Watchguard Firebox XTM 8 Series

Scorch95

I stand corrected. Do you have a picture of the mount?

stephenw10

@daveinfla:

Mine had the 2GB CF card installed and a 250GB SATA hard drive mounted in a factory mount and connected.

Ooo. Fancy.  ;)

Probably for use as a cache. I'm not aware of any models based on the XTM8 like the old SSL models were. They came with a HD instead of CF.

Steve

stephenw10

2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 
Found Firebox XTM8
WGXepc Version 1.3 5/3/2018 stephenw10
WGXepc can accept two arguments:
 -f (CPU fan) will return the current and minimum fan speed or if followed
    by a number in hex, 00-FF, will set it.
 -f2 (System fan) will return the current and minimum fan speed or if followed
    by a number in hex, 00-FF, will set it.
 -l (led) will set the arm/disarm led state to the second argument:
    red, green, red_flash, green_flash, red_flash_fast, green_flash_fast, off
 -b (backlight) will set the lcd backlight to the second argument:
    on or off. Do not use with LCD driver.
 -t (temperature) shows the current CPU temperature reported by the
    SuperIO chip. X-e box only.
Not all functions are supported by all models
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -f
Found Firebox XTM8
Current CPU fanspeed is ???, minimum is 3f
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -f 37
Found Firebox XTM8
IT87 Fanctl set to sane defaults
Minimum CPU fanspeed set to 37
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -f2
Found Firebox XTM8
Current System fanspeed is ???, minimum is 38
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -l green_flash_fast
Found Firebox XTM8
IT87 GPIO pins configured
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -l green
Found Firebox XTM8

64bit binary. Source.

;)

Steve

pglover19

@stephenw10:

2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 
Found Firebox XTM8
WGXepc Version 1.3 5/3/2018 stephenw10
WGXepc can accept two arguments:
 -f (CPU fan) will return the current and minimum fan speed or if followed
    by a number in hex, 00-FF, will set it.
 -f2 (System fan) will return the current and minimum fan speed or if followed
    by a number in hex, 00-FF, will set it.
 -l (led) will set the arm/disarm led state to the second argument:
    red, green, red_flash, green_flash, red_flash_fast, green_flash_fast, off
 -b (backlight) will set the lcd backlight to the second argument:
    on or off. Do not use with LCD driver.
 -t (temperature) shows the current CPU temperature reported by the
    SuperIO chip. X-e box only.
Not all functions are supported by all models
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -f
Found Firebox XTM8
Current CPU fanspeed is ???, minimum is 3f
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -f 37
Found Firebox XTM8
IT87 Fanctl set to sane defaults
Minimum CPU fanspeed set to 37
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -f2
Found Firebox XTM8
Current System fanspeed is ???, minimum is 38
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -l green_flash_fast
Found Firebox XTM8
IT87 GPIO pins configured
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: ./WGXepc64 -l green
Found Firebox XTM8

64bit binary. Source.

;)

Steve

Thank you..The program works on my WatchGuard XTM 810 appliance.

stephenw10

Glad to hear it.

I recommend you do some sort of load test to make sure the fans are spinning up correctly and the peak temp values aren't too high.
The default settings are just way off so I made what I think are reasonable choices for the standard CPU.

Fan PWM values should be between 00 and 7f, 127 levels, but in reality 32 is stopped and 50 appears to be the maximum. I set both cpu and system fan minimum values to 38 but you can override that by setting a number.

The CPU fan should start to ramp up at 40C and the system fan at 35C. Both ramp up by one 'fan setting' per degree so should quite quickly start making noise with a load.

Steve

ojguerrier

@pglover19

Could you help me please , i have the same model.

Thanks you

ojguerrier

@pglover19

I have the same model ( XTM 810) , could you help me please ?

Thanks

stephenw10

Help you do what?

What are you doing? What do you expect to happen? What's actually happening?

Steve

ojguerrier

Hello

I have a XTM 8 series, I would like install PFSense on it. Can you help me please.

Best regards

stephenw10

Are you installing to a CF card or a SATA device? Do you have some means of writing to the CF or installing to the SATA device outside on the XTM8?

Steve

ojguerrier

@stephenw10

I have a CF 1Gb and an HDD 500Gb. What ISO PFsense to copy on the CF 1Gb ? And how to install PFsense on the HDD.

Thanks

stephenw10

Noting here for reference since it somehow seems to have been missed and I found myself having to search for it again.

The only change required to enable the serial console on com2 is this loader line:

comconsole_port="0x2F8"

Add that to /boot/loader.conf.local and/or set it at the loader prompt initially.

Steve

DeLorean

@stephenw10 said in Watchguard Firebox XTM 8 Series:

Noting here for reference since it somehow seems to have been missed and I found myself having to search for it again.

The only change required to enable the serial console on com2 is this loader line:

comconsole_port="0x2F8"

Add that to /boot/loader.conf.local and/or set it at the loader prompt initially.

Steve

Hi,

This is my first XTM810 that i'm converting to a pfsense box, but damn, who weird is this box compared to a XTM5 series ?
The em0 to em9 assigning is crisscross, these boxes can't shutdown because of the AT powersupply design with a hard on/off switch like the ancient X-Core boxes.
At the moment i use a 1Gb CF card with a older version (2.4.4) 64bit full version with Ramdisk enabled from a XTM5 box, i can login with the Web GUI, and with the above fix of Stephen for activating the COM2 port, i can also see whats happening throug serial console with PuTTy.
But the 2 major problems are :
No internet is passing the box, while on the dashboard the gateway is showing green, and the WAN (em0) has a dynamic IP.
The second problem is the Bios of this XTM810 (labeled FW-8750 WG v1.1 on the motherboard and Bios version 1.2 labeled on the LCD) is that i can only make a backup of the Bios with a GQ-4X Willem Programmer through the SPI interface, and that the Bios file is 2Mb in size. Flashrom gives a read error when trying to backup the original Bios.
Erasing the Bios and flashing this backup back with Flashrom gives also a read error, and the 1Mb Bios files brick this box each time.
Also, only the 1Mb Bios files can be opened by the Amibcp tool, i have tried 6 or 7 different versions of Amibcp from version v3.13 to v4.53, the 1Mb Bios files can be opened, but the 2Mb Bios file that i previously backup can't be opened for editing. So first i though that this backup was corrupt, after bricking the box with the 1Mb unlocked Bios, i revived the box again with the 2Mb Bios that i backup, so it's definitely not corrupt this 2Mb Bios file.
With the original Watchguard firmware 12.1.3 (latest version), internet works fine , so the hardware of this box is okay.
I have also tried with and without the AGP disabling fix, because on Supermicro motherboards this fix works great when the assigning of the extra added interfaces doesn't work properly.
So any help or tips to get pfSense working will be great.

Grtz
DeLorean

mr.rosh

@delorean I ran into same issue, where the physical order of nics and emX nics in pfsense doesn't match up.

Your nic order may be issue, unless u surely know that phsycal nic and em0 is same.

my fix was as per

https://forum.netgate.com/topic/164397/watchguard-xtm850-network-interface-orders/2

stephenw10

Yeah, you can use PCI device wiring in FreeBSD 12, and hence pfSense 2.5.X, to set the NIC order. I personally chose not to because if you have to reinstall and those values are lost the NIC will all be re-ordered again. Just assigning the NICs from the order they are detected is not that hard IMO.

And yes you probably have the NICs assigned incorrectly if you are not passing traffic. There's not much you can do wrong there besides that on a clean install.

The ordering is certainly odd though. What's shown on this post seems to be correct:
https://forum.netgate.com/post/550680

Steve

DeLorean

Update

I have installed 2.5.2 (memstick serial version) on a 120Gb SSD connected to a XTM5 box, then used only the 2 interfaces em0 and em1 that are assigned by default.
I connected my LAN cable to port with label 3 (em1) and my WAN cable to port with label 0 (em0), same result as before, login to the Web GUI but no internet (WAN interface received a valid IP by DHCP). Then to be sure, i added a pass all through rule for the WAN interface (em0), but still no internet.
I then assigned port with label 1 (em2) as LAN, and still no internet.
Then i assigned all interfaces and enabled each interface, then i created a WAN-bridge, and applied a "pass all through" rule for this bridge and suddenly the box started passing internet through with the WAN on em0 and LAN on em2.
So i though that this has to with the bridge and/or pass all through rule, but after removing the bridge and this added rule, the box still works, even after a few reboots.
Then during testing, at certain moment, i saw only 2 cores of the default Quad Q9400 where displayed at the dashboard, but after a reboot all 4 cores are back.
Has this cpu a issue, i don't know, decent stress test will tell.
So far problem 1 is fixed, but problem 2 for unlocking the Bios is still present. Flashrom doesn't work at all, a read error and read transaction error when trying to backup or flash, and no possibility for opening the 2Mb original locked Bios file.
The Bios shows version 08.00.15 and 12/02/08 , same as the XTM5 Bios.

Thanks for the quick replies and help so far.

Greetz
DeLorean

stephenw10

Hmm, sounds like a bad default route maybe or no default route.
Or a subnet conflict can behave like that.

Been so long since I did this the details escape me!
In fact I'm not sure I ever actually flashed the BIOS on this...

It's waay easier to do now there is a default config for em NICs. Crazy struggles at the start of this thread.

DeLorean

Little sidenote.
The Amibcp tool doesn't have a sizelimit of 1 Mb (like i though),
because i searched on the Bios Mods forum for random Amibios files that are bigger, and the Amibcp tool can even open 8 Mb Bios files.
So the problem with this 2Mb Bios dump that i experience, is not related due the file size.

Greetz
DeLorean

stephenw10

Probably because you are dumping the entire ROM via the SPI reader and the actual BIOS image is not all of that so you end up with a RAW image that AMIBCP can't open.
Not sure why flashrom wouldn't work but the version in 2.5.2 is probably significantly newer than anything we were testing with 5-6 years ago in 2.2-2.3.
I note that my box is still running 2.3.5 Nano.

Steve

DeLorean

@stephenw10

You are probably right, because when i open the 2 Mb file in a Hex editor,
there is lots of space filled with FF.
I tried already to remove some of those FF until i had the same amount of data as the 1Mb Bios file, but Amibcp can't open that one also.
I can try with a older version of pfSense and run a older version of Flashrom,
but lets say that i prepare a CF card with pfsense 2.3 nano , and i use the command for installing flashrom, wil it then be a older version, or will it always choose the latest version of flashrom that's online available ?
In short words, is the available flashrom version , pfsense version depended ?

Thanks

DeLorean