Watchguard XTM 5 Series
-
I just got my XTM 525 machine in the mail today.. I am having a hard time trying to open the case. I unscrewed the 2 screws from the back.. Are there more? What is the secret to open this case?
-
There's third screw in the centre at the back under the warranty sticker (assuming it's like the 1st gen box). Then the whole top slides back a little before lifting off.
Steve
-
There's third screw in the centre at the back under the warranty sticker (assuming it's like the 1st gen box). Then the whole top slides back a little before lifting off.
Steve
Well I got pfense up and running on my XTM 525 from a SSD drive. I had to unplug the CF card in order to boot from the SSD drive. The BIOS is locked down. The unit comes with 2GB of RAM and has the Celeron E3400 2.6GHZ CPU.
I have a few questions:
My WAN is connected to the first gigabit port (em0) on the XTM 525, however the port is registering as 100baseTX half-duplex. My LAN connection (second gigabit port (em1)) is registering as 1000baseT full-duplex. It looks like pfsense is only detecting that the first 2 gigabit ports link is up (em0 & em1). So should I connect it to one of the other gigabit port?
BIOS is in View Only mode - Is there any reason to flash it so I can change the settings in the BIOS?
How can I get the LCD working to show pfsense status?
How can I adjust the fan speed?
Is there a way to SSH in pfsense using the LAN IP address?
-
Don't even think about flashing the bios without confirming the motherboard is identical. The board I have here has a sticker marked "MB7580W CK:9A80 2010-02-02" and the board itself is marked "MB-7580W V1.0C"
Flashing the bios unlocks it, enables speedstep and sets the arm/disarm LED as red at boot but it's not necessary and it a risk, especially for you with your gen2 box.LCD and fan speed are covered in the docs wiki.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Installing_lcdproc_and_the_SDECLCD_driver
and
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Controlling_hardware_with_WGXepcUnder 2.2 the lcd driver is behaving even more oddly than normal though! ;)
To access the box using SSH just enable it in System: Advanced: Admin Access:
The Gigabit ports are identical so moving your WAN to a different one is unlikely to help. You could move it to the 10/100 port and see if that helps. It looks like the NIC isn't negatiating the link speed correctly with whatever is at the other end, what is it? Is it set to a fixed speed/duplex?
Do you have photos of the inside?
Steve
-
Don't even think about flashing the bios without confirming the motherboard is identical. The board I have here has a sticker marked "MB7580W CK:9A80 2010-02-02" and the board itself is marked "MB-7580W V1.0C"
Flashing the bios unlocks it, enables speedstep and sets the arm/disarm LED as red at boot but it's not necessary and it a risk, especially for you with your gen2 box.LCD and fan speed are covered in the docs wiki.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Installing_lcdproc_and_the_SDECLCD_driver
and
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Controlling_hardware_with_WGXepcUnder 2.2 the lcd driver is behaving even more oddly than normal though! ;)
To access the box using SSH just enable it in System: Advanced: Admin Access:
The Gigabit ports are identical so moving your WAN to a different one is unlikely to help. You could move it to the 10/100 port and see if that helps. It looks like the NIC isn't negatiating the link speed correctly with whatever is at the other end, what is it? Is it set to a fixed speed/duplex?
Do you have photos of the inside?
Steve
Switched my WAN connection to another gigabit port and now I am getting 1000baseT full-duplex. So it looks like the first gigabit port port is only reading 100baseTX half-duplex. Not sure if it is by design or the port is bad. Fortunately I have 6 other ports.
As far as photos of the inside, I already installed the unit in my computer rack in the garage. The inside looks identical to the XTM 505.
-
You realise the 1st port, next to the USB ports, is a 10/100 NIC using the fxp driver? Unless of course that's changed in the gen2.
-
Don't even think about flashing the bios without confirming the motherboard is identical. The board I have here has a sticker marked "MB7580W CK:9A80 2010-02-02" and the board itself is marked "MB-7580W V1.0C"
Flashing the bios unlocks it, enables speedstep and sets the arm/disarm LED as red at boot but it's not necessary and it a risk, especially for you with your gen2 box.LCD and fan speed are covered in the docs wiki.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Installing_lcdproc_and_the_SDECLCD_driver
and
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Controlling_hardware_with_WGXepcUnder 2.2 the lcd driver is behaving even more oddly than normal though! ;)
To access the box using SSH just enable it in System: Advanced: Admin Access:
The Gigabit ports are identical so moving your WAN to a different one is unlikely to help. You could move it to the 10/100 port and see if that helps. It looks like the NIC isn't negatiating the link speed correctly with whatever is at the other end, what is it? Is it set to a fixed speed/duplex?
Do you have photos of the inside?
Steve
I am getting the error message "ELF interpreter /libexec/ld-elf.so.1 not found" when running the WGXepc program.
-
Don't even think about flashing the bios without confirming the motherboard is identical. The board I have here has a sticker marked "MB7580W CK:9A80 2010-02-02" and the board itself is marked "MB-7580W V1.0C"
Flashing the bios unlocks it, enables speedstep and sets the arm/disarm LED as red at boot but it's not necessary and it a risk, especially for you with your gen2 box.LCD and fan speed are covered in the docs wiki.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Installing_lcdproc_and_the_SDECLCD_driver
and
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Controlling_hardware_with_WGXepcUnder 2.2 the lcd driver is behaving even more oddly than normal though! ;)
To access the box using SSH just enable it in System: Advanced: Admin Access:
The Gigabit ports are identical so moving your WAN to a different one is unlikely to help. You could move it to the 10/100 port and see if that helps. It looks like the NIC isn't negatiating the link speed correctly with whatever is at the other end, what is it? Is it set to a fixed speed/duplex?
Do you have photos of the inside?
Steve
I am getting the error message "ELF interpreter /libexec/ld-elf.so.1 not found" when running the WGXepc program.
Is 32 vs 64bit the problem?
-
Ah, sorry the docs are aimed at users of older fireboxes. The XTM5 is the first one that's 64bit capable. You need the 64bit compiled version of WGXepc named WGXepc64. It's in the same place:
fetch -o /conf https://sites.google.com/site/pfsensefirebox/home/WGXepc64I'll have to update that doc quite a bit for 2.2. ;)
Steve
-
You realise the 1st port, next to the USB ports, is a 10/100 NIC using the fxp driver? Unless of course that's changed in the gen2.
Yes… The XTM 525 has the 10/100 NIC as well. I was referring to the 1st gigabit port which is em0.
-
I have a xtm 505 that is mostly dead. I believe the bois may be corrupted. When I boot the unit all the LED lights on the board lights up and stay lit. Also the front LCD lights up and front power LED lights up. Nothing else. Console shows nothing. I already cleared/reset bios setting with jumper, didn't help. I know in previous Watchguard untis such as x750e, 1250e the LED lights turn off after bios check. My xtm505, LED lights stay on and nothing else. Unfortunately these boards were created for security purposes and the manufacture is reluctant to share more information. I will attempt to do a SPI header flash with cable.
Thank you, stephenw10 for the bios file you posted here.
Can someone with a working xtm 5 confirm: the LED lights next to the fans turns off after boot? Which ones turn off and which ones stay on after boot? I would also like to know, during boot, does the onboard speaker beep once bios check is successful? Because I do not get any beep.
labels:
686
AMIBIOS
ZU91
7329MB-7580W (version 1.2)
CK-3E83
2010-04-06Thanks for your time and help.
-
Pretty sure the leds all stay on but I can check later today. It should beep at least once. I recently made a few changes to the BIOS settings on my box and now it beeps a lot. I think I disabled the on-board graphics.
Edit: Yep all the LEDs stay on. They appear to be indicators on the various voltage lines from the PSU hence one stays on constantly even in standby.
Do your fans slow down after switching on? I believe that in controlled by the bios code. I'm fairly sure when I hosed the BIOS on my box the fans stayed at maximum speed.Steve
-
Thanks for the reply. No change in fan speed. Speed is constant, and nothing display on console. All lights lit up. I have several cisco db9 to RJ45 cables, so I know console cables should work. My best bet is bad bios. I'm not electronically savvy, so I will not be building a parallel to spi flash cable. I also have 3 old motherboards lying around with bad bios, about time I buy a flash cable. Currently waiting for the cable. The XTM 5 I purchased from ebay at a discounted price, knowing it does not function.
If this device has a bad bios, I wonder if a customer could have corrupted bios with Watchguard OS upgrade. Does anyone know if any Watchguard OS upgrade actually change bios settings?
Steve, do you remember? When you corrupted/bricked your bios, does it do what I described above? Or do I actually have a paper weight? No, just asking if you remember, don't perform brick on your unit.
I tried pulling memory card out to see if the bios would react to no memory, but same symptom as described above.
I also tried pulling the CPU out to see if the bios would react to no CPU, but same thing as described above. There is LED light next to cpu, underneath heatsink that lights up when NO cpu is present. This LED light is off when cpu is in present.
-
Do you have a CPU you can try in place of the one that came with it?
Mine did exactly as yours when I tried a Pentium 4 chip in it that I had lying around…
-
Yep that's exactly what it does when it fails to run the bios code. That can be because it has a corrupted bios but also because there's no cpu or a bad cpu or a bad motherboard.
Steve
Edit: typo
-
Hope I don't have a bad motherboard. Hope it's just bios. I did try a different cup, intel e5300. Same results. Thanks for the info.
-
Hi Everybody,
I search an VGA Cable for my XTM5? Is there a way to buy one online? Thanks
-
Have a look at this:
https://forum.pfsense.org/index.php?topic=61970.msg425561#msg425561Steve
-
Steve, can you please provide wiring diagram from printer port to SPI pins? Thank you! I may just have to create one.
So I got my bios programmer from the mail today. I could not find any information on connecting the ISP interface on the programmer to the SPI pins on the motherboard. Any idea would be helpful, thank you.
Some good guess are:
SCL(CLK) = (pin eight) ICH_SPI_CLK
SO(DO) = (pin 5) SB_SPI_MISO
SI(DI) = (pin 10) ICH_SPI_MOSI
CS(CE) = ?
VCC = ?On the motherboard I have no idea what these are use for
(pin 3) ICH_SPI_CS0#
(pin 4) V_3P3_SPI_R
(pin 6) 6 SPI_HD_N
(pin 7) KeyTop photo is bios chip programmer, isp interface. Bottom photo is SPI pin on motherboard.
-
I used the diagram on this page: http://rayer.g6.cz/elektro/spipgm.htm to build my cable. It has some translations of the different pin labels.
Looks like the only thing you don't have is:
SPI connector (pin 3) ICH_SPI_CS0# is = CS(CE)You don't need to connect Vcc as the chip is powered by the XTM PSU when it's in standby. Also you don't need to pull up the write-protect pin, which is lucky as it's not connected. You do need to connect the GND pin (9).
Looking at my cable which I know works I can also see that I have pins 4, 6 and 7 tied together but not connected to anything at the reader end. I can't remember why I did that! ::) There was some further info in the flashrom source code I think.
Steve
