). So should I connect it to one of the other gigabit port?
BIOS is in View Only mode - Is there any reason to flash it so I can change the settings in the BIOS?
How can I get the LCD working to show pfsense status?
How can I adjust the fan speed?
Is there a way to SSH in pfsense using the LAN IP address?
-
Don't even think about flashing the bios without confirming the motherboard is identical. The board I have here has a sticker marked "MB7580W CK:9A80 2010-02-02" and the board itself is marked "MB-7580W V1.0C"
Flashing the bios unlocks it, enables speedstep and sets the arm/disarm LED as red at boot but it's not necessary and it a risk, especially for you with your gen2 box.LCD and fan speed are covered in the docs wiki.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Installing_lcdproc_and_the_SDECLCD_driver
and
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Controlling_hardware_with_WGXepcUnder 2.2 the lcd driver is behaving even more oddly than normal though! ;)
To access the box using SSH just enable it in System: Advanced: Admin Access:
The Gigabit ports are identical so moving your WAN to a different one is unlikely to help. You could move it to the 10/100 port and see if that helps. It looks like the NIC isn't negatiating the link speed correctly with whatever is at the other end, what is it? Is it set to a fixed speed/duplex?
Do you have photos of the inside?
Steve