Watchguard XTM 5 Series
-
@Alup I don't recall having to use any special address offset when flashing the BIOS chip. I was using flashrom directly with that parallel port cable I made up and it detected it automatically.
It did require the PSU to be connected but not actively powered up, it still supplies 5V to the chip even when powered down.
The times it did manage to flash bad code to it preventing it booting it still powered up, fans and LEDs, but didn't beep or POST. That is a long while back now though. ;)I don't think that PCIe extensions cable you linbked to will work. To use a regular PCIe card with the 'golden fingers' connector require s a female to female PCIe adapter and I've never seen one available.
Steve
-
Yeah, I think I have a blown fuse or something on the board. I originally thought this was a bios issue now im thinking its more like this thing got hit with a huge power surge and fried the board. You are right, that cable wont work without modifying it.
whats really strange is that on my setup if i have the board plugged in but not powered on and i try to flash the bios it fails. however if I unplug the board i am able to flash it. I use a Willem Programmer to flash it, its an old LPT one but it still works great.
-
Is it possible to setup a heartbeat/failover link between two Watchguard XTM 5 series running pfsense? I would like to have this option so I can update one firewall fw, failover to the second, then update the fw on the second and failover to the first one to minimize the down time.
Thanks,
-
Sure set them up as an HA pair as you would for any hardware. I'd probably use the 100Mb port for the sync interface.
https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)
Better to ask questions about that in the CARP board though as it's not hardware specific:
https://forum.pfsense.org/index.php?board=36.0Steve
Edit: Fixed link.
-
Sure set them up as an HA pair as you would for any hardware. I'd probably use the 100Mb port for the sync interface.
https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)
Steve
Hey Steve, this link doesn't have anything in it or on it. It works but the page only has the subject. :)
I have popped into the CARP thread and asked my question.
Thanks,
-
Hi All, After going through this entire threat at least 5 times. I have gone out and purchased a used XTM 5. I have received the new box and it has been sitting waiting for parts. However, last night I booted it up and now port 5 no longer appears to work. Has anyone tried to bring a port back to life? If its not possible I will be setting it up with pfsense and reselling it on ebay with the known bad port. Get my money back and buy a different one and hope I have better luck. I am going to explore some other options for now to try and repair it but I'm not holding my breath.
Also, would it be worth while to flash the bios?Would I be able to just disable that port via the bios? The reason I ask is because right now it boots into pfsense no problem but if I set anything to the em4 port it sometimes gets moved to em3. my guess is because the bad port sometimes works and changes the mac address.EDIT: I updated the bios based on the forum thread and my dead port is just that, dead. I did not see a place to disable the port completely. I have moved all networks to em0 - em3, em4 (really em5). This is the one I leave as my DMZ because it doesn't always come back after reboot
I will update the thread. Thank you everyone who has taken the trip to get the XTM 5 running pfsense. I look forward to my new firewall hardware.
-
Hey Steve, this link doesn't have anything in it or on it. It works but the page only has the subject. :)
I have popped into the CARP thread and asked my question.
Thanks,
Dammit! Auto html chewed off the last ) ::)
Try this.
Steve
-
Has anyone tried to bring a port back to life?
No. Never seen that. It's definitely one of the em ports and not the fxp(10/100) port?
The ports are enumerated in the order they are detected by the OS at boot when it reads the PCI tree. If one of the ports is not detected everything after that will be shuffled down.
If that is happening it may show in the boot log. Possibly as the driver returning code 6, failed to attach. If it shows nothing at all then there's not much we do about that.Steve
-
Has anyone tried to bring a port back to life?
No. Never seen that. It's definitely one of the em ports and not the fxp(10/100) port?
The ports are enumerated in the order they are detected by the OS at boot when it reads the PCI tree. If one of the ports is not detected everything after that will be shuffled down.
If that is happening it may show in the boot log. Possibly as the driver returning code 6, failed to attach. If it shows nothing at all then there's not much we do about that.Steve
Here is the screen to configure my interfaces and you can see the 5 ports are em with a gap in the mac address which is port 5 on the front of the XTM 5. The fxp0 is the 10/100 port and the mac address shows it comes before the em0.
I have not checked the error log yet but I will and if it has a code 6 what does that mean?
-
If you like, i can provide you a image of the Watchguard XTM 5 Fireware software,
to verify if port 5 is faulty or not.
I have once experienced same problem with a port of a Intel Pro 1000 Dual Gigabit not recognized,
and the problem was a mismatch after a config restore.Grtz
DeLorean -
If you like, i can provide you a image of the Watchguard XTM 5 Fireware software,
to verify if port 5 is faulty or not.
I have once experienced same problem with a port of a Intel Pro 1000 Dual Gigabit not recognized,
and the problem was a mismatch after a config restore.Grtz
DeLoreanThat would be awesome! Do you have it somewher eI can download or would you like me to private message you a cloud link?
-
Hi Dazedman,
I send you the link from my site for dl the image.
Grtz
DeLorean -
Thanks for the image but with the hardware upgrade I have done it appears that the fireware does not like some of the hardware or the unlocked bios. The kernal panics and crashed out. I was able to load the recovery partition and it was also missing the 5th 1gb port when it booted up. I am fine knowing it is dead and placed a blank in the port so i dont make the mistake of trying to use it in haste.
thanks again for the help and tips.
-
Hey Steve, this link doesn't have anything in it or on it. It works but the page only has the subject. :)
I have popped into the CARP thread and asked my question.
Thanks,
Dammit! Auto html chewed off the last ) ::)
Try this.
Steve
Meant to ask you Steve how to do use the 10/100 port on the XTM? When I look the LAN available on mine unit it only lists the 4 x 4 ports. Do I need to install a driver to use it or enable something in PFsense?
Thanks,
-
Nothing special is required to use it. It should appear as fxp0 with the em ports.
I'm not quite sure what you mean by '4 x 4' ports though.
Steve
-
Nothing special is required to use it. It should appear as fxp0 with the em ports.
I'm not quite sure what you mean by '4 x 4' ports though.
Steve
Sorry I was thinking back to my x750e which has two separate 4 x 4 10/100/1000Mbit ports that are labeled differently.
-
Ah Ok. No em or fxp NIC on there. But as I said the fxp NIC should appear by default in any pfSense version on the XTM5.
Steve
-
Has anyone tried to look through the Watchguard code to see if it's possible to get their VPN accelerator card working?
I am asking because I just ran R-Tools through my XTM 5 series 1GB CF Cards and managed to get the entire Linux OS with all the libs etc. It looks like the use ELF. It also has another partition that has Executable, Libary, and DLL. I don't see any Dll's in there but I do see ELF Library, Executable and Module at are ELF files.
Just wondering. :)
-
https://forum.pfsense.org/index.php?topic=43574.msg363472#msg363472
https://forum.pfsense.org/index.php?topic=43574.msg412994#msg412994
You havent read all 29 pages! ;D
-
Yes, unfortunately we hit a road block there. Doesn't look like anything has changed in last 3 years either….
Those chips are everywhere, it would be nice to see them supported. I still don't hold out much hope though.
Steve