Watchguard Firebox M400/M500
-
@stephenw10 said in Watchguard Firebox M400:
It's usually some ACPI issue when that happens. Did it happen with the default CPU?
Steve
I rebooted it once from the serial console without issue when I did the install. Didn't try the GUI option because I shut it down once I had it configured.
Then it stayed off until I put it in service after the CPU swap.
Edit -
Actually in hindsight, I think I did reboot it once from the GUI with the original CPU without issue.
-
Reboots no problem here with the original Celeron. I wouldn't actually expect a CPU swap to cause that really. Maybe reset the CMOS to be sure you haven't picked up some odd setting.
Steve
-
@stephenw10 said in Watchguard Firebox M400:
Reboots no problem here with the original Celeron. I wouldn't actually expect a CPU swap to cause that really. Maybe reset the CMOS to be sure you haven't picked up some odd setting.
Steve
Perhaps it more likely has to do with the storage swap?
I believe that Scorch and I both have our systems booting from SSD. I have no CF card loaded into the reader.
-
Could be. I'm running from CF and hence have no SWAP and have /var and /tmp as RAM drives.
Steve
-
@stephenw10 is there a shutdown option via the GUI? I could just as easily use that when I want to reboot and then just press the power button. Or just ssh in and halt?
It’s a workaround but, realistically, rebooting is a rare occasion.
Thanks
-
Yup, Diag > Halt System.
You can also do a graceful shutdown using the button. It works as an ACPI power button.
Steve
-
@stephenw10 Awesome, thanks!
-
Hi there,
I recently purchased a used M400.What about upgrading to a Intel Xeon E3-1285L v3 3.1GHz?
If the microcode in the BIOS should be missing, I guess it could be injected and thus enabled…Any other suggested CPU upgrade?
-
Might work. The Lanner unit it's based on lists i3, i5 and i7 only. They don't list Celeron though so....
Steve
-
@zanthos said in Watchguard Firebox M400:
Hi there,
I recently purchased a used M400.What about upgrading to a Intel Xeon E3-1285L v3 3.1GHz?
If the microcode in the BIOS should be missing, I guess it could be injected and thus enabled…Any other suggested CPU upgrade?
A quick update:
Intel Xeon E3-1285L v3 @3.1GHz is just Plug'n'Play. It works out of the box
I haven't done any further testing. Also i couldn't check for any BIOS Errors, since I have no VGA screen attached and the serial console is silent... -
Sorry to bother,
Do you recall the exact settings you changed in order to reduce fan speed? I lowered all of the Fanout values significantly (not much documentation from AMI on Fan out) and they're still screaming on my M500
I also noticed 2 sets of values under Main and then the corresponding heirarchy. Does location matter?
Also, did you try getting a BIOS from Lanner?
-
I found you have to set the values in both places. The whole editing process seems quite flaky to be honest.
I did not try to get a BIOS from Lanner.
Steve
-
Got it, editing the failsafe values seemed to take effect. Got PFsense loaded thanks to your ZFS auto install suggestion for UEFI. It was able to boot on all 3 SATA ports, no USB booting unfortunately, possibly needs UEFI as well.
Now just the green light.
Going from Atom Z525 to a 4160T. Should be able to make use of the 1GB connection I pay for now.
-
Nice. It would be nice to have the status LED come up red at boot but I've found no way to add SIO values to the bios like earlier BIOS types could.
Steve
-
Just returned from some testing with an Intel Xeon E3-1285L v3 3.1GHz
Installed pfSense this way:
- attached the msata SSD to my notebook (Win 10) and set it to offline
- created a new Hyper-V Gen 2 VM, unchecked secure boot and set to open-source VM
- direct attached the ssd as the VM SCSI disk
- installed pfSense from the ISO installer image (VGA) using ZFS Auto install
- shut down the VM
- detached the ssd and installed it to the M400 on SATA3
- power on the M400
- attach a network cable to igb1 (LAN) and to my computer
- log in to the web interface (192.168...)
- change console to Serial
- added "hw.ixgbe.unsupported_sfp=1" to /boot/loader.conf (maybe this is not necessary???)
ISP setup:
- inserted a generic BiDi SFP module from fiberstore (SFP-GE-BX, 1310/1490)
- created necessary VLAN and PPPoE connection
Speedtest to my 1000/1000 ISP:
Result is >900MBit up/down
Checked CPU using "top" command: >96% idle(No additional firewall rules, packages and filtering, just the factory settings)
I think i like the Setup
-
@zanthos said in Watchguard Firebox M400:
added "hw.ixgbe.unsupported_sfp=1" to /boot/loader.conf (maybe this is not necessary???)
It isn't. There are no ix NICs on the m400 only igb. Mostly that's not necessary even if you do have ix NICs, most SFP modules are accepted anyway.
It won't hurt having that set but it will likely be removed from loader.conf at a firmware update. Custom loader variables should be added to /boot/loader.conf.local.Steve
-
After a lot of hacking, bricking my M400, re-flashing via SPI, on and on and on, I finaly managed to unlock the BIOS of my M400 by flashing a self-modified BIOS from Lanner.
If it is allowed, I can upload it here…
-
Ooo fun. What mods did you have to do?
Hmm, I'm pretty sure it's an FW-7585 though. The 7584 has an H81 chipset and the m400 defintely has a C226, like the 7585.
-
Do you think this modification would work for the M440 model as well? I have 2 of these units that I would love to get pfSense working.
-
No, the M440 is completely different. You would need to start out with the UP-2010 BIOS. But as we have found it still won't help you there as the FreeBSD igb driver is, currently, unable to recognise the NIC/PHY combination.
Steve
