Watchguard XTM 5 Series
-
Just a quick update:
I did a bit of experimenting from Arch Linux with a standard XTM515 box (factory BIOS and factory CPU). I can confirm that in BIOS 1.3 speedstep MSR is is indeed locked, but it is already set to 0x1 by default! So no MSR changes are required at all.
I also fiddled a bit with changing the FID and VID manually by means of the c2ctl utility. I just switched FID and VID from their allowable MAX state to MIN state and run a "benchmark" in each state. The CPU is definitely behaving correctly in each state and there is a corresponding performance change reflected in the benchmark results. So speedstep control does function correctly.
When I have more time I will repeat the same test while monitoring the box power consumption to see if there is any difference.
And then I will make an attempt at cutting a modified DDST to see if it works.
-
I was unable to see any measurable power consumption difference difference when I did it but I came to the conclusion that because the processor supports deeper halt states that may be masking any effect Speedstep has there.
Steve
-
I was unable to see any measurable power consumption difference difference when I did it but I came to the conclusion that because the processor supports deeper halt states that may be masking any effect Speedstep has there.
Steve
Right, you are absolutely correct. First, here are my results with a stock unit running minimalist installation of Arch Linux:
| XTM515 State | Power [W] | Power [VA] |
| OFF | 2 | 6 |
| Booting | 63 | 63 |
| Idle (Speedstep HI) | 46 | 47 |
| Idle (Speedstep LO) | 46 | 47 |
| Load (Speedstep HI) | 81 | 82 |
| Load (Speedstep LO) | 59 | 60 |In other words speedstep has absolutely no power consumption benefit near idle state. It has huge benefit when the cores are pegged, of course, but this would defeat the purpose. So the real benefit would be in the intermediate performance states where the CPU is under partial loads - the system can then trade-off some performance for lower power consumption. Mind you, this is probably a realistic typical operating state for a firewall appliance, so having it functional may save some energy in the long run…
I might redo the same test on my upgraded unit with 4GB RAM, Q9505S CPU and Intel SSD320, just for kicks.
Peter.
-
Ah nice result. :)
For many people a low to intermediate load is where a Core2duo is likely to operate most of the time. I had thought it might be of some benefit there.Did you add P-states specific for your CPU? I recall I had some difficulty finding the 'official' values but there were plenty of suggestions on both overclocking and underclocking forum threads.
Steve
-
Thank you :D
This was all done by setting the registers manually. I made an attempt at a custom DSDT yesterday and it was a total failure. I then realized that even if I decompile and recompile the factory DSDT with no changes it does not work. It completely messes up the box, as in network ports are not recognized by the kernel, etc. I have to figure out why this does not work first…
-
Ah, interesting I never tried that.
I definitely did have it working at one time. Failed to keep better notes. :-[
Steve
-
Unfortunately, the unit is a bit too noisy for my home despite using WGXepc64 for slowing down the fans. The noise appears to be originating from the CPU fan(s), which I understand are controlled by the bios. Unlike the bios in other systems, this unit 's bios is dated 4/26/2010.
I'd appreciate suggestions on how to get the bios unlocked/CPU fans silenced.If you use Y splittercables, then you can combine all the fan connectors to 1 connector,
and connect this connector to the chassis fan connector on the mainboard, then you can use WGXepc64 to lower the fanspeed as low as you want.
Keep in mind, that lowering the fanspeed too much, the cpu temp will raise under load.Grtz
DeLorean -
Hi Peter, can please you give me some more details aubout the VGA cable?
I need to have the same!Regards
Christian
- The on-board VGA header definitely works, and it works very well. I made a custom cable with a connector I got from digiKey and it's been extremely useful in playing with the box. The front USB ports work well with USB keyboards and mice as well, so the box becomes a fully functional PC with on-board video.
Cheers,
Peter. -
If you use Y splittercables, then you can combine all the fan connectors to 1 connector,
and connect this connector to the chassis fan connector on the mainboard, then you can use WGXepc64 to lower the fanspeed as low as you want.
Keep in mind, that lowering the fanspeed too much, the cpu temp will raise under load.Grtz
DeLoreanI was initially hoping to have independent control of the fans based on temperature, but perhaps I can get to a balanced medium.
Thanks for the response, I'll get splitter cables ordered.iJay
-
Hi everyone! Thanks for all the info in here. With it, I've managed to convert an XTM 515 to a very nice Sophos box. However, I keep getting stuck on upgrading the memory. I've tried everything I see here and nothing is working. Does anyone have a link or part number for the memory I will need? Would be super awesome! Don't think Amazon is going to let me return anything else for another 10 years probably.
-
"Just worked" with whatever I've put in it though I've never tried to get it to run 8GB. Not sure I've ever tried 4GB either, I just used what was at hand.
Currently running 2x Nanya NT1GT64U8HB0BY-25D, 1GB 2RX8 PC-2-6400U-666.
Steve
-
"Just worked" with whatever I've put in it though I've never tried to get it to run 8GB. Not sure I've ever tried 4GB either, I just used what was at hand.
Currently running 2x Nanya NT1GT64U8HB0BY-25D, 1GB 2RX8 PC-2-6400U-666.
Steve
Thanks, Steve! That helps a lot. That's different than what I've been trying to use.
-
Hi Peter, can please you give me some more details aubout the VGA cable?
I need to have the same!Regards
Christian
Hi Christian,
Sure. I originally wanted to make an adapter cable but then decided that it was not worth it since I'd be only using it temporarily. So I ended up cutting one end off a standard DB15 VGA cable and soldering the pins to a connector that was not meant to be soldered to. If you do the same, make sure that you remove the pins from the connector before soldering to avoid the plastic meting. The connector I ordered was DigiKey P/N 609-2736-ND. It is the right type to fit the board header. When you make the cable, the pinout to use is as follows:
| **DB15 pin ** | Header Pin |
| 1 | 1 |
| 2 | 3 |
| 3 | 5 |
| 4 | N/C |
| 5 | N/C |
| 6 | 2 |
| 7 | 4 |
| 8 | 6 |
| 9 | N/C |
| 10 | 10 |
| 11 | N/C |
| 12 | 11 |
| 13 | 7 |
| 14 | 9 |
| 15 | 12 |Hope that helps,
Peter. -
have just grabbed a watchguard xtm 515
Has thrown a 60gb hdd into it to pfsense.has tried to put "pfSense-CE-memstick-serial-2.4.3-RELEASE-amd64.img" onto the CF card. When it's loaded, it's get stuck on line: Trying two mount root from ufs: / dev / ufs / FreeBSD_Install [ro, noatime] …
Full log: https://pastebin.com/Q5eitjBZ
Sometimes I do not get any console output and just a black screen after bios screen. Where it does something behind it can i see on the cursor.The bios is the stock "WG BIOS 1.3"
Have tried to format the disk, second disk, look in bios for settings (view only mode ..)
Have tried to load "pfSense-CE-2.3.5-RELEASE-4g-amd64-nanobsd.img" into hdd - but without success and stuck in last line - Log: https://pastebin.com/ahY7NgsPWhat can i do to put pfsense 2.4.3 on the watchguard?
-
That's the point where it switches to the primary only console. Are you sure you used the serial memstick image? If you have used the standard VGA image that's exactly what you would see.
Steve
-
That's the point where it switches to the primary only console. Are you sure you used the serial memstick image? If you have used the standard VGA image that's exactly what you would see.
Steve
It is the memstick serial version i have used :/
-
Ah, interesting I never tried that.
I definitely did have it working at one time. Failed to keep better notes. :-[
Steve
[/quote]Well, this was a pretty steep learning curve but I can confirm that I now have a modified DSDT that fully supports SpeedStep on the stock CPU. And yes, I can confirm that SpeedStep does indeed work as intended.
I also fiddled quite a bit with C states, but the chipset really only supports C1 in a desktop configuration, so there is absolutely nothing to be gained in terms of idle power consumption: 46W at idle is it! Earlier today I had a Eureka moment thinking I can get lower idle power by enabling CPUSLP#, but as it turns out it is already enabled. Besides, I think the CPU actually drops into C1E state when idle so the power consumption gets as low as it possibly can already. But, of course, I could be talking out of my orifice since I really don't quite know enough about this.
My original issue with DSDT failing was Linux related: I was using a DSDT override method that is apparently no longer supported. Switching to Grub based override of DSDT fixed that issue. Next step for me will be to create and flash a custom BIOS image with the modified DSDT. I intend to create two versions: one for the stock CPU and one for my Q9505S CPU.
-
Well, this was a pretty steep learning curve but I can confirm that I now have a modified DSDT that fully supports SpeedStep on the stock CPU. And yes, I can confirm that SpeedStep does indeed work as intended.
I also fiddled quite a bit with C states, but the chipset really only supports C1 in a desktop configuration, so there is absolutely nothing to be gained in terms of idle power consumption: 46W at idle is it! Earlier today I had a Eureka moment thinking I can get lower idle power by enabling CPUSLP#, but as it turns out it is already enabled. Besides, I think the CPU actually drops into C1E state when idle so the power consumption gets as low as it possibly can already. But, of course, I could be talking out of my orifice since I really don't quite know enough about this.
My original issue with DSDT failing was Linux related: I was using a DSDT override method that is apparently no longer supported. Switching to Grub based override of DSDT fixed that issue. Next step for me will be to create and flash a custom BIOS image with the modified DSDT. I intend to create two versions: one for the stock CPU and one for my Q9505S CPU.
From what I remember using my old firebox, the stock power supply was very inefficient. It wasn't until I switched to a picoPSU and an efficient Toshiba laptop power brick that I saw the wattage drop from 45-50 watts to 25watts.
-
Yeah, it's probably not great at those Wattage levels despite being a smaller than stock PSU for the original Lanner device.
Steve
-
I now have a tested and working version of BIOS for the most recent XTM 5 Series hardware that shipped with E3400 CPU, that includes a number of tweaks and also implements SpeedStep for the E3400 CPU. If anyone is interested I can post a link to the BIOS image. Here is my full list of changes:
XTM515-BIOS1.3-UNLOCKED1.8: Changed 'Sign On Message' to include 'Unlocked v1.8 PT / E3400'. Corrected ACPI version help string line breaks in "Enabled RSDP pointers to 64-bit [...]". XTM515-BIOS1.3-UNLOCKED1.7: Changed 'Sign On Message' to include 'Unlocked v1.7 PT / E3400'. Modified LCD boot string from "WG BIOS 1.3" to "Firewall UTM" in module 1B (Single Link Arch BIOS). XTM515-BIOS1.3-UNLOCKED1.6: Changed 'Sign On Message' to include 'Unlocked v1.6 E3400 PT'. Created two ROM branches, one for E3400 CPU and one for Q9505S CPU. XTM515-BIOS1.3-UNLOCKED1.5: Changed 'Sign On Message' to include 'Unlocked v1.5 PT'. Enabled 'PCIPnP' and 'Chipset' menus. Enabled 'CPU Configuration' submenu in 'Advanced' menu. Enabled 'ACPI Configuration' submenu in 'Advanced' menu. XTM515-BIOS1.3-UNLOCKED1.4: Updated platform 11 CPUID 1067a microcode to version a0b. XTM515-BIOS1.3-UNLOCKED1.3: Disabled 'Lan ByPass Control' submenu in 'Advanced' menu. Modified BIOS Strings from 'Port0 AHCI Speed limit to' to 'Port0 AHCI Speed limit' for Port0 to Port3. XTM515-BIOS1.3-UNLOCKED1.2: Changed 'Aways CF Card Boot' to 'Show' in 'Advanced' menu. XTM515-BIOS1.3-UNLOCKED1.1: Unlocked the BIOS by changing 'User Access Level' to 03 in 'Security' menu.
