Watchguard XTM 5 Series
-
@stephenw10 My exact filename is pfSense-CE-memstick-serial-2.4.4-RELEASE-p3-amd64.img it was downloaded from https://www.pfsense.org/download/ and selecting the boxes AMD64, USB Memstick Installer, Serial, New York.
I download on a mac so it may automatically unzip the file for me. Should I try the image location you suggest?
If I disconnect the HHD it is exactly the same, in fact I thought that was the issue at first as I booted without HDD attached.
Thanks
-
In my experience, you have to flash the modified bios since the official bios is locked and many options can't be changed i.e. the boot device preferences, by default it only boots from CF even if nothing else is attached. I was able to run the pfSense installer from CF and install to SATA disks, but it still refused to boot. You'll need the bios firmware, flash tool and some OS, boot that from CF just to flash the bios (you could likely even use the factory firmware and serial console for it, if you can find a compatible flash tool binary). After flashing lots of options that used to be read-only can now be changed and you can boot from SATA, USB etc. In addition with the modified bios pfSense can use front LCD to display some useful stats.
-
@samtap Ok, I thought that may be thew case, but many people on here have said to flash the bios from within pfsense, but mine will not even get that far.
@stephenw10 As you were asking about the image i tried making it on a Win7 PC incase it was the mac no writing it correctly to the CF but I get exactly the same response and it freezes in the same spot. Could my putty settings be wrong and it freezes once it goes into the setup program??
Thanks
-
I think there must be subtle differences between different xtm series and maybe even hardware revisions. For example people claim it boots USB/SATA once you disconnect CF reader, I believe them but for my xtm5 it didn't work like that.
By the way, are you sure it freezes during boot? It might be just the serial console settings that change after it gets through POST and starts booting the OS...
-
Ok.
So I went a step further and used my CF card and HDD connected to a VM and installed pfsense onto the hdd.
Tried hdd in xtm and hdd booted fine unto the exact same point.
So put the hdd back into the vm and booted the hdd and completed the setup with the network card configuration. and then restarted pfsense a couple of times to make sure it was booting all the way through with no questions hoping up. Then put hdd back into xtm and it boots up still to the exact same point, but I have my laptop plugged into port one to see if it gets an IP with the thought that maybe the console is freezing but it isn't getting an IP. And before you think it, yes I did remove the CF card.
Have removed the encryption card in case that was causing an issue but with no joy
So am now not sure what to do next?
Do I have a broken box or do I just need to find a way to flash the bios? I did note at the bios screen I have a date of 04/26/2010 which seems different from the date previously mentioned with bios flashes.
Thanks again
Luke -
It's an odd place in the boot to stop. It's well after the loader variables are set, which is where it would break if you had the wrong baud rate configured. It's before it mounts the root filesystem, which is where it stops writing to all consoles so is thas last thing you see if you have the VGA console set as primary.
Does it still boot the WG OS correctly? Or, say, the OpenWRT x86 image if you don't have the original OS?Steve
-
@stephenw10 Haha, I did power it up before I started and from what I could tell it booted normally. However in the messing about between writing images to CF cards I have overwritten the CF card that came in the unit so now can't check again :-(
Thanks
Luke -
@stephenw10 I down loaded openwrt-18.06.4-x86-generic-combined-ext4.img and the unit boots with it but the serial port settings must be different as it comes up with garbage while booting looking around it seems to be 115200/8/1/None which is what I have set.
Thanks
Luke -
Hmm, I thought that was the default now in OpenWRT too. Try 9600 though.
Maybe you have a bad serial cable? Trying to use the extended serial lines and failing?
Steve
-
@stephenw10 Tried 9600 - no joy different garbage but still garbage. I am starting to wonder about the serial cable too but I need to look and see if I have any others with the rj45 end on them.
Thanks
Luke -
With any half recent serial terminal you only need three connections. More than that might just break stuff if it's not wired correctly. Certainly to connect to pfSense you only need 3 pins connected.
Some older stuff like the X-e bios and FreeDOS required more.Steve
-
@stephenw10 Have tried three different cables now and all with the same results, lost
Luke
-
If you can find one you might try an old NanoBSD serial image directly on the CF card. There are still some mirrors out there hosting them even though they shouldn't be.
Steve
-
I have now tried versions 2.3.5 in both amd64 and i386 and both freeze at the same point as version 2.4.4 I have also tried removing some memory and moving it between banks.
I have also tried to boot the old CF card I used to flash the x550 bios, not to use on this bios but just to see if I can get a dos prompt but again all I get is garbage once past the post screen.
I suspect I need to flash the bios but how can I do this if nothing will load? Failing that I think my box may be a dud :-(
Can't think of anything else left to try now.
Luke
-
@stephenw10 Would this be the right one to try pfSense-CE-2.3.5-RELEASE-4g-i386-nanobsd.img.gz it doesn't say serial but some of the others do say VGA?
The previous versions I have tried have all been memstick versions
Thanks
Luke -
Yes, that would do it. As long as the CF card is 4GB or bigger.
-
It's an odd place to stop. For reference on mine at that point:
fxp0: Ethernet address: 00:90:7f:87:dc:74 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel ICH7 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0 ata0: <ATA channel> at channel 0 on atapci0 ahci0: <Intel ICH7 AHCI SATA controller> port 0x7c00-0x7c07,0x7880-0x7883,0x7800-0x7807,0x7480-0x7483,0x7400-0x740f mem 0xfe4ffc00-0xfe4fffff irq 19 at device 31.2 on pci0 ahci0: AHCI v1.10 with 4 3Gbps ports, Port Multiplier supported ahcich0: <AHCI channel> at channel 0 on ahci0 ahcich1: <AHCI channel> at channel 1 on ahci0 ahcich2: <AHCI channel> at channel 2 on ahci0 ahcich3: <AHCI channel> at channel 3 on ahci0 acpi_button0: <Power Button> on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart0: console (115200,n,8,1) uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 ppc0: <Parallel port> port 0x378-0x37f irq 7 on acpi0
The SATA controller is running in AHCI mode so it shows slightly differently to yours.
The next thing that shows is the power button (is yours stuck maybe?) but then the console....Can you interrupt it at the boot loader menu to reach the loader prompt?
If it has some console problem you might try forcing VGA console. You will get no output but it should still boot completely allowing you webgui access.
Steve
-
@stephenw10 Hi Steve, I tried the nanobsd last night and it stuck it exactly the same place, can you give a little more detail on how to force the VGA method please.
Thanks
Luke -
@stephenw10 Should have added both internal and external power buttons can turn the unit on and off ok. Could you clarify what jumpers you have in place please?
Thanks
Luke -
Booting to VGA console as primary:
https://docs.netgate.com/pfsense/en/latest/hardware/boot-troubleshooting.html#booting-with-an-alternate-consoleYou should still hear the boot tune if it is able to fully boot using that.
Steve
-
@stephenw10 Hi Steve, apologies for the delay in coming back to you. Well I have tried the VGA boot with no joy I have also tried all the other settings such as safe mode, verbose, single user, all with no joy and all stop at the same place. I have also tried booting with no console cable attached, nothing good.
The seller I bough from ebay has other units for auction so have contacted him about purchasing a second unit to confirm if unit number one is faulty as they have a returns policy so could return it.
-
Try hooking a sata drive up to it and see if it will load that way.
-
@chpalmer Yep that's what I have done, installed sata drive in a VM and confirmed it boots without any prompts, but in the XTM I get the freeze at the same place with versions 2.4.4, 2.3.5, i386, amd64, nanobsd, memstick, on CF or SATA
-
Hmm, but you were able to interrupt the boot loader and enter characters which implies the console is working fine at that point. Hard to say then, I don't recall anything stopping at that point previously.
Steve
-
hello,
first very impressed of the activity for this redbox AND pfsense : woahhhh !
secondly :
i have 3 of thix box running fine for a long time.
But with a fourth, i just buy , big problem.
motherboard is FW-7580 W REV 1.01 - i can't install if not flashing to xtm5_83.rom : i need to pass ATA from IDE to AHCI , why ?
2 - but with new BIOS (Pfsense 1.8) : just LAN NIC is working all other can't acces WAN (internet)
3 - how can i come back to my bios backup ? (if no web access , for downloading flashrom ... obtain flashrom binary, and install how to do that ?!!)i really need your help !
-
So only the fxp port is working?
You can still set that as the WAN and use that to pull in flashrom. If you only have one port defined it will be WAN.
Were the other ports working before you flashed the BIOS? I have never seen that be an issue. I'm not sure how it would break the NICs. Unless that board is completely different, which seems unlikely.
Steve
-
@stephenw10
hello stephnew10 : happy to see you here !!!
What a marvellous adventure pfsense on Watchguard . pfffiiiouuuu ;-)Yep with bios WG 1.3 , just laste nic em5 was probably out of order.
But with xtm5_83.rom ... lol !
just one. -
Hmm, well hard to explain how that could be. It would be good to know which one still works. I'm guessing it's the 100M port (fxp0) since that's completely different.
Whichever it is you should be able to use it as WAN to connect out and install flashrom.Steve
-
@stephenw10
hello, sorry for delay.root@OPNsense:~ # pkg install flashrom Updating OPNsense repository catalogue... Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2813191321208:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2813191321208:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2813191321208:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: pkg: https://pkg.opnsense.org/FreeBSD:11:amd64/20.1/latest/meta.txz: Authentication error repository OPNsense has no meta file, using default settings Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2813191321208:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2813191321208:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2813191321208:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269: pkg: https://pkg.opnsense.org/FreeBSD:11:amd64/20.1/latest/packagesite.txz: Authentication error Unable to update repository OPNsense Error updating repositories!
-
@ledufakademy said in Watchguard XTM 5 Series:
Unable to update repository OPNsense
Your not running pfsense. Without knowing the particulars of that product nobody here would be able to guess correctly.
-
-
@stephenw10
ok i will flash the card F with last pfsensewith pfsense : boot stuck at :
em5: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xac00-0xac1f mem 0xfe7e0000-0xfe7fffff,0xfe7dc000-0xfe7dffff irq 17 at device 0.0 on pci2 : solved.
same issue :
[2.4.3-RELEASE][root@pfSense.localdomain]/root: pkg update Updating pfSense-core repository catalogue... pkg: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory Certificate verification failed for /C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA 34405266376:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/builder/ce-243/tmp/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269: pkg: https://pkg.pfsense.org/pfSense_v2_4_3_amd64-pfSense_v2_4_3/packagesite.txz: Authentication error Unable to update repository pfSense Error updating repositories!
-
This is really a 'thank-you' to those forum contributors who did all the heavy lifting
investigating this box and getting pfSense running with all the hardware whistles & bells configured.After lurking for a few weeks and on this thread and others concerning the XTM 5 series, I took the
plunge and bought one from eBay for ยฃ45 for my home setup.I installed the latest pfSense 2.4.5 on a ZFS mirror with two cheapo 120 Gb SSDs, flashed the
BIOS with xtm5_83.rom without any drama, and had no problems accessing the BIOS screens with a
serial cable. The 4G RAM upgrade and E5700 CPU upgrade also went without a hitch.I built a 64 bit WGXepc binary from source in a FreeBSD 11.3 VM (the base for pfSense 2.4.5)
and the Arm/Disarm light now does whatever I tell it to via ShellCmd.Flush with success I splashed out ยฃ12 on an Intel Q8200S on eBay and that arrived last week
and I finally hit my first hurdle - the board doesn't boot with this chip, but will if I
reinsert the E5700. So I just wanted to check that others have got this processor working with
the xtm5_83.rom image? It's no real hardship if I can't get it working, it may just be a dudd
Chinese-scavenged chip, but it would be the icing on the cake if I could get it going.Also - following the mantra of 'hope for success, plan for failure', I couldn't find the pinout of the SPI
header anywhere in the forums, even though it was mentioned a few times. As I'm putting together a duplicate box
for my brother this might come in handy, (though hopefully not). I've searched and googled but found nothing.
Can anyone help with this info?Once again - thanks to everyone.
-
It should work with the Q8200S. The board seems very accommodating in general. https://forum.netgate.com/post/427056 and https://forum.netgate.com/post/544654
After camping ebay (for literally years ) I have a Xeon L3110 in mine and that runs great.
The SPI pinout is standard as far as I know. From the FW-7581 manual though:
Steve
-
@stephenw10 Outstanding! Thanks for the info.
-
Hi,
Sorry to disturbe the subject.
I have bought a WatchGuard XTM 505 and I will change the processor and the RAM.
About the processor, I have found a Pentium Dual Core E5300, does it fit with the XTM 505 ? Will it works?
For the RAM, I read that we can add up to 8Go but I think 4Go is adequate ?
I want to use all links at Gigabit speed, I have fiber that provide me 990mb/s download and 600mb/s in upload.
I will add an SSD with PFSense.
Do you think my config is good?
Thanks!
-
Yes, it probably will work. Yes it will pass Gigabit line rate (941Mbps) but it will be quite taxed doing so. I would just get an E7500 C2D as they cost peanuts these days unless you already have the E5300 in which case test it and see.
4GB is enough for almost everything sane in that level of device. I never bothered putting more than 2GB in mine. I still use it for testing stuff on occasion.
Steve
-
Ok thanks! I have ordered an E7500 and 4Go DDR2 800.
I currently have a PFSense running in old stuff, with an SSD. Can I just take the SSD to the Watchguard ? or it would be better to make a fresh install ? My old stuff just has 3 gigabit ports so if I just move the SSD I guess I just have to re-configure network interface?
Thanks
-
Yes you would need to reconfigure the interfaces if they are not em in the previous box.
Yes you could just move the SSD. If the previous device does not have a serial console be sure to enable that in Sys > Adv > Admin Access before moving it.
A fresh install is probably a good idea. You will have to boot from CF though unless/until you have swapped out the BIOS to allow USB booting.
Steve
-
I see. Thanks for the help, I think I will make a fresh install :)