Watchguard Firebox M400/M500

stephenw10

Mmm, hard to believe that would be any different at reboot rather than boot but....

I am running a full install from CF and hence not booting uefi:

[2.4.4-RELEASE][admin@m400.stevew.lan]/root: sysctl machdep.bootmethod
machdep.bootmethod: BIOS

Steve

apocalyps3736

We have a M440 up and running with pfsense but only the first (eth0) and the 2 fiberoptic connections are working. Does someone has any idea how to get the eth1-eth24 working? I studied the WG software and they have some fancy scripts and modules for it to bring up al the eth ports

stephenw10

There's a separate thread for it: https://forum.netgate.com/topic/136614/watchguard-firebox-m440/

But the short answer is no.

The igb driver does not attach to the other 3 ports because the PHY used is not recognised.

The switch IC is connected to the CPU only via an unknown PCI device. It looks to have a serial console for some kind (the switch) but we never saw any output from it. It looked like there might be a resistor missing.

Please post in the other thread if you wish to discuss further.

Steve

pglover19

What is the best CPU to use for the M500 model? Thanks..

zanthos

@pglover19
I have installed an Intel Xeon E3-1285L v3 3.1GHz in my M400...

pglover19

@zanthos said in Watchguard Firebox M400:

@pglover19
I have installed an Intel Xeon E3-1285L v3 3.1GHz in my M400...

The prices on Ebay is still high for the Xeon E3-1285L v3 CPU. Any other alternatives?

pglover19

@stephenw10 said in Watchguard Firebox M400:

Use WGXepc64. Source. 64bit binary.

Read about its development here if you're interested:
https://forum.netgate.com/topic/29470/as-good-as-solved-watchguard-firebox-arm-disarm-led

Steve

I tried using the program on my Firebox M500 and it is not working. See attachment.

0_1551267726934_48eef350-25c5-42f9-8ad6-2868e09ee10a-image.png

stephenw10

Yeah, it doesn't do the fan control but does it set the led as expected?

What's the supplied CPU in the M500?

Steve

zanthos

@pglover19 said in Watchguard Firebox M400:

The prices on Ebay is still high for the Xeon E3-1285L v3 CPU. Any other alternatives?

Check this list:
https://en.wikipedia.org/wiki/List_of_Intel_Xeon_microprocessors#Haswell-based_Xeons
Choose any of the LGA 1150 based CPU's. They should work all... (But I can't guarantee that…)
At least you can inject the latest Intel CPU microcodes to the BIOS to support those CPU's.
My Intel Xeon E3-1285L v3 3.1GHz did work indeed without any modification.

stephenw10

Or indeed almost any Haswell LGA 1150 CPU is likely to work. So a load of i3/i5s you could choose.
What are you planning to use it for? What do you need a replacement CPU to do?

Steve

pglover19

@stephenw10 said in Watchguard Firebox M400:

Or indeed almost any Haswell LGA 1150 CPU is likely to work. So a load of i3/i5s you could choose.
What are you planning to use it for? What do you need a replacement CPU to do?

Steve

I am looking for a AES-NI CPU. This unit will only be used in my home lab. I am running pfSense on 2 DELL R320 servers in HA mode in my production environment.

pglover19

The CPU in the M500 is G3420.

stephenw10

Then any relatively cheap i3 like the 4130 will work. That will give you a faster CPU with hyperthreading and AES-NI.

I think someone fitted one earlier in this thread. (edit: several people in fact)

Steve

stephenw10

For reference here is the console log of the BIOS update commands I used.

[2.4.4-RELEASE][root@5100.stevew.lan]/root: cu -l /dev/cuaU1 -s 9600
Connected

Freedos on COM1:
Freedos
Current date is Sun 03-03-2019
Current time is  9:30:01.88 pm
C:\>dir
 Volume in drive C is FREEDOS1.0
 Volume Serial Number is 4A84-36BD
 Directory of C:\

KERNEL   SYS        44,889  08-20-06  7:08a
COMMAND  COM        66,945  08-29-06  2:40a
BIOS                 <DIR>  03-03-19  8:37p
AUTOEXEC BAT           277  03-03-19  9:28p
MODE     COM        16,254  05-12-05 12:05p
         4 file(s)        128,365 bytes
         1 dir(s)      23,560,192 bytes free
C:\>cd bios
C:\BIOS>afudos
+---------------------------------------------------------------------------+
|                 AMI Firmware Update Utility  v3.07.00                     |
|      Copyright (C)2014 American Megatrends Inc. All Rights Reserved.      |
+---------------------------------------------------------------------------+
| Usage: AFUDOS.EXE <ROM File Name> [Option 1] [Option 2]...                |
|           or                                                              |
|        AFUDOS.EXE <Input or Output File Name> <Command>                   |
|           or                                                              |
|        AFUDOS.EXE <Command>                                               |
| ------------------------------------------------------------------------- |
| Commands:                                                                 |
|         /O - Save current ROM image to file                               |
|         /U - Display ROM File's ROMID                                     |
|         /S - Refer to Options: /S                                         |
|         /D - Verification test of given ROM File without flashing BIOS.   |
|         /A - Refer to Options: /A                                         |
|       /OAD - Refer to Options: /OAD                                       |
| /CLNEVNLOG - Refer to Options: /CLNEVNLOG                                 |
| Options:                                                                  |
|     /MEUL: - Program ME Entire Firmware Block, which supports             |
|              Production.BIN and PreProduction.BIN files.                  |
|         /Q - Silent execution                                             |
|         /X - Don't Check ROM ID                                           |
|       /CAF - Compare ROM file's data with Systems is different or         |
|              not, if not then cancel related update.                      |
|         /S - Display current system's ROMID                               |
|       /JBC - Don't Check AC adapter and battery                           |
|  /HOLEOUT: - Save specific ROM Hole according to RomHole GUID.            |
|              NewRomHole1.BIN /HOLEOUT:GUID                                |
|        /SP - Preserve Setup setting.                                      |
|         /R - Preserve ALL SMBIOS structure during programming             |
|        /Rn - Preserve SMBIOS type N during programming(n=0-255)           |
|         /B - Program Boot Block                                           |
|         /P - Program Main BIOS                                            |
|         /N - Program NVRAM                                                |
|         /K - Program all non-critical blocks.                             |
|        /Kn - Program n'th non-critical block(n=0-15).                     |
|     /HOLE: - Update specific ROM Hole according to RomHole GUID.          |
|              NewRomHole1.BIN /HOLE:GUID                                   |
|         /L - Program all ROM Holes.                                       |
|        /Ln - Program n'th ROM Hole only(n=0-15).                          |
|      /ECUF - Update EC BIOS when newer version is detected.               |
|         /E - Program Embedded Controller Block                            |
|        /ME - Program ME Entire Firmware Block.                            |
|       /FDR - Flash Flash-Descriptor Region.                               |
|       /MER - Flash Entire ME Region.                                      |
|      /MEUF - Program ME Ignition Firmware Block.                          |
|         /A - Oem Activation file                                          |
|       /OAD - Delete Oem Activation key                                    |
| /CLNEVNLOG - Clear Event Log.                                             |
|   /CAPSULE - Override Secure Flash policy to Capsule                      |
|  /RECOVERY - Override Secure Flash policy to Recovery                     |
|        /EC - Program Embedded Controller Block. (Flash Type)              |
|    /REBOOT - Reboot after programming.                                    |
|  /SHUTDOWN - Shutdown after programming.                                  |
+---------------------------------------------------------------------------+
C:\BIOS>dir
 Volume in drive C is FREEDOS1.0
 Volume Serial Number is 4A84-36BD

 Directory of C:\BIOS

.                    <DIR>  03-03-19  8:37p
..                   <DIR>  03-03-19  8:37p
M400     ROM     8,388,608  01-14-19 10:57a
AFUDOS   EXE       168,944  11-10-14  3:14p
AFUEFI   EXE       159,392  04-24-14  3:59p
         3 file(s)      8,716,944 bytes
         2 dir(s)      23,560,192 bytes free
C:\BIOS>afudos backup.rom /O
+---------------------------------------------------------------------------+
|                 AMI Firmware Update Utility  v3.07.00                     |
|      Copyright (C)2014 American Megatrends Inc. All Rights Reserved.      |
+---------------------------------------------------------------------------+
 Saving current BIOS into file: backup.rom
 Reading flash ............... done                
C:\BIOS>dir
 Volume in drive C is FREEDOS1.0
 Volume Serial Number is 4A84-36BD

 Directory of C:\BIOS

.                    <DIR>  03-03-19  8:37p
..                   <DIR>  03-03-19  8:37p
M400     ROM     8,388,608  01-14-19 10:57a
AFUDOS   EXE       168,944  11-10-14  3:14p
AFUEFI   EXE       159,392  04-24-14  3:59p
BACKUP   ROM     4,194,304  03-03-19  9:52p
         4 file(s)     12,911,248 bytes
         2 dir(s)      19,365,888 bytes free
C:\BIOS>afudos m400.rom /B /P /N
+---------------------------------------------------------------------------+
|                 AMI Firmware Update Utility  v3.07.00                     |
|      Copyright (C)2014 American Megatrends Inc. All Rights Reserved.      |
+---------------------------------------------------------------------------+
 Reading flash ............... done                
 - ME Data Size checking . ok
 - FFS checksums ......... ok
 Erasing Boot Block .......... done                
 Updating Boot Block ......... done                
 Verifying Boot Block ........ done                
 Erasing Main Block .......... done                
 Updating Main Block ......... done                
 Verifying Main Block ........ done                
 Erasing NVRAM Block ......... done                
 Updating NVRAM Block ........ done                
 Verifying NVRAM Block ....... done                
C:\BIOS>

After running that the box reboots twice and beeps a few times. Alarming if you're not ready for it!

I leave creating a FreeDOS bootable USB stick as an exercise for the user.

The BIOS file Zanthos linked here has everything unlocked. I'm sure you could prevent it booting using some of the options there so if you do this choose wisely.

Also BIOS flashing is inherently dangerous etc etc!

Steve

zanthos

@stephenw10
Do I understand that correctly: You tried to flash that BIOS file, the box rebooted twice and beeped a few times. But after it worked?

Because when I tried the first time, I messed with the afudos parameters and bricked my box. So I had to use a SPI programmer to revive it...

stephenw10

Yes, sorry, that worked fine after going through it initialization routine because the cmos was cleared.

Steve

zanthos

@zanthos
I just upgraded the RAM in my M400 with this one:
Kingston Value RAM KVR16N11K2/16 (2x8GB).
It works!

Scorch95

Does anyone know what the power draw on these are roughly? I don’t have any way to measure mine but trying to spec a ups as the storm last night knocked power out and corrupted the install. Gonna have to pull the unit and reimage it but would like to prevent this going forward. My fault for not already having a ups but I can prevent it in the future.

stephenw10

~35W peak at boot then ~26W once booted and idle according to my plugin power meter.

Steve

Scorch95

@stephenw10
Thank you!