Watchguard XTM 5 Series
-
So… does that mean you have flashed a second gen box?
If so, then what file did you flash from? (Have a link?)Yes we have.
I used the same BIOS supplied by Steve.
Ive got another coming soon.
-
Yes we have.
I used the same BIOS supplied by Steve.
Ive got another coming soon.
Ok… so the bios can't be flashed with a utility run from the OS? (Like AWDflash)?
It has to be done with special cables?Anyone have a link to a post that shows the instructions for a bios flashing guide?
And a link where Steve's version that works is located?
-
Ok… so the bios can't be flashed with a utility run from the OS? (Like AWDflash)?
Not true. Ive used AWDflash every time.
Use a command window via com port or SSH.
Enter these commands one at a time from the console. ( selection 8 )
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
This of course assumes you have pfSense already up and running on the box which is possible without ever touching the BIOS settings. :)
-
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
-
Ok… so the bios can't be flashed with a utility run from the OS? (Like AWDflash)?
Not true. Ive used AWDflash every time.
Use a command window via com port or SSH.
Enter these commands one at a time from the console. ( selection 8 )
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
This of course assumes you have pfSense already up and running on the box which is possible without ever touching the BIOS settings. :)
Can these commands also be done trough the Web UI and go to Diagnostics -> Command prompt ?
Grtz
DeLorean -
Can these commands also be done trough the Web UI and go to Diagnostics -> Command prompt ?
Maybe but I would not want to. If it asks you to hit 'y' to continue for example the GUI page will just hang. You would have to be sure it won't.
Just use SSH instead. I'd prefer that over the serial console that can sometimes show odd characters etc which you don't want when you're flashing the BIOS!
Steve
-
Can these commands also be done trough the Web UI and go to Diagnostics -> Command prompt ?
Maybe but I would not want to. If it asks you to hit 'y' to continue for example the GUI page will just hang. You would have to be sure it won't.
Just use SSH instead. I'd prefer that over the serial console that can sometimes show odd characters etc which you don't want when you're flashing the BIOS!
Steve
Thx, i shall try SSH.
Any idea of the Nano programmer in my previous post could work ?
That way, the BIOS can be flashed "offline" with the firewall off, and with the powercord connected to the firewall,
so that the BIOS chip is already powered up.
This method (if it works) can then also be used to recover from a bad BIOS update.Grtz
DeLorean -
Looks like it might potentially but I'd have to research it. You'd need some sort of adapter cable, looks like it's designed to flash SPI chips that are removable.
Steve
-
I had a chance to re-visit my code that controls over the weekend and unfortunately I had not simply omitted the CPU fan register.
For some reason, even though the superio chip has control for 3 fans built in, the CPU fans are controlled by another chip which is only accessible via SMBus. Outside my coding skills at this point. ::)
Steve
-
Looks like it might potentially but I'd have to research it. You'd need some sort of adapter cable, looks like it's designed to flash SPI chips that are removable.
Steve
I have ordered a so-called SOIC8 SOP8 Flash Chip IC Test Clip socket adapter :
http://www.benl.ebay.be/itm/SOIC8-SOP8-Flash-Chip-IC-Test-Clip-socket-adapter-BIOS-24-25-93-Programmer-93C46-/162448341653?var=&hash=item25d2acfa95
mcsHYzReWIaiehW6J_jJUCg
Normally this wil fit the Nano programmer that i have.
I let you know if it worked when it arrived (normally within a couple days).Grtz
DeLorean
 -
I'm thinking about upgrading the memory on my XTM 535.
What is the max it can take, and does it have to be done in pairs? I currently have two 1gb sticks.
I'm finding that buying 2 4GB sticks is much cheaper than 2 2GB sticks, and one 8GB stick would be just a little more.
So the first question is, "what are my options for upgrading?"
And the second question, "What is the benefit of upgrading?" (In other words, would it make any difference or just be a waste of money?)
I have a fairly small network, about 30 machines, and then guests/visitors that could be sometimes another 40-50 devices.
I am thinking about using Snort and Squid. Install is on a 2.5" hard drive with plenty of space (had a spare 500gb drive laying around) so that would be used for the Squid cache.So do I want more memory? Do I need more memory? Or is 2gb sufficient?
Thank you.
-
For normal use is 2Gb RAM more then enough.
For running Squid and/or Snort, i recommend 4Gb RAM and a faster cpu, if that's not already happend.
Also, the speed of the RAM is important, it must be a least 667Mhz, lower will not work.
I use always 800Mhz RAM, same speed as the RAM that came with this type of XTM5.Grtz
DeLorean -
OK, so I need to verify something with flashing my BIOS because something didn't work (and thankfully didn't do anything to the box).
I'm going to put as much information here that I hope might be helpful.
Command "flashrom –programmer internal" returned:
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64)
flashrom is free software, get the source code at https://flashrom.orgCalibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
No operations were specified.Then I ran "flashrom -V -r –programmer internal".
It comes back with a bunch of info. I trimmed what you see below to the lines I think might be the most important.Initializing internal programmer
No coreboot table found.
Using Internal DMI decoder.
DMI string chassis-type: "Desktop"
DMI string system-manufacturer: "To Be Filled By O.E.M."
DMI string system-product-name: "To Be Filled By O.E.M."
DMI string system-version: "To Be Filled By O.E.M."
DMI string baseboard-manufacturer: "To be filled by O.E.M."
DMI string baseboard-product-name: "To be filled by O.E.M."
DMI string baseboard-version: "To be filled by O.E.M."
Found Winbond Super I/O, id 0x82
Found chipset "Intel ICH7/ICH7R" with PCI ID 8086:27b8.
Enabling flash write… Root Complex Register Block address = 0xfed1c000
GCS = 0x810460: BIOS Interface Lock-Down: disabled, Boot BIOS Straps: 0x1 (SPI)
Top Swap: not enabled
...
Maximum FWH chip size: 0x100000 bytes
SPI Read Configuration: prefetching disabled, caching enabled,
BIOS_CNTL = 0x01: BIOS Lock Enable: disabled, BIOS Write Enable: enabled
SPIBAR = 0x00000008007c5000 + 0x3020
...
The following protocols are supported: FWH, SPI.
...
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI).
Reading flash... done.I tried the following command to flash (adding the -V for verbose output): "flashrom -V -w xtm5_83.rom –programmer internal"
Enabling flash write… Root Complex Register Block address = 0xfed1c000
GCS = 0x810460: BIOS Interface Lock-Down: disabled, Boot BIOS Straps: 0x1 (SPI)
...
Maximum FWH chip size: 0x100000 bytes
SPI Read Configuration: prefetching disabled, caching enabled,
BIOS_CNTL = 0x01: BIOS Lock Enable: disabled, BIOS Write Enable: enabled
...
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
Chip status register is 0x00.
Chip status register: Status Register Write Disable (SRWD, SRP, ...) is not set
Chip status register: Bit 6 is not set
Chip status register: Block Protect 3 (BP3) is not set
Chip status register: Block Protect 2 (BP2) is not set
Chip status register: Block Protect 1 (BP1) is not set
Chip status register: Block Protect 0 (BP0) is not set
Chip status register: Write Enable Latch (WEL) is not set
Chip status register: Write In Progress (WIP/BUSY) is not set
...
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI).
Flash image seems to be a legacy BIOS. Disabling coreboot-related checks.
Reading old flash chip contents... done.
Erasing and writing flash chip... Trying erase function 0... 0x000000-0x00ffff:S, 0x010000-0x01ffff:S, 0x020000-0x02ffff:S, 0x030000-0x03ffff:S, 0x040000-0x04ffff:S, 0x050000-0x05ffff:S, 0x060000-0x06ffff:S, 0x070000-0x07ffff:S, 0x080000-0x08ffff:S, 0x090000-0x09ffff:S, 0x0a0000-0x0affff:S, 0x0b0000-0x0bffff:S, 0x0c0000-0x0cffff:S, 0x0d0000-0x0dffff:E, 0x0e0000-0x0effff:S, 0x0f0000-0x0fffff:S
Erase/write done.
Verifying flash... VERIFIED.
Restoring MMIO space at 0x8007c8070
Restoring MMIO space at 0x8007c807c
Restoring MMIO space at 0x8007c8078
Restoring MMIO space at 0x8007c8076
Restoring MMIO space at 0x8007c8074
Restoring PCI config space for 00:1f:0 reg 0xdcFinally, when running the command to verify the image: "flashrom -v xtm5_83.rom –programmer internal"
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p19 (amd64)
flashrom is free software, get the source code at https://flashrom.orgCalibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
Reading old flash chip contents... done.
Verifying flash... VERIFIED.So…. the way I'm seeing it, it supposedly flashed the chip.
But then I shut the system down, and then power on again.
I get to a shell and again run: "flashrom -v xtm5_83.rom --programmer internal"This time, I get this:
Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
Found Micron/Numonyx/ST flash chip "M25P80" (1024 kB, SPI) mapped at physical address 0x00000000fff00000.
Reading old flash chip contents... done.
Verifying flash... FAILED at 0x000dc000! Expected=0xff, Found=0x05, failed byte count from 0x00000000-0x000fffff: 0x113And when I go back into the BIOS next time, everything is still the same, and everything is locked except for date and time.
I'm open to suggestions.
Did I miss a step?
Did I use the wrong commands?
Did I use the wrong file?Thanks in advance.
-
Looks like you didn't actually run the write command so it never wrote the file to the flash.
Steve
-
Is this the proper command to write the file?
flashrom -V -w xtm5_83.rom –programmer internal
-
Is this the proper command to write the file?
flashrom -V -w xtm5_83.rom –programmer internal
Ive never used the -v switch but my guess is it should go after the write switch if your going to use it.
flashrom -w xtm5_83.rom –programmer internal -v or
flashrom -w -v xtm5_83.rom --programmer internal
-
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
needs a little bit of updating for the 2.4 branch.
;)
-
Add to those instructions to pull the battery for a while after flashing. That was my problem, I had been writing the flash file, and it said it was verified, but after reboot, still locked out. Pulled the battery for 10 minutes, put it back, booted up and all is good now.
So now I have my BIOS flashed.
I have LCDProc working great.Memory. I have two 1GB sticks on board now.
Considering some of what I've been reading about 2.4 and using ZFS file systems, it looks like creating a RAM disk is a good idea.
I believe someone on here posted that they have gone up to 8GB with no issues. Assuming that's 2x4GB… What else are the specs for RAM?
DDR2
800MHz
PC2-6400 ? Is that correct ?
240 pinsWhat else do I want to do before I make this "production-ready"?
Suggestions? Favorite add-on packages (already have Shellcmd and LCDProc).
-
flashrom -w -v xtm5_83.rom –programmer internal
That one won't work. The file name has to be after the -w.
Turns out mine was working… I just needed to pull the battery while powered off and when I brought it back up, the new BIOS was running.
-
That one won't work. The file name has to be after the -w.
Turns out mine was working… I just needed to pull the battery while powered off and when I brought it back up, the new BIOS was running.
What- you didn't read through the 20,000 plus pages to find out you need to pull the battery?? :o ;D
We tend to take things for granted sometimes and forget to mention that. :P
Glad ya made it work!
:)
