Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Watchguard Firebox M400/M500

    Scheduled Pinned Locked Moved Hardware
    596 Posts 59 Posters 915.5k Views 52 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Scorch95
      last edited by

      Any success? Any progress?

      1 Reply Last reply Reply Quote 0
      • D Offline
        DeLorean
        last edited by

        Attached a list of the specs of the other M models
        I can add pictures of the M200 box inside, but that's a no go for pfSense box to me.
        I have got such a box a month ago, but with no Sata-ports, a Freescale onboard cpu,
        and those boxes use U-Bootloader to load the software from the SD card. (yes SD card, and not CF).

        Grtz
        DeLorean

        Watchguard.jpg
        Watchguard.jpg_thumb

        1 Reply Last reply Reply Quote 0
        • R Offline
          revsie
          last edited by

          Hi guys,

          Sorry for the absence but I have been a little busy to say the least!

          I haven't had much time to look at this but have received the console cable and also have an I5 4460T which I need to install, maybe a little overkill but low powered.

          As soon as I can I will get the CPU installed and see what happens.

          1 Reply Last reply Reply Quote 0
          • R Offline
            revsie
            last edited by

            These people seem to think pfSense can be installed!

            https://www.ebay.com/itm/Watchguard-Firebox-m400-firewall-security-appliance-or-PFsense-/122868662426

            1 Reply Last reply Reply Quote 0
            • D Offline
              DeLorean
              last edited by

              @revsie:

              These people seem to think pfSense can be installed!

              https://www.ebay.com/itm/Watchguard-Firebox-m400-firewall-security-appliance-or-PFsense-/122868662426

              That's right.
              All models above M300, like M400, M440 and M500 should be useable for pfSense.

              Grtz
              DeLorean

              C 1 Reply Last reply Reply Quote 0
              • R Offline
                revsie
                last edited by

                @Scorch95:

                Any updates?  ;D Just maybe hoping you got an image of pfsense running on this by now.  :P

                Edit: Looks like they use ECC DDR3-1600. Single 4 GB stick makes upgrading to 8GB easy.

                Could pick up an i3-4130 for cheap and it adds hyper threading plus a boost from 3.2 to 3.4Ghz all the while only adding 1w to tdp making it 54w. It also gives you AES-NI support. If you're looking for more cores you'll need to go with a Xeon to keep ECC support I believe.

                After reading your post again Scorch95 I have seen the error of my ways and ordered i3-4130.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  Scorch95
                  last edited by

                  I don’t believe you’ll run into any problems unless watchguard did something like the XTM8 and spec’d It without a COM1 port. I’m waiting as patiently as I can but I’m looking to upgrade from my XTM5 to either an XTM 400 or XTM 470. I’d like to get the 470 as it uses a skylake processor and a msata drive but either one will keep me good to go with 2.5 and aes-ni.

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    revsie
                    last edited by

                    Well I might try later this evening, if I get time.

                    I did have 2 of these but just sold 1 for £400, they are sort after so they seem to be a little expensive. I think I was lucky to get one from work!

                    1 Reply Last reply Reply Quote 0
                    • R Offline
                      revsie
                      last edited by

                      Well, a little further.

                      The i3-4130 arrived and is installed, there were no errors and the system loaded up successfully, I haven't flashed pfSense yet so it loaded the Watchguard firmware. But good news is the processor runs fine.

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        Scorch95
                        last edited by

                        Did you add more ram or are you gonna stick with 4Gb?

                        1 Reply Last reply Reply Quote 0
                        • R Offline
                          revsie
                          last edited by

                          Hi,

                          For now, stick with the 4GB, see how it all goes.

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            Scorch95
                            last edited by

                            Any luck?

                            1 Reply Last reply Reply Quote 0
                            • R Offline
                              revsie
                              last edited by

                              Not yet I'm afraid, had a few car troubles which have taken over and I also start a new job soon so getting ready for that!

                              I will get back to you as soon as I can though, I really want to get this up and running.

                              1 Reply Last reply Reply Quote 0
                              • R Offline
                                revsie
                                last edited by

                                Well, finally had time to look at this, so far so good.

                                I just backed up the 4GB compact flash card, wrote the 64-bit nano image to the CF card, put it back in the Firebox M400, started up and voila!

                                I can connect using the front com port and I can connect to the web GUI using port 1, 0 seems to be for the WAN, haven't finished setting it up but can confirm everything seems to be ok, very simple to setup with no issues so far. Will update when I have some more info.

                                1 Reply Last reply Reply Quote 0
                                • D Offline
                                  dlucas46
                                  last edited by

                                  Can you install flashrom from the terminal and then make a copy of the bios please?

                                  The exact instructions for doing so should be the same as for the xtm 5

                                  Thanks

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    If you try to use flashrom on the M400 you will see this:

                                    BIOS_CNTL = 0x0a: BIOS Lock Enable: enabled, BIOS Write Enable: disabled
                                    Warning: Setting Bios Control at 0xdc from 0x0a to 0x09 failed.
                                    New value is 0x0a.
                                    

                                    I highly recommend not using it! Or you too can spend some fun hours in the flashrom IRC room.  ;)
                                    In the end I powered it off and it booted back fine but…

                                    afudos or the Intel fpt tool seem to work better.

                                    I took several backups and got different checksums each time. Not a good sign.

                                    Also worth noting that board has a jumper to enable write access to the ME section of the flash. Didn't seem to make any difference.

                                    All that said I did mod the BIOS and flash it back (only the BIOS section) and it was successful. Enabled console redirect. Set the fans to a rational speed. Enabled Speedstep.
                                    The result is still password protected, I've yet to find a way to clear the password. So even though you can see the POST via serial you cannot enter the setup.  :(

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • D Offline
                                      dlucas46
                                      last edited by

                                      Great so it looks like watchguard really locked the bios down this time!

                                      What limitations does the stock bios have?

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Other than the 3 things I changed it also has turbo mode disabled. Boot order is probably an issue too. I think it boots CF by default first though it does boot USB if CF is not present/not bootable.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          dlucas46
                                          last edited by

                                          @stephenw10:

                                          Other than the 3 things I changed it also has turbo mode disabled. Boot order is probably an issue too. I think it boots CF by default first though it does boot USB if CF is not present/not bootable.

                                          Steve

                                          Have you tried booting / installing from a SSD or other HDD?

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            I did a full install to CF card, no swap and /var and /tmp moved to RAM. Works fine…for now at least.  ;)

                                            I imagine it would boot from SATA no problem, the BIOS is not configured to only boot from CF just to boot from that first. So if you break your install you will need to format the CF card in something else or re-install in something else (which is what I did).

                                            Steve

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.