Watchguard Firebox M400/M500
-
@Scorch95, I have not installed pfsense in the M400 box yet but I do have a working SSD installation which was working flawlessly in an XTM525 box. So far I have only booted the M400 with stock Watchguard firmware while I monitored the console output. The fans on this box appear to be equally noisy if not more than the XTM5 and I was hoping I would get the fans and bios fixed when I transplant the SSD into this box. Unfortunately, I have not been able to find instructions on how to patch the bios and am stuck for now.
I have recently ordered an IDC12 connector to make a VGA monitor cable, so I can boot DOS. Hopefully I can use afu and get a copy of the bios to patch. I am not an expert at this and would rather prefer somebody smarter than me give me directions. I am willing to be the beta tester! At some point in the future I would also like to update the processor to an i3 which does AES-NI as the Celeron in the box currently is not able to execute AES-NI instructions.
Will post details when I get DOS going. -
I would go ahead and drop an ssd in with pfsense loaded and get it up and running before worrying about the other stuff. You can always look to replace the fans with quieter ones. Look for a used i3-4130 and you’ll be good
-
It appears the M400 bios has been configured to boot only from the CF card. I transplanted a working SSD installation that has previously worked flawlessly in an XTM525 and the M400 would not boot. I did a fresh reinstall of pfsense on the SSD using another PC and plopped it into the M400, just as I had previously done with the XTM525, and the M400 refuses to boot.
I also tried switching from the SATA 4 to SATA 2 port but no luck. If anybody's gotten the M400 to boot off an SSD, I'd like your input on what I am doing wrong. I have a 120 GB HP SSD by the way. I do not have access to a CF card reader and will try booting off a CF card after I find one.
Thanks for your help! -
I managed to get the VGA port connected and the M400 is definitely not interested in booting anything other than the CF card. Here's the message the VGA screen displays:
Reboot and select proper Boot device
or InserBoot Media in Selected Boot device and press a keyNext step is to find a CF card reader
-
Yeah, I couldn't make it boot USB. It should boot CF or SATA if CF is not present. So you should be able to write the install image to CF, boot from it and install to SATA and then boot from that after pulling the CF card.
Or you can install to CF in something else and swap it into the m400.
Steve
-
Thanks Steve, I was able to successfully install pfsense by booting with the CF and installing to SSD.
-
Hello,
I have got an Firebox M500 with 4370T CPU. it boots fine in the original software, but won't install pfsense or opnsense.
The error I get is: usr/local/bin/cpdup -vvv -I -o
When I search on internet I find it has something to do with not enough RAM, but mine has 8gb ECC memory.
How did you install it?Thanks in advance!
ADDED: I can boot CF with opnsense or pfsense. I can run installer, but both installers(and both manually and auto) give this error.
-
It might have bad RAM. That's not the standard CPU, is it the factory RAM?
Can we see a screenshot of the actual error you see?
Can you boot and run a Nano image as a test?:
https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.3.5-RELEASE-2g-amd64-nanobsd.img.gzSteve
-
Ram during start of opnsense and pfsense: both show 8120mb present and usable.
Ram is factory standard, box wasn't opened until I replaced CPU. Box worked fine with factory OS.
After replacing the CPU(for AES-NI support), box still worked fine with factory OS.Now I tried to install pfsense and because of error, also opnsense. Both halt at exactly the same command.
I have removed Dimm0, box gives error during installation.
I have removed Dimm1, box gives error during installation.Tried the Nano image: box works fine.
Saw on internet that opnsense and pfsense updated to freebsd 11.1 and that gives errors.
Maybe I will try installation of older pfsense/opnsense? Or maybe more ideas? I will post picture of error tomorrow.
-
You're booting the installer on a CF card and installing to hard drive? Is the drive standard in the m500 or something you added?
Personally I installed to a CF card in another box and then moved it across into the m400 I have. Never had any issues.
You might try a 2.4.4 snapshot. If it's a known FreeBSD bug it might have been fixed in 11.2:
https://www.pfsense.org/snapshots/Steve
-
Drive is not standard in m500, m500 is the same as m400 only with 8gb ecc memory instead of 4gb. I added a 120gb ssd, works fine in notebook. Also it receives some files, but not all(stops at the error).
Thanks for your suggestion! Will try that tomorrow.
-
Tried version 2.4.x(newest)=>error
Tried version 2.3.x(newest)=>errorError message is different on opnsense vs pfsense.
Pfsense: CAM status: Uncorrecatable parity/CRC error
It keeps retrying a couple of times and then gives up.Which sata port did you use?
-
You tried a 2.4.4 snapshot rather than 2.4.3?
I'm not using SATA currently, I just installed to CF and booted that.
That error looks like a bad disk though or bad disk controller or maybe some incompatibility between them.
The original OS is on CF so I assume you have not booted anything from that drive?
Steve
-
I tried 2.3.5, 2.4.3 and 2.4.4
Al give the same error.
Looks like it doesn't want to start anything on Sata(used port 2 and 4).CPU tested in notebook, works fine
SSD tested in notebook, works fine
PFsense on CF(4gb), all works fineThe problem is installing to the ssd. The installer does recognize the ssd(sata3, correct speed, correct size, etc.), but gives error or when it looks like it installed everything(manually set MBR and don't use GPT/UEFI). After it looks like it completed installation without error, it won't boot from sata. So I think it didn't write anything to it.
The original OS is on a 4gb CF and I also have my own 4gb CF(don't want to destroy the data on the original). My own 4GB CF is tested, works fine.
PFsense runs fine on the CF, but I would like to install it on the ssd(faster, bigger, more functions, etc).
IJay-XTM5, how did you install it?
I think I am going to order IDC12 to VGA cable or make one myself and see if I can get into bios. Maybe there is an faulty setting there(legacy mode perhaps?). Or can I access bios over com-port?
-
The BIOS is password protected and I have not managed to remove it. Console redirect is not enabled by default either. But even after enabling it or hooking up VGA you can't enter setup.
What size SSD is it? Something unusual? Can you try a different drive?
You can full install to CF, which is what I did. Just be sure to remove the SWAP slice at install time and then move /var and /tmp to RAM drives after booting.
Can you install to the SSD in the laptop and then move it back?
Steve
-
My M400 install was rather uneventful. I had a working SSD installation in an XTM525, which I tried transplanting into the M400 but wouldn't boot. Upon Steve's suggestion, I booted from a CF card in the M400 and installed to the 120 GB SSD. Next I removed the SSD and the box booted up just fine off the SSD.
I hooked up the VGA port to diagnose the original issue of not being able to boot off the SSD, no matter which port I used. BTW, the box only has SATA 2,3 and 4 connectors. SATA 1 connector is not populated atleast in my box. The VGA output is very useful in tinkering with the box.
I downloaded a copy of the user manual for Lanner's FW-7585 as the M400 appears to be a derivative with some items missing; connection to the VGA port is relatively straightforward once you have the manual, I ended up using jumper cables I had lying around.
I'm no expert but it looks like you may have a SATA controller issue if none of your SATA ports is able to boot. I would suggest verifying the SSD (looks like you already did), booting the box via CF - I used pfSense-CE-memstick-serial-2.4.3-RELEASE-amd64, and installing to the SSD. I had the SSD connected to SATA 4 for the install as it was the nearest port to the SSD but I did check and the box boots fine with the other ports as well.
If you're still not able to complete the install successfully, I would suggest booting with an image of freeDOS and running hardware tests to ensure your SATA controller is working.
I'm afraid I don't know of any but perhaps Steve might be able to point you in the right direction.
I hope to install an i3 at some point in my box as well for AES-NI so it's good to know a 4370T works.
Hope this helps -
SSD is OCZ arc100-120gb and pfsense installs fine and works fine if I use my notebook.
When moving back to Firebox, doesn't boot.So it seems I can't boot from sata at all, even with CF removed.
I ordered an old vga card, the older low profile ones have the same pinout for the vga connector as this board. So I ordered it for the cable with vga port, was cheaper than ordering jumpercables and vga port seperately ;).
Freedos needs vga port if I am correct, so I can do that next week. Vga card arrives saturday or monday.
Maybe the m500 has more restrictions in bios? How can I dump the bios to a rom and open it?
Or maybe the bios is set to legacy mode for sata instead of the other one(can't come up with the name now)?ADDED: Did you try to reset CMOS? Does that remove password?
ADDED2: I noticed someone here had the same problem: https://forum.pfsense.org/index.php?topic=61799.0. He got it installed by disabling some features for the cpu. As you guys have the original CPU and I have got 2cores/4threads(and a bunch of extra features), maybe it's because the cpu has too many features. Still doesn't explain why a working installation won't boot… I will try to access bios when I have got the vga cable ;)
-
ADDED: Did you try to reset CMOS? Does that remove password?
Yes. No.
It's custom coded into the BIOS code somewhere which makes it difficult to impossible to remove.
The CPU option theory is interesting though I think most of that is disabled in the BIOS default settings anyway, speedstep, hyperthreading etc. Also it still boots the Nano image.
When you installed to the SSD in the laptop I assume you used the VGA installer? Did you enable the serial port? Did you complete the install using the laptop NIC as an interface? If it wasn't an igb NIC the SSD might be booting fine but stopping at the interfaces assign screen due to the mismatch and you dont see it because it's on the VGA console.
Steve
-
I installed with vga, and also it uses the laptop NIC. So you are right it isn't the igb0/igb1 I use on firebox for wan/lan.
Where can I enable serial port after vga-installation? And how can I configure it so it uses the igb0 and igb1 for wan/lan?
ADDED: found the serial setting. fresh install on the ssd, works fine in notebook. Put it in the firebox, no output on serial port. So looks like it just won't boot sata. I think when I have the vga port I can use windows live cd, create bios rom and try to tinker with that. Or maybe the vga output shows a message which describes how to fix it ;)
ADDED2: Is it possible to install an ami bios from ami itself? So without passwords and such? Or maybea bios from the FW-7585 mainboard?
ADDED3: Got it to boot. Sata2: nothing. Sata4: error with privileges or something. Sata3: boots. Strange, any explanations?
-
Good deal, looks like you're finally on your way!
If you need to access the VGA, all you need are some $3 arduino jumper cables from ebay. Here's what my crappy setup looks like - not very elegant, but works! I was able to boot freedos and tinker a bit….