Watchguard Firebox M400/M500
-
@jayphizzle
According to @stephenw10
(read his post here: console log of BIOS update)afudos backup.rom /O afudos m400.rom /B /P /N
The first line creates a backup of your existing rom.
The second one flashes the file "m400.rom" -
@iJay-XTM5 said in Watchguard Firebox M400:
@zanthos said in Watchguard Firebox M400:
@iJay-XTM5 said in Watchguard Firebox M400:
I'm going to be brave and see what it takes to update the microcode within the bios!
Maybe You Need to add microcode to the BIOS.
The original BIOS (Ver. WD0 10/08/2014) contains microcode for the following CPU ID's:- 06C3 (Date: 2013/08/16)
- 06C2 (Date: 2012/10/17)
- 06C1 (Date: 2012/06/14)
If your XEON CPU has another ID it will probably not work. Then you need to add the missing microcode.
If you just want to update the existing microcode, google for "UBU" and "BIOS". Check the link in Win-Raid Forum. This tool is simple to use and let's you update the microcode easily.
I think you can also use it to add microcode, but I haven't done that.
Another method you find here: http://wp.xin.at/archives/4397BTW: you could try to flash my BIOS with an updated Microcode for CPU ID 06C3 from 2018/04/02. See Watchguard Firebox M400
I was unsuccessful in getting the M400 to boot with the low power Xeon, with the original bios or patched with a microcode update using MMtools. The Celeron continues to boot happily while the Xeon still continues with the 4 beeps of death!
I found an alternate explanation for the beeps in the Aptio 4.x Status Codes document. The DXE beep codes list says 4 beeps means "Some of the Architectural Protocols are not available". I assume this means the board is unable to provide the low voltage levels required by the Xeon.To add to the list of processors running on the M400, I would like to report success booting with an i5-4590t that I found on ebay over the break. The board is currently running a bios that Steve originally modified to lower the fan speed. I subsequently upgraded the CPU microcode during my previous attempts to get the low power Xeon to boot unsuccessfully.
Next, the plan is to flash zanthos' unlocked bios and install the low speed Noctua fans....
-
So there might be a simple step that I'm missing but I'm trying to flash the unlocked bios and when I use "cu -l /dev/cuaU1 -s 9600" from @stephenw10 console output log it says:
"/dev/cuaU1: No such file or directory
link down"When I try the same command but "/dev/cuau1" just hangs when it says "connected" and nothing happens after that. I created the bootable USB with Rufas and I used the FreeDOS image Rufas already had. Am I skipping a step somewhere maybe?
edit: I'm trying this from within the PFSense Shell.
kldload ucom shows "kldload: can't load ucom: module already loaded or in kernel" and I added the ucom_load="YES" to the loader.conf.
The result of "usbconfig" is:
ugen1.1: <Intel EHCI root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen2.1: <Intel EHCI root HUB> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen0.1: <0x8086 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA) ugen1.2: <vendor 0x8087 product 0x8008> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen2.2: <vendor 0x8087 product 0x8000> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen0.2: <vendor 0x13fe USB DISK 3.0> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (300mA)
-
Slightly confused here; you are connecting to the m400 using a USB serial adapter in another pfSense box?
If you boot the m400 into FreeDOS you need to connect to it with some other device, typically a laptop connected to the serial console via an adapter of some kind.
Steve
-
Hi Stephen,
So what I currently have is:
A m500 box running pfsense off a ssd
A usb to serial cable
And a laptop I’m using to connect to the m500 with that usb to serial cableI’ve tried booting just FreeDOS off both the CF card and a USB but I get no output so I assume that it’s not booting correctly.
I’ve also tried to use ucom (like “tip ucom”) from within the PFSense shell but I get a “file or directory not found” message and cuaU* is not located in /dev/.
I’m unsure if maybe I just need a different cable or I’m not really sure.
-
Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.
You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.Steve
-
@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!Good luck!
-
@stephenw10 said in Watchguard Firebox M400:
Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.
You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.Steve
@zanthos said in Watchguard Firebox M400:
@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!Good luck!
Ok so I just tried to remake the CF card using the FreeDOS image Rufas already had. I then copied all the files that Zanthos posted and overwrote the files on the CF card. But when I'm booting still I get no output. I don't even see the output from the BIOs. I'm using putty at 9600 8N1 and I've tried all the flow control settings and still nothing. I'm not sure if I just need to use a different FreeDOS image maybe?
I appreciate the help so far guys, I've been trying to figure this out for a good few hours haha.
-
@isnicolascageinjail
First check if you see the BIOS POST at 115200. It must!
If not, your cable might be at fault.
Or maybe you're useing the wrong COM port on your Laptop... -
@zanthos So yeah, if I boot to pfsense and use 115200 I can see everything just fine, but when I switch to 9600 I get nothing. I am using COM1 so I think that should be fine. I just have the CF card with FreeDOS currently plugged into the device.
-
If you leave it at 115200 and boot from the FreeDOS CF card what's the last thimg you see? Does it appear to be booting from the card at all?
Styeve
-
I get a single character that looks like static and nothing after that. The longer I leave it on the louder the fans get also. I've also tried booting the same image with a USB and it'll start flashing for a second (the lights on the USB) and it'll eventually stop like it's not being read from anymore.
It'll also shutoff instantly whereas when I'm in pfsense I'll need to hold the off switch for a few seconds to give it time to turn off.
-
@isnicolascageinjail
Maybe you need to set the CF partition Master Boot Record (MBR) to active.
It might not boot at all...
Use diskpart utility (Windows) for that. -
@zanthos Ok so I used the FreeDOS image floating around in the other watchguard tutorials (FreeDOSBios2.img) and I only moved over the m400.rom, and afudos and that seems to be working. Now I just need to figure out why I can't access the BIOs.
edit: cool, looks like I got it. Thank you so much guys!
-
Nice! Getting a bootable FreeDOS device can be a challenge I found. Especially when you want serial console.
-
Yeah, I almost started going crazy there for a second haha. I think I was mostly stuck at the "tip ucom" part, but you were able to clear that up for me and I got it. The fans thankfully no longer run at max speed.
-
Last week i also had to flash a m400 box. But my three year old son got my bios flash cf card and i could not find it. I tried many things to get a new cf card up and running with freedos without luck. I also used zanthos freedos files and there also not getting into the command promt with three beeps. Than i remember that i had done a backup of this cf card with win32diskimager. This was my luck and i get a new card that bootet freedos and i was able to flash the m400. Two day later i found the original cf card that my son put into my shoes ;)
Here is a link to my cf card backup that can be written to cf with win32diskimager:https://drive.google.com/open?id=1j297B0Yj7fq43yRadHctv1JSIP3oR36-
I also bootet with 115200 baud rate but there is no output with original bios when boot up the box. When flashed with the modified bios it is showing the boot up and you can get into the bios.
-
I was able to flash zanthos' unlocked bios and didn't know it had console redirect enabled. Since I had VGA connected before flashing the bios and no video after I cleared the CMOS, I had a moment of panic until I heard the familiar bios startup beeps.
@stephenw10 you were right, the bios is unlocked to a dangerous levelWhile the system is functioning post upgrade, I have a few issues that I need help with:
First, I notice the CPU temperature reported in the bios under Advanced -> H/W Monitor is much higher than pfsense dashboard. Is this expected behavior? I have smart fan control enabled, and the fan speed constantly cycles.Secondly, the CPU seems to run at full speed most of the time even though the load is 1-3%. EIST is enabled, and only occasionally I see the CPU speed drop to 1500 MHz. Is this expected behaviour?
My eventual goal is to reduce fan noise and power consumption as far as possible.Apologies for the long winded post. I appreciate any help I can get with these issues. Thanks!
-
The temperature reported in the BIOS is probably using some sensor on the superio chip that may be set incorrectly for that CPU. The value reported by the Coretemp driver from the on die sensors look OK though.
The smart fan settings probably need tuning further if it's constantly cycling.The cpu frequency should be checked using the sysctl directly rather than the dashboard as simply displaying that can use enough CPU cycles to ramp up powerd.
Steve
-
@zanthos Hello bro, is possible have a guide and the pin sequence for spi programmer? i brick my m400 thx a lot