Watchguard XTM 5 Series

Billyboy

Hmm, and you're actually pulling the cable from the port on the xtm5?

What does ifconfig show for that port during that time?

Steve

Yes, I am pulling the cable directly at the box.

That's the ifconfig output after pulling the cable:

em4: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=42098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:90:7f:84:61:dc
hwaddr 00:90:7f:84:61:dc
inet6 fe80::290:7fff:fe84:61dc%em4 prefixlen 64 scopeid 0x5
inet 192.168.245.101 netmask 0xffffff00 broadcast 192.168.245.255
inet 192.168.245.100 netmask 0xffffff00 broadcast 192.168.245.255 vhid 5
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
carp: MASTER vhid 5 advbase 1 advskew 0</full-duplex></performnud,auto_linklocal></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast>

stephenw10

@blaxx

This looks bad:

em0: Watchdog timeout Queue[0]-- resetting

Something is giving those interfaces a hard time.

@Billyboy

Hmm, I've never seen that before on any interface. It's hard to imagine what could allow the driver to report that as UP.

Steve

blaxx

@stephenw10:

@blaxx

This looks bad:
em0: Watchdog timeout Queue[0]-- resetting
Something is giving those interfaces a hard time.

Steve

Expecting HW? Is there anything I can do trace the fault?
I found another user with the same problem as me but that thread doesn't seem to be solved.

https://forum.pfsense.org/index.php?topic=116956.0

Stellan

stephenw10

Do you have 'Hardware TCP Segmentation Offloading' disabled in System > Advanced > Networking?

It should be disabled by default.

Steve

blaxx

@stephenw10:

Do you have 'Hardware TCP Segmentation Offloading' disabled in System > Advanced > Networking?

It should be disabled by default.

Steve

Yes it is disabled. The config is default except for installation of LCDproc.

Stellan

stephenw10

Hmm, you might try some of the other tuning options here:
https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

You could also try:

hw.em.num_queues=1

or

hw.em.msix=0

Neither of which should be necessary really.

Steve

pd1dmr

Found one on Ebay

and it is on its way to me :)

can somebody confirm that installing from cf card to hdd works

so it will boot from hdd

got PFsense running on PC know

and Bios Flash from 2.3.4 pfsense install possible to custom bios made by Steve

Many thnx
Rex

stephenw10

Yeah that would probably work. I've never done that on that hardware but I've done similar things on other devices.

Write the memstick-serial install image to a CF card and it should boot from that and allow you to install to HD. I'm not sure if it will try to boot CF or HD first with the default BIOS settings.

You can write the BIOS using flashrom in pfSense.

Steve

Billyboy

Hi all,

one of my two XTM boxes surprisingly doesn´t start today. When I power it up (with the power cord), the fans blow at 100%, some (not all) LEDs on the ports are flickering or blinking, nothing in the display, no beep, no boot, power button does not work. Serial connection does not work/show anything with 9600 nor 115200 8N1. (On the the other box it works, so no cable or software issue).
Entering the Safe Mode does not work (as described by Watchguard https://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/backup_upgrade_recovery/recovery_procedures_c.html )

Meanwhile I opened the box and disconnected the SATA SSD, still same behavior. All the five LEDs on the back of the mainboard are glowing, when power is connected.

Any Idea? Does it need a reset? How?

Any help appreciated, thx in advance!

stephenw10

Sounds like a hardware issue.

I'd try disconnecting everything you can, which isn;t much in the XTM5. Rmove the crypto card though if you haven't already.

Reseat the memory and CPU. Remove any additional DIMMs you might be using. Reset the CMOS.

Steve

This post is deleted!

Billyboy

Hi Steve, thank you, how can I reset the CMOS? Is there a jumper or should i remove the small battery?

@stephenw10:

Sounds like a hardware issue.

I'd try disconnecting everything you can, which isn;t much in the XTM5. Rmove the crypto card though if you haven't already.

Reseat the memory and CPU. Remove any additional DIMMs you might be using. Reset the CMOS.

Steve

stephenw10

Removing the battery for 10mins is a good way. There is a jumper but I forget exactly where, usually near the battery though.

Steve

stephenw10

@747Builder:

my e8400 is reporting


dev.cpu.0.freq_levels: 2992/-1 2618/-1 2244/-1 1870/-1 1496/-1 1122/-1 748/-1 374/-1
dev.cpu.0.freq: 374


est0: <enhanced speedstep="" frequency="" control="">on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 616092606000926
device_attach: est0 attach returned 6</enhanced>

Hmm, OK that's Speedstep not working. That's what I see also.

The frequency levels you do see are from ACPI throttling which doesn't really do anything useful. Those are not real P-states supported by the CPU. The only way I managed to get this sort of working was using an uploaded DSDT to override what is in the BIOS. However I've never been able to replicate it since. Memory not as good as it was. ::)

Steve

Leapo

Is there a confirmed-working 8 GB (2x 4GB) kit? Trying to max-out my XTM 505 :)

From what I understand, it will only worth it low density 4GB sticks of DDR2 PC2-6400. Is that correct?

stephenw10

I've never had a problem with the modules I've used but I've never tried to go to 8GB. You probably don't need 8GB to be honest.

Steve

Billyboy

@Leapo:

Is there a confirmed-working 8 GB (2x 4GB) kit? Trying to max-out my XTM 505 :)
From what I understand, it will only worth it low density 4GB sticks of DDR2 PC2-6400. Is that correct?

According to the website below the watchguard doesn´t accept more than 4 GB. An even the 4 GB Kit is really expensive.

https://translate.google.com/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.triebwerk23.de%2Fjoomla%2Findex.php%2Ffirewalls%2Fwatchguard-xtm-5-xtm-505-515-525-545-pfsense-64-bit&edit-text=&act=url

slaven

Hi everyone,

fist of all I like to thank Steve for the awesome work you have done with regards to the XTM 5 platform and pfSense. Thank you!! Really amazing.

Quick questions, though:

All fan connectors on the mainboard are 4-Pin headers, but only 3 pins are populated on the three Sunon fans (2x cpu, 1x sys). Does anyone know if the mainboard connectors support PWM-fans as they are 4-pin? Is there a way to test if pin 4 supplies a speed control signal?
Does anyone know if the fan inside the 220 W PSU version is 5 or 12 V? I took mine apart to clean it, but forgot to take a closer look.

Thanks and keep up this great work!

BTW, running:

XTM 505
Intel Xeon X3320
2x 2Gig 800 Mhz DDR2 RAM
500 Gig WD Blue 2,5 Inch HDD

Works like a charm! Only have to quiet the CPU fans a little by replacing them.

DeLorean

@slaven:

Does anyone know if the fan inside the 220 W PSU version is 5 or 12 V? I took mine apart to clean it, but forgot to take a closer look.

The Fan inside the PSU is a 12V version, cable connection is soldered direct to the mainboard of the PSU.
Replacing this fan with a quieter fan, will also lower the cooling, wich result in higher temperature in the PSU
and premature failure.

If you flash the unlocked BIOS , then you can lower the default lowest fan speed for
the CPU fans and separate for the case fan to almost zero.
With that option , you don't have to replace the fans.

Grtz
DeLorean

slaven

@DeLorean:

The Fan inside the PSU is a 12V version, cable connection is soldered direct to the mainboard of the PSU.
Replacing this fan with a quieter fan, will also lower the cooling, wich result in higher temperature in the PSU
and premature failure.

I just checked and the fan in my PSU is connected via a 2-pin connector. My box uses the same PSU as described in https://www.watchguard.com/docs/corporate/wg_xtm5De-MFR_instructions.pdf on page 8. Doing some more digging on the PSU (ST-220FUB-05E made by Seventeam) it seems as the PSU fan is temperature controlled as well. I will have to torture my PSU a little bit to find out, if the fan really is controlled by a temp probe. The PSU fan is a different Sunon fan than the three CPU / system fans - only 20 vs 28 mm in depth.

I have made some good experience with Noctua NF-A4x20 fans lately (http://noctua.at/en/products/fan/nf-a4x20-flx/specification). They run at 5000 rpm @ 12 V and are really silent. Airflow sure is less than on the original Sunon - ~ 10 vs 28 m³/h at max speed. But the Noctual fan has almost identical static pressure (both at max rpm). As the Sunon fans do not need to run at maximum RPM to cool the system accordingly, static pressure on the Noctua fan is higher relative to RPM. Especially in a CPU cooling configuration as used in the XTM5 the Noctua should work well in theory, as we will need high static pressure first, airflow comes second.

I am about to upgrade my box with four if theses fans, but I am still trying to figure out if I should get the PWM or the standard version of the Noctua fan for CPU and system fans. The price is identical.

Cheers!