Watchguard XTM 5 Series

stephenw10

Hi,
The LCD wont show anything else until you load the driver and program to control it in pfSense.
You shouldn't need to anything to boot pfSense other than swap out the CF card. Even with no CF card you should still see the BIOS output on the serial console. It sounds like you have a bad cable somehow.

Have you confirmed that the hardware is good by booting the Watchguard OS?

Steve

TuxToaster

Hello all,

I've got a 505 on the way, as well as a quad core 8200S + low profile fan and heatsink. I've been digging through this thread and a couple of others, and hopefully the install will go smoothly, but I've got a few questions:

1. Is the max RAM allowed 4 GB or 8 GB? I see the note that the chipset supports 8, but seems like everyone is doing 2-4 GB. I'm planning on running Snort on it, so more is better. But I saw that the FW-7850 says it supports up to 8, though it sounds like that might be an optional configuration:

Up to 8 Gb of Memory: With 2 additional 240p DIMM slots this network appliance can hold a maximum 8 GB of RAM

2. Specifically what memory is needed? DDR2 800mhz? Or does it support something different?

3. I saw a comment elsewhere referencing this thread saying removing the CF card will allow USB to be booted so that you can install on to a HDD/SSD directly. Is this correct?

4. And finally, can we put together an updated list of versions or links to the most recent BIOS image, DSDT, WGXepc and lcdproc? This thread has only been going for 3 1/2 years, so it's kind of fun to figure out which mentions of images, etc. are the most current and which were from earlier testing.

gharris

I'd also love to see that as I'm also going to very soon be in the same type of boat.

TuxToaster

Here's what I've figured out so far:

1. Max memory - I did finally find the other thread where someone mentioned more memory, BUT I can't tell if he meant to say "I didn't boot with more than 4GB" meaning he didn't try, or "It didn't boot with more" meaning it failed to boot.

I did determine that what a few people have run into is that any 4GB sticks are going to either be high or low density chips, and high density is only supported on AMD platforms. So for this you'd need 4GB low density sticks, and those are not nearly as cheap or as plentiful.

I've taken the plunge and ordered 2x4GB DDR2 800mhz low density sticks at a cost of $144 to see if they work, so I'll be sure to let everyone know. If they don't, I'm definitely getting a refund, as I don't have anything else that will need them ;-)

2. Memory speed - Best I can tell 800Mhz is probably the best to get here. I don't think the board supports anything faster, and it appears at least other boards with the G41 chipset don't handle overclocking well, not to mention that is likely not an option on this board given the limited BIOS.

3. HDD - From a couple other posts it seems that the USB can be made bootable in the BIOS. I'm still not sure whether this is done by disabling the CF or a separate option, but I'll find out and make a note once my box arrives.

4. List of links and updates - I'll try to compile a list of the latest links I can find as well as what upgrade options appear to be supported. Then we'll see if we can get someone to update the Wiki page with it.

stephenw10

Hey,
Yikes, that's expensive! I have 1GB in my box and haven't used that yet. As I wrote in the wiki the board will take 4GB, the chipset claims to support 8GB but that might be in 4 slots. I've not tried. The FW-7580 claims to support 8GB also though and there don't appear to be any unpopultaed slots on the PCB. But as you said:

Up to 8 Gb of Memory: With 2 additional 240p DIMM slots this network appliance can hold a maximum 8 GB of RAM

I haven't actually managed to make it boot from USB though it's been a while since I tried. I've always run from CF.

There has only been one bios image posted, linked here. You don't need to flash that to run pfSense though.
The DSDT table I made, such as it is, is here. It didn't do much though and is specific to the E4500 I'm running.
LCDproc is available via the latest lcdproc-dev package.

Steve

TuxToaster

Yeah, I'm mainly concerned with memory as I'll be running Snort on multiple interfaces and I want to be sure that it's not going to have any issues. I figure a quad core 8200S plus 8 gigs should prevent any need to upgrade later, except to possibly a 9550 or a Xeon if it feels like it could use a small boost.

We'll know pretty quickly if the 8GB works or not though. I figure if it will take one 4GB stick there isn't much reason for it not to support two ;-)

Thanks for the links. I thought there was a couple other versions of the BIOS, but they may have just been references back to the same post. I'll likely do the BIOS update as others have had success with it so I don't see much risk there.

TuxToaster

OK, some good news, 8 GB is confirmed as supported as long as you're using low density DIMMs.

I'm just waiting for my processor and a spare SATA cable to show up, though I'm tempted to swipe a cable out of one of my other systems to get started so that I don't have to wait.


TuxToaster

All installed and happy! Took some work to get it to boot anything for some reason, though. I did confirm that the stock BIOS will recognize a USB flash drive, and removing the CF appears to position the USB as bootable… but no matter what I did to either the CF or the USB I couldn't seem to get it to boot either of them. It would just stop after the BIOS output with no errors or movement.

I ultimately ended up plugging in a USB to SATA cable to the hard drive (which was a little tight since I didn't want to remove the HDD from the Watchguard) and booted the same USB stick on a laptop. While it did boot, I ended up reflashing the USB once more with the non-serial version so that I could actually run the installer, then installed to the drive in the Watchguard.

It didn't have a problem booting from the HDD installation, luckily, so I set up a barebones config from the command line so that I'd have a network connection, grabbed the updated BIOS image and flashed it, racked the box, and then restored my modified config file and switched my connections over.

So, to sum up some lessons learned:

1. Upgrading to a Core2Quad 8200S and 8GB of RAM (two 4GB DDR2 800mhz low density sticks) worked perfectly without any other changes or tweaks necessary.
2. The stock BIOS did recognize both the HDD and USB just by plugging them in and booting.
3. Removing the CF card will cause the BIOS to set either the USB or HDD as bootable. Whether or not it will actually boot from them is another story…. ;-)
4. Flashing the BIOS worked perfectly. However, flashrom now requires you to specify the programmer to be used for flashing, so the command line becomes:

flashrom -w xtm5_83.rom --programmer internal

5. At least in my case, the CMOS did need to be cleared after flashing the BIOS for settings to be changed.
6. The "user password" was still set in the BIOS, though it didn't cause any problems, I made sure to clear it just in case.
7. I wanted to use lcdproc-dev directly so that I could try out the screens from the UI. As others have pointed out, the client has issues connecting to the server, which appears to be because localhost resolves to ::1. But if you haven't set up IPv6, the server won't be listening there. So I simply commented out the ::1 entry in /etc/hosts as I'm not using IPv6 on this network at all, and lcdproc thus far appears to be working without issue.

I think that about covers it. I'll follow up here if I run into any trouble or come up with anything fun, as I plan on fiddling with the lcdproc a bit at some point to at least see if I can make it a bit less finicky if/when time permits.

22213w

Hi All,

Just trying to read everything I can but I have a question about Stock BIOS or Flashrom.  Can I upgrade the CPU to a Xeon and Menory using the Watchguard Stock BIOS or do I need to flash the Bios with Flashrom…..

Thanks

TuxToaster

It is not necessary to flash the BIOS unless you want to make use of speedstep or specific features.

I upgraded both the RAM and processor before touching the BIOS to verify that everything was working, and it had no problem detecting them. Keep in mind that you will likely need to do some modifications to the processor and socket to do the Xeon, but the Core2 processors are supported natively.

22213w

Thanks TuxToaster for you speedy reply. I'm currently try to win a xtm 5 on ebay now.  As for modifications to the Xeon chip or socket it is my understanding the socket is a lga775 as per the link below and this guy is running a  Xeon 3370 Quad Core with 4x 3GHz. Please take a look at the web page you need to use chrome to translate to english and tell me what you think….

http://www.triebwerk23.de/joomla/index.php/firewalls/watchguard-xtm-5-xtm-505-515-525-545-pfsense-64-bit

Thanks

TuxToaster

Good luck with the bid! As for the Xeon, it looks like a 3370 would actually work, as it is a LGA775 socket. Many of the Xeons are 771 sockets and have to be modified slightly to work.

So the 3370 will fit, the main concern I think anyone would have is the power usage, as it is a 95W TDP, as opposed to the 65W CPU that the machine is shipped with. The motherboard does indeed support it, but the power supply and cooling system are smaller than those in the system that the Watchguard was based on. I know a few others here have reported similar processors worked for them. You would just want to be cautious of the power usage and heat, particularly if the box is under a heavy traffic load.

It's worth noting that there is no fan directly over the CPU, there are two fans at the back of the case and the enclosure goes over both and the heatsink, but under extreme temperatures that may not move heat away from the CPU surface as quickly as a fan directly on the heatsink might, so it might pose problems down the road. I actually looked at putting in a low profile heatsink with fan on it, but it was slightly too tall to fit in the case.

As others have said, this is probably not a big issue and will likely work, but just some things to think about.

stephenw10

The FW-7580 that the XTM5 is based on was rated for 95W CPUs but it had more fans and a bigger PSU. I haven't fitted anything >65W myself.
I personally think that the ducted cooling solution used by Lanner/Watchguard is much better than a fan on the CPU directly. It may allow the CPU the become slightly hotter but it keeps everything else much cooler by extracting the hot air from the case.

Steve

clifcox

Greetings,

I just got two XTM 510s today, and after testing each port to satisfy myself that the units were fully functional, I took the time to inspect and write down some part numbers so I could easily replace fans and the like when they wore out. The PS fans are already starting to rattle and warble a bit. I hope this info will be suitable for the

https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox

page.

Watchguard XTM 510

HW Model: NC2AE8
Mother Board: MB-7580 W V1.2 A
Fans: Sunon Maglev GM1204PQB1-8A
    1.5" x 1"
PS: FSP Group inc Model:  FSP-150-50LE
Total 150W
Fan: Protechinc electric: MGA4012YB-A15
1.5" square x 0.5" thick
One SATA power connector

The second one:

Mother Board: MB-7580 W V0.3 B
PS: Seventeam Model:  ST-220FUB-05E
Total 220W
Fan: Sunon Maglev KDE1204PKVX
1.5" square x 0.75" thick
Two SATA power connectors
Rack Ears: WG8544

Hope that's helpful,
Clif

22213w

@TuxToaster

Thanks for your input about the power usage of the watchguard shipped with 65w CPU. I guess going over 65w may overheat.  So I did some research and found this person on ebay selling a watchguad 510 with pfsense on it that he upgraded the cpu to xeon L5410 lga 771. The xeon L5410 is rated at 50w so that is within spec but I would need to do a Mod. to the CPU and mother board socket.

I won the bid for the Watchguard xtm so I should be getting it by this Tuesday and I order the xeon L5410 with conversion sticker to lga 775. 4 gb of LD ddr2 of ram.(I can't afford 2x4gb of ddr ram it cost like $140). I hope everything works when I put it together. I will leave the stock BIOS for now. But I may want to flash it if I feel risky.

Here is the link for LGA 771 to 775 MOD
http://www.overclock.net/t/1384920/good-news-for-the-lga775-now-771-is-available-to-convert-to-775-motherboard

gharris

Just finished installing on a XTM 505 and a XTM 515.  I  put the pfsense-memstick-serial image on the 1 GB CF cards that were in the boxes, after making a backup image of the cards for safety sake.  Plugged in a SATA SSD in each box, then booted, reading via serial connection at 115200 baud, till the BIOS finished loading. I then quickly reconnected at 9600 baud to get to the install screens.  (You could skip watching at 115200, and just wait until the 9600 baud took over.)  I did the Serial Kernel rather than the Standard Kernel, (or is it Custom?), so that I could get to the boxes after it rebooted without having to remove the SSDs and add the serial config info to the /cf/config/config.xml file.  After the successful install, I removed the CF cards and booted up without a hitch.

If you are moving configs from an older setup to a new setup, the Ethernet ports are FXP0 for the 10/100 port, and then EM0 through EM5 for the gigabit ports.  And remember to watch out for find and replace replacing parts of your certificates!  :o

stephenw10

Yeah, don't use find and replace for converting interface names. That is the road to errors and confusion!  ;)
I'm surprised you had to use 9600 for the memstick-serial images. Everything should be at 115200 from 2.2 on.

Steve

22213w

Hi All,

Well got my Watchguard 505 in yesterday and had trobule installing and booting of a sata hard drive. It so happens @gharris sent out a message on what procedure gharris did and it worked like a charm.

Now I tough I can upgrade the CPU so looking around this forum some people said they where able to get a xeon lga771 to 775 up and running with stock bios. Well I did the procedure put the sticker on the CPU and cut out the tabs. Place 2 different xeon lga771 chips in and nothing. I will not boot.

So I decided to flashrom the bios which is pretty easy and that didn't help.  Do I need to upgrade the bios? if so where can I get it.

If any one that did this conversion please let me know how you did it. I really would like to get ithe watchguard up and running with the xeon cpu

many thanks!

stephenw10

Have you proven the CPU in a 771 board? Perhaps it's dead. I assume that when you try to boot it you are seeing nothing at all, the same as if you boot with no CPU in it?
I haven't attempted this conversion but it looks like the placement of the adapter is critical and requires a fair degree of precision.

Steve

22213w

Thanks for getting back to me. No I can't prove the CPU works because I don't have any 771 motherboards. But I purchased 2 CPU's for that reason and both don't work. Yes when I boot it is blank just like as if there is no CPU in the xtm5.  The adapters took a lot of time to put on and on both CPU's I did my best putting them on. So I assume it is on correctly on each CPU.

There are a few amount of people in this thread said that they did the conversion but did not leave instruction on how they did it. Can someone that was successful on doing the 771 to 775 conversion please share what they did.

Many Thanks!