Watchguard XTM 5 Series
-
Well you have two shots!
But backup your existing rom file first. You can always write it back with an SPI device it you really have to.
Steve
-
@stephenw10 Deed is done. Thanks Steve. Used your image and went smooth as silk.
-
** Bounty available **
Hello all, this may not be the mega-millions bounty, but I'll throw $20 on the table.I have a Watchguard XTM 505, that was working fine with pfSense. However, like all tech idiots, I figured I'll flash the bios so that I can boot the Watchguard in terminal without having to wait, but just plug it in (console cable) start it up and watch the little characters dance on the screen :)
So, I flashed the bios, no problem all went fine, I rebooted into pfSense after that, again all went fine. But when I went to make changes to the bios, using putty, the highlighted item was the same color as the background (which I didn't realize at the time) and I think I changed a few settings I shouldn't have. pfSense didn't boot!!!
So, back into the bios and I selected "Choose preferred settings" (or something like that), F10 Save & Exit. pfSense won't boot again!!! Arrgghhhhhh!
So, flashing again isn't going to happen as I can't get pfSense to boot, which means I can't get out to console and, unfortunately, all I know of Linux is that they use a cool penguin for a mascot!
If someone can:
a: tell me how to reflash the bios (and I'll need a bios file)
or
b: what are the bios settings (a list of settings or screen shots) to make the dang thing work again.Let me know what you need and I'll get the thing back on track. Once done, I'll shoot the $20 over on Paypal.
Cheers,
MadDogDeanPS: The Watchguard has the 02/03/2010 BIOS
-
What BIOS image exactly did you flash to it?
First thing to try here is just reset the CMOS using the jumper on the board. That will give you back the default values. And that should boot pfSense. It depends on what BIOS image you put in there though.
All images should boot from CF, even the default BIOS, so you can try writing a Nano image to a CF card and booting that:
https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.3.5-RELEASE-2g-amd64-nanobsd.img.gzSteve
-
Hi Steve, the bios I flashed was from Alpha labs over at https://alpha-labs.net/2017/08/pfsense-on-watchguard/
I was following this thread on the forum, but with over 800 postings, it became a little overwhelming. Over at Alpha Labs, the author, Christian, did quite a thorough write-up and step by to do it.
The ROM is xtm5_83.rom (this is the one that seems to be floating in the ether)
I'll give that a try to reset the CMOS and see how that fares.
I already downloaded the 2.3.5 image and dropped it on a 4GB CF. That side of things should be good. I'll get to the box and work my wonders.
Cheers,
MadDogDean -
Ok, that's the rom I made some year ago now (unless it was changed without renaming it).
So mostly that should just give you access to the settings. I'll have to double check the settings but I think 'always boot from CF' was still enabled by default. Disabling that will allow you to boot from USB to run an install. IT should boot from SATA though with the default settings.Steve
-
@stephenw10 Thanks Steve, I'll check the "always boot from CF", and I'll give a go to reset the CMOS settings.
I'm not at the box right now, which jumper is it?
Cheers,
MadDogDean -
@stephenw10
Steve, or any of you other brainiacs, which is the CMOS jumper?
I was able to find the Lanner FW-7581 manual wherein it says the CMOS reset is J5 - ha! There is no J5 on my board. and according to the mb diagram, there should be a CMOS jumper near the CF, but on my board it's not there.
Is there a CMOS reset jumper on these boards, or just "pull the battery, have a beer, come back and it'll drain and reset"?
Cheers,
MadDogDean -
@MadDogDean Yes, if you cannot find the clear CMOS jumper or contacts then the battery removal works. You can wait for a few minutes with no battery (and the unit unplugged from the mains of course), or if you are impatient you can use a conductive object to short the two battery socket contacts to discharge the circuit on the board instantly. If you are concerned about force discharging the circuit then just wait it out...
-
@t-rexky Thanks for that. Pulled the battery, had a couple beers, and now I think I better wait till tomorrow to goof with the rest ;)
BTW, if it is of help, I can post the Lanner FW-7581 User Guide on Dropbox - the two mb's are almost the same, and maybe it'll help someone.
Cheers,
MadDogDean -
Don't drink and firewall!
-
@stephenw10 @t-rexky
Well I'll be a monkey's uncle. 4 hours, 6 beers later, reinstalled the battery and booted straight into pfSense. Tada!!! Enough screwing with the BIOS! Lets get down to business - yeehaa!If you guys want to DM with your Paypal address, I'll split the Bounty.
Now my next adventure is to scour the forum and figure out how to do a multi-wan, when your ISP delivers both channels using the same Gateway. Any suggestions for good, cheap NAT routers would be good.
Or, if anyone has experience with the Cisco Catalyst 2960 (24 P0ort POE switch) - is it possible to set up a couple ports as a NAT to send to the pfSense in order to fool it into multi-wan to use these 2 same Gateway's channels.
Our ISP is part of a duopoly and both are equally as crappy as the other - but what other choice is there...
Cheers,
MadDogDean -
@maddogdean said in Watchguard XTM 5 Series:
Now my next adventure is to scour the forum and figure out how to do a multi-wan, when your ISP delivers both channels using the same Gateway. Any suggestions for good, cheap NAT routers would be good.
The others are going to be smarter about this than I am but the first thought I had was if you could route one via IPv6 and one via IPv4? This would allow you to use the load balancing and fail over functions of pfSense.
-
@fffrank Interesting idea, never thought of it. I'll need to see if the ISP uses IPv6 or not (or even knows what it is)
I am actually staying with friends in the Philippines and things here are almost as backwards as some people think. No offense intended to the Filipinos (in general they are nice people), but when it comes to "Service" this country is on another planet!!!
Cheers
-
Well, not sure about the IPv6 route. Our internet comes in via Motorola Canopy radio and, after walking through the entire menu, I don't see anything relating to using an IPv6 address. I wonder if the best option is to get a cheap Dlink/Linksys or other wired router and use it as a NAT between the Canopy and the pfSense box.
-
Lots of things (thoughts) going on, but not much accomplished yet.
So, if we are UNABLE to upgrade our 2.3.5 version of pfSense to 2.4.1 because NanoBSD is no longer supported, how are we supposed to be able to install packages (such as LCDproc)? When I tried tonight I was greeted by the message that a MAJOR upgrade is available thus I am unable to install the pkg. But if you try to install the upgrade you get the "NanoBSD no longer supported". It's a chicken and the egg situation. DId NetGate not think of this when they set it up??!
-
@MadDogDean As far as I am concerned, I would be happy if you donated the Bounty to a good cause
-
@t-rexky said in Watchguard XTM 5 Series:
@MadDogDean As far as I am concerned, I would be happy if you donated the Bounty to a good cause
Same here.
The xtm5 can run 2.4.4 though. It can even run a full install from CF if needs be.
You should be able to make it boot from USB to do the install by just disabling the "always boot from CF" option in the BIOS. But if not another option is to put the installer on CF, boot that and install to SATA.However you should be able to stay on 2.3.X by going to System > Firmware and selecting 2.3.X security and errata only. You might have to select that a few times until the repo is set to 2.3.X.
Installing 2.4.4 is way to go though.
Steve
-
@stephenw10 @t-rexky
Thanks for your help guys. We are always donating and helping the unfortunates here in the Philippines. I'll load up the car and take a few local kids to town for lunch & ice cream.As for aggregating, we have 2 incoming accounts from our local WISP. They use Canopy Radios and have it configures that the same gateway is used on all accounts. Aggregating won;'t work with this. Is there a way around it, or should I just get a simple wired router to act as a NAT?
Meanwhile, let's dig into 800 posts and get this pfSense going.
Cheers,
MadDogDean -
Unless you can do some form of link aggregating at the ISP end like an actual LAGG or ML-PPP then NATing one connection is the only real choice there.
Steve
