Watchguard XTM 5 Series
-
I really do recommend that you guys do the bios flash as soon as your able or willing. Its scary because if it crashes then…
But It seems to make things boot better.
But then again as long as you never have to reboot....... ;D
-
For all you guys who have upgraded your processors:
Is it necessary to flash the bios first, or can it be done without, and does the unit change clock speed etc. automatic?
Have you used openvpn, and have you noticed increase in throughput and if so, what is your throughput.
I'd like to saturate a 100 mbit line, preferable with 256 bit
Right now my box with the standard celeron 440 passes 50 mbit (which is mi line's max speed) at 128 bit encryption, but it completely stalls it, fail to write rrd graphs, and becomes unresponsive. The cpu usage is 100 % or near 100 %.Does the unit accept any AES-NI capable processor?
[edit: added 3rd question]
Thanks in advance
/cortex -
For all you guys who have upgraded your processors:
Is it necessary to flash the bios first, or can it be done without, and does the unit change clock speed etc. automatic?
Have you used openvpn, and have you noticed increase in throughput and if so, what is your throughput.
I'd like to saturate a 100 mbit line, preferable with 256 bit
Right now my box with the standard celeron 440 passes 50 mbit (which is mi line's max speed) at 128 bit encryption, but it completely stalls it, fail to write rrd graphs, and becomes unresponsive. The cpu usage is 100 % or near 100 %.Does the unit accept any AES-NI capable processor?
[edit: added 3rd question]
Thanks in advance
/cortex1. You do not have to flash the bios to change out the cpu. At least I didn't, but I ended up doing so later on.
2. I do run openvpn however it is as a client not a host so not sure if it's what you're looking for however I haven't speed tested it yet. Somehow that part slipped my mind.
3. I do not believe the xtm5 series can handle a aes-ni processor. My understanding those started at the i5/7 series processors where as this supports c2d/q processors from the generation before.
-
1. You do not have to flash the bios to change out the cpu. At least I didn't, but I ended up doing so later on.
2. I do run openvpn however it is as a client not a host so not sure if it's what you're looking for however I haven't speed tested it yet. Somehow that part slipped my mind.
3. I do not believe the xtm5 series can handle a aes-ni processor. My understanding those started at the i5/7 series processors where as this supports c2d/q processors from the generation before.
It is running as a client, and I would like to be able to use OpenVPN at even higher speeds than 50 mbit (around 90-100 mbit).
What processor did you slip in your unit?
-
It is running as a client, and I would like to be able to use OpenVPN at even higher speeds than 50 mbit (around 90-100 mbit).
What processor did you slip in your unit?
I'm running a q9550s as its a low power model. I've seen some run full power models but the xtm isn't as fully spec'd as the original Lanner appliance so I didn't want to risk it burning itself up. Plus in all honesty I'm probably overkill as it is as I'm still trying to learn myself.
When I get home I will try to remember to run a speed test. Any preference on what exactly you want measured?
Edit: I did run a speed test however my line is capped at 50Mb down and it hits it just fine. Sorry I can't tell you my actual max.
-
I'm running some vpn clients with 128 encryption algorithm (BF-CBC) and SHA1 160 bit.
The router is fine delivering throughput at 50 mbit with low cpu usage, except (of course) when it is tunnelling all the data through the vpn. If I limit it to 45 mbit the interface stays fine, but at 49 mbit (limited) it starts to hang.
-
Anyone know if the E8400 xeon will work.
It seem like it isn't drawing more power than the supply is rated? -
–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test. ::)Steve
Hello Steve,
I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.This is the error:
_[2.3.1-RELEASE][root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.orgCalibrating delay loop... OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][root@pfSense.localdomain]/tmp:_I would really appreciate it if you would answer on this message, even if it doesn't solve the problem! :P
Looking forward to you reply!
With kind regards,
dehardstyler
-
–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test. ::)Steve
Hello Steve,
I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.I can be wrong, but i think the BIOS versions that Stephen provide, are only for the E-series,
and or not suitable for the XTM 5 series.
Normally a XTM 5 series don't need flashing or a modified BIOS, because this BIOS is newer then the one from the E-series.
I have rebuild last year a XTM 510 for pfSense and after putting in the CF with pfSense, it booted right away.
For Speedstep to enable, this is controlled by de EST driver in pfSense, and not depended from the BIOS,
so for enabling Speedstep, you don't need the modify the BIOS.
Only search for the supported cpu's, and a few settings in pfSense, and Speedstep will work.Grtz
DeLorean -
I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.This is the error:
_[2.3.1-RELEASE][[email]root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.orgCalibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][[email]root@pfSense.localdomain]/tmp:_flashrom -w xtm5_83.rom –programmer internal
You used the exact command Ive used on all my units without issue. From older to newer.. Not sure. Have you tried pulling the battery and letting it sit for a few minutes?
DeLorean- Steve did make a version for these boxes which unlocks the BIOS to enable us to make changes if we so desire. While not crucial it is nice to have control. Ive done all 4 of the boxes that have passed through my shop here.
-
DeLorean- Steve did make a version for these boxes which unlocks the BIOS to enable us to make changes if we so desire. While not crucial it is nice to have control. Ive done all 4 of the boxes that have passed through my shop here.
Thx for the update, i didn't know that there was also a unlocked BIOS for the XTM 5 series :-X
I have last year converted a XTM 510 with pfSense, but everything worked fine without updating the BIOS.Grtz
DeLorean -
–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test. ::)Steve
Hello Steve,
I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.This is the error:
_[2.3.1-RELEASE][root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.orgCalibrating delay loop... OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][root@pfSense.localdomain]/tmp:_I would really appreciate it if you would answer on this message, even if it doesn't solve the problem! :P
Looking forward to you reply!
With kind regards,
dehardstyler
Sorry to inform you. I had this issue once flashing. I used jtag flashing to force the write unto the chip's pins. Go back to earlier post on this thread. A way to force flash is similar to reviving dead xtm5 motherboard. basically the bios was corrupted, no boot or nothing. If yours is still booting, you could leave it as is. Thanks to Steve for helping out he got me to revive my dead board.
-
Well thanks to a search engine, the proliferation of these little "Red" boxes for sale everywhere and a CCNA course I have come to know PFSense.
Thanks to many putting in the time and the jaw-dropping sleuthing on bios and equipment design I now have a XTM 5 with full install of the latest PFSense installed ( with sound on boot-up and shutdown, was a little shocking but nice not to have to eye it to know it is up or down.)I have the MB-7589 W V1.0 (Either A or B, but think it's a B )
(WG factory ) Bios V1.2
1GB DSL Ram @ 800
(have 1GB Transcend WG OS card , now removed)I had an extremely smooth install by doing the following and wanted to share it since I haven't read any post yet.
1 I downloaded PFSense , 64 bit, ISO
2 Formatted spare physical WD 80GB Black laptop drive, gathered free space available
3 Launched Microsoft windows Storage tool, created VHD the same size as the free space on the physical drive to be used ( it was faster to create VHD via Windows OS as opposed to using VirtualBox )4 Spin up Virtual Box and created 64-bit BSD profile and point it to the VHD as its medium
5 Mount PFSense 64 bit ISO into the virtual CD drive and install
6 Configure VGA, set Terminal to 115200 and VT100 in loader and boot configs, setup WebGUI WAN to DHCP and LAN to static IP, save.
7 Shutdown PFSense VM.8 Use Windows OS Storage and mound the PFSense VHD
9 Load Macrium and clone the PFSense VHD to physical WD 80GB Black laptop drive.
10 Put drive in WG XTM 5 and boot ( have sound, serial, and WebGUI )
Note I did remove the 1GB CF cardSeveral reasons I wanted to use this method is to 1 test configurations with snapshots, be able to configure setting and features, have a dirt easy way to roll out a preconfigured install ready to in to an XTM 5 box.
–-------------
Now for the questions...
1 What advantage would flashing the bios give.
2 What flash program and version is showing the best success
3 Does anyone have the SPI pin outs for MB-7589 W V1.0 B or whitepapers for the bios chip?4 Does the XTM 5 actually have VGA 11 pin header , if so - any recommendations for ribbon cable with proper connector pitch with ribbon cable a 15 pin D-sub ?
5 Regarding the PCI-E, "stephenw10 May 03, 2012, 08:17:25 am »", has any one been able to add a M-to-F PCI-E adapter and try a PCI-E card ? -
Now for the questions…
1 What advantage would flashing the bios give.
2 What flash program and version is showing the best success
3 Does anyone have the SPI pin outs for MB-7589 W V1.0 B or whitepapers for the bios chip?4 Does the XTM 5 actually have VGA 11 pin header , if so - any recommendations for ribbon cable with proper connector pitch with ribbon cable a 15 pin D-sub ?
5 Regarding the PCI-E, "stephenw10 May 03, 2012, 08:17:25 am »", has any one been able to add a M-to-F PCI-E adapter and try a PCI-E card ?1. Flashing the BIOS gives you control over the settings that are locked now. While not necessary it is nice to have the option.
2. Flashrom Package is detailed in the forums here.
3. No sorry I do not.
4. I do not believe it does.
5. I have not.To flash your BIOS, use the commands below one at a time from console-
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
-
10 Put drive in WG XTM 5 and boot ( have sound, serial, and WebGUI )
Note I did remove the 1GB CF cardGood job!. Unless you flashed the bios, you will not see the option to disable always boot from CF. Flashing the bios wall allow you to change boot order with multiple drives hooked up. This is one advantage of flashing bios, among the many other options available after flashing.
-
The SPI header pin-out was pretty standard from what I remember off-hand. I thought it was detailed in fact somewhere.
Hmm, looks like some of those links are 404ing… :'(
Steve
Edit: Attached SPI pin-out I used.
-
For all you guys who have upgraded your processors:
Have you used openvpn, and have you noticed increase in throughput and if so, what is your throughput.
I'd like to saturate a 100 mbit line, preferable with 256 bit
Right now my box with the standard celeron 440 passes 50 mbit (which is mi line's max speed) at 128 bit encryption, but it completely stalls it, fail to write rrd graphs, and becomes unresponsive. The cpu usage is 100 % or near 100 %.Thanks in advance
/cortexTo answer at least partly one of my own questions:
I upgraded the unit with an E6400 I had laying around, and i worked smoothly. Just swapped the processors and booted up the unit.
I can now tunnel through 4 vpn's (128 bit) with 100 mbit at around 50 % cpu load.
It will be interesting to see what 256 bit encryption does to the cpu. -
Seems like you may have had something configured wrong there. I would expect far more that 50Mbps even with the original Celeron. Atom D525 could pass 50Mbps OpenVPN.
Of course the usual caveats apply with regard to throughput testing.Seems like it's working well with that upgrade though. :)
Steve
-
Well. Actually my previous internet connection was 50 mbit. With the new 100 mbit I could reach 60-65 mbit, but still the unit would respond very slow, and it would stop writing rrd graphs.
I don't know anything about squeezing extra speed from the encryption/decryption settings. I just used whatever private internet access guides I could find. -
10 Put drive in WG XTM 5 and boot ( have sound, serial, and WebGUI )
Note I did remove the 1GB CF cardGood job!. Unless you flashed the bios, you will not see the option to disable always boot from CF.…..
I have recently installed a SSD in a XTM 515 and did a full install,
i have not flashed the bios and the firewall boots fine straight from the SSD without the CF card.Grtz
DeLorean
