Watchguard XTM 5 Series
-
For anyone struggling to get this to boot from USB (as I just have been ::)) the key BIOS setting is to set 'Always boot from CF' to disabled.
Steve
-
Thank you to all of you for all the detailed posts in this thread. I have a question.
I know version 2.3.3 came out a couple months ago, (and now 2.3.3-p1 is out) is out. Has anyone tried it on their XTM 5?
Is there any reason it shouldn't work?
Is there any reason to stick with an older version?I have a box on its way to me and this will be a good project for me this weekend.
-
It will work fine. No reason to use an older version.
I'm running 2.4Beta on mine currently.
Steve
-
It will work fine. No reason to use an older version.
I'm running 2.4Beta on mine currently.
Thank you Steve for the quick reply. Have you seen any issues with 2.4?
Also, am I right in understanding that 2.4 will be the last version that will work with the XTM 5 series?
I saw that 2.5 is going to require a CPU that has AES-NI, and there are no LGA 775 CPUs that include it. -
No issues with 2.4. I run it on almost everything I have here that can run it.
Yes, in all likelihood 2.5 will not run on it as there are no AES-NI capable CPUs as you said. Even those modded Xeons.
That's some way off yet though and 2.4 is not just going to disappear.
Steve
-
I have gotten my hands on an XTM 5. This is the NC2AE8, which I think is the second generation XTM 5. This one is configured for XTM 535 and still has the original system on the card.
The bios shown in the boot screen says "WG BIOS 1.3". The OS running now says "Fireware 11.9.3".
I am getting confused with the various posts on here about whether or not I need to flash the bios. Is this a generation 2 XTM 5? Is there a new BIOS for it?
This box only has a 1GB CF card, and I want to install 2.3.3, So the first thing I'm doing is going out to find a larger card. (Probably end up having to buy a 16GB. Can't find any 4 or 8 around, and if I order them, they are just as expensive as a 16. I HOPE I can get it built with the 2.3.3 image.
So… can anyone answer my question about the BIOS, and any other tips I should watch out for with this box?
Thanks much!
-
Oh, and a second question as well….
Does anyone know if this one (see post above) is bootable from USB and how to get it to do so?
-
I have gotten my hands on an XTM 5. This is the NC2AE8, which I think is the second generation XTM 5. This one is configured for XTM 535 and still has the original system on the card.
The bios shown in the boot screen says "WG BIOS 1.3". The OS running now says "Fireware 11.9.3".
I am getting confused with the various posts on here about whether or not I need to flash the bios. Is this a generation 2 XTM 5? Is there a new BIOS for it?
This box only has a 1GB CF card, and I want to install 2.3.3, So the first thing I'm doing is going out to find a larger card. (Probably end up having to buy a 16GB. Can't find any 4 or 8 around, and if I order them, they are just as expensive as a 16. I HOPE I can get it built with the 2.3.3 image.
So… can anyone answer my question about the BIOS, and any other tips I should watch out for with this box?
Thanks much!
Does anyone know if this one (see post above) is bootable from USB and how to get it to do so?
We had a second generation box come through. It has-
Intel(R) Celeron(R) CPU E3400 @ 2.60GHz 2 CPUs: 1 package(s) x 2 core(s)
Vendor: American Megatrends Inc.
Version: 080015
Release Date: 02/03/2010 BIOS is identically identified as my earlier box that came with a single core proc.You have to flash the BIOS if you want -
To change any settings in BIOS..
To see a red Arm/Disarm LED in contrast to a green color when you first boot the box and before your copy of WGXepc64 does it work..
To disable boot to CF if you want to boot from the USB drive as explained by Steve a few posts up.
To play with the fan controls in BIOS.The box will boot pfSense from a cf card without flashing the BIOS.
-
Untill now i havn't updated the BIOS on a XTM5 series,
but i'm considering of doing it.If the BIOS chip wasn't soldered on the motherboard, i had tried this a long time ago.
On the previous Watchguard model like the X-E Core series, the BIOS chip is easy to remove,
and i have spare empty chips and a programmer available, so nothing can't go wrong.But before i go that way on the XTM5 series, i want to know if there is a step by step guide to do this,
and a step by step guide how to recover from a bad BIOS update?
I have seen a post by Stephenw10 about a selfmade cable, but that wasn't clear for me.Thanks in advance for the help.
Grtz
DeLorean -
You have to flash the BIOS if you want -
So… does that mean you have flashed a second gen box?
If so, then what file did you flash from? (Have a link?)But before i go that way on the XTM5 series, i want to know if there is a step by step guide to do this,
and a step by step guide how to recover from a bad BIOS update?
I have seen a post by Stephenw10 about a selfmade cable, but that wasn't clear for me.Yes, I agree. Since this is my first Watchguard box, I want to be completely up to date with all the options, so I'm looking to do the LCD mod as well, but the BIOS is my main concern at first.
StephenW10… any hints or howtos you can offer about flashing the bios in a second gen XTM 5?
Thanks.
-
I've never seen a second gen XTM5 so I can't tell anything for sure but as far as I'm aware they are identical. Only the CPU changed. I believe the BIOS should work on either though I've never tried it. (Your firewall may catch fire etc! ;))
The SPI header is standard from what I can see. You should be able to program it with any SPI compatible device.
I used the incredibly simple parallel port cable because I had parts available at the moment, it worked fine. I'm not sure I have a machine with a parallel port any longer though. ::)
Steve
-
I have a Nano programmer like this picture.
I guess that i can use a SPI connector and connect the pins that are needed
to the 8 pin socket ?
If that's the case, then it's a piece of cake ;DGrtz
DeLorean
 -
So… does that mean you have flashed a second gen box?
If so, then what file did you flash from? (Have a link?)Yes we have.
I used the same BIOS supplied by Steve.
Ive got another coming soon.
-
Yes we have.
I used the same BIOS supplied by Steve.
Ive got another coming soon.
Ok… so the bios can't be flashed with a utility run from the OS? (Like AWDflash)?
It has to be done with special cables?Anyone have a link to a post that shows the instructions for a bios flashing guide?
And a link where Steve's version that works is located?
-
Ok… so the bios can't be flashed with a utility run from the OS? (Like AWDflash)?
Not true. Ive used AWDflash every time.
Use a command window via com port or SSH.
Enter these commands one at a time from the console. ( selection 8 )
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
This of course assumes you have pfSense already up and running on the box which is possible without ever touching the BIOS settings. :)
-
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
-
Ok… so the bios can't be flashed with a utility run from the OS? (Like AWDflash)?
Not true. Ive used AWDflash every time.
Use a command window via com port or SSH.
Enter these commands one at a time from the console. ( selection 8 )
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
This of course assumes you have pfSense already up and running on the box which is possible without ever touching the BIOS settings. :)
Can these commands also be done trough the Web UI and go to Diagnostics -> Command prompt ?
Grtz
DeLorean -
Can these commands also be done trough the Web UI and go to Diagnostics -> Command prompt ?
Maybe but I would not want to. If it asks you to hit 'y' to continue for example the GUI page will just hang. You would have to be sure it won't.
Just use SSH instead. I'd prefer that over the serial console that can sometimes show odd characters etc which you don't want when you're flashing the BIOS!
Steve
-
Can these commands also be done trough the Web UI and go to Diagnostics -> Command prompt ?
Maybe but I would not want to. If it asks you to hit 'y' to continue for example the GUI page will just hang. You would have to be sure it won't.
Just use SSH instead. I'd prefer that over the serial console that can sometimes show odd characters etc which you don't want when you're flashing the BIOS!
Steve
Thx, i shall try SSH.
Any idea of the Nano programmer in my previous post could work ?
That way, the BIOS can be flashed "offline" with the firewall off, and with the powercord connected to the firewall,
so that the BIOS chip is already powered up.
This method (if it works) can then also be used to recover from a bad BIOS update.Grtz
DeLorean -
Looks like it might potentially but I'd have to research it. You'd need some sort of adapter cable, looks like it's designed to flash SPI chips that are removable.
Steve