Watchguard Firebox M400/M500

isnicolascageinjail

So there might be a simple step that I'm missing but I'm trying to flash the unlocked bios and when I use "cu -l /dev/cuaU1 -s 9600" from @stephenw10 console output log it says:

"/dev/cuaU1: No such file or directory
link down"

When I try the same command but "/dev/cuau1" just hangs when it says "connected" and nothing happens after that. I created the bootable USB with Rufas and I used the FreeDOS image Rufas already had. Am I skipping a step somewhere maybe?

edit: I'm trying this from within the PFSense Shell.

kldload ucom shows "kldload: can't load ucom: module already loaded or in kernel" and I added the ucom_load="YES" to the loader.conf.

The result of "usbconfig" is:

ugen1.1: <Intel EHCI root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen2.1: <Intel EHCI root HUB> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.1: <0x8086 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA)
ugen1.2: <vendor 0x8087 product 0x8008> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen2.2: <vendor 0x8087 product 0x8000> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.2: <vendor 0x13fe USB DISK 3.0> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (300mA)

stephenw10

Slightly confused here; you are connecting to the m400 using a USB serial adapter in another pfSense box?

If you boot the m400 into FreeDOS you need to connect to it with some other device, typically a laptop connected to the serial console via an adapter of some kind.

Steve

isnicolascageinjail

@stephenw10

Hi Stephen,

So what I currently have is:

A m500 box running pfsense off a ssd
A usb to serial cable
And a laptop I’m using to connect to the m500 with that usb to serial cable

I’ve tried booting just FreeDOS off both the CF card and a USB but I get no output so I assume that it’s not booting correctly.

I’ve also tried to use ucom (like “tip ucom”) from within the PFSense shell but I get a “file or directory not found” message and cuaU* is not located in /dev/.

I’m unsure if maybe I just need a different cable or I’m not really sure.

stephenw10

Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.

You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.

You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.

Steve

zanthos

@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.

The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!

Good luck!

isnicolascageinjail

@stephenw10 said in Watchguard Firebox M400:

Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.

You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.

You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.

Steve

@zanthos said in Watchguard Firebox M400:

@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.

The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!

Good luck!

Ok so I just tried to remake the CF card using the FreeDOS image Rufas already had. I then copied all the files that Zanthos posted and overwrote the files on the CF card. But when I'm booting still I get no output. I don't even see the output from the BIOs. I'm using putty at 9600 8N1 and I've tried all the flow control settings and still nothing. I'm not sure if I just need to use a different FreeDOS image maybe?

I appreciate the help so far guys, I've been trying to figure this out for a good few hours haha.

zanthos

@isnicolascageinjail
First check if you see the BIOS POST at 115200. It must!
If not, your cable might be at fault.
Or maybe you're useing the wrong COM port on your Laptop...

isnicolascageinjail

@zanthos So yeah, if I boot to pfsense and use 115200 I can see everything just fine, but when I switch to 9600 I get nothing. I am using COM1 so I think that should be fine. I just have the CF card with FreeDOS currently plugged into the device.

stephenw10

If you leave it at 115200 and boot from the FreeDOS CF card what's the last thimg you see? Does it appear to be booting from the card at all?

Styeve

isnicolascageinjail

I get a single character that looks like static and nothing after that. The longer I leave it on the louder the fans get also. I've also tried booting the same image with a USB and it'll start flashing for a second (the lights on the USB) and it'll eventually stop like it's not being read from anymore.

It'll also shutoff instantly whereas when I'm in pfsense I'll need to hold the off switch for a few seconds to give it time to turn off.

zanthos

@isnicolascageinjail
Maybe you need to set the CF partition Master Boot Record (MBR) to active.
It might not boot at all...
Use diskpart utility (Windows) for that.

isnicolascageinjail

@zanthos Ok so I used the FreeDOS image floating around in the other watchguard tutorials (FreeDOSBios2.img) and I only moved over the m400.rom, and afudos and that seems to be working. Now I just need to figure out why I can't access the BIOs.

edit: cool, looks like I got it. Thank you so much guys!

stephenw10

Nice! Getting a bootable FreeDOS device can be a challenge I found. Especially when you want serial console.

isnicolascageinjail

Yeah, I almost started going crazy there for a second haha. I think I was mostly stuck at the "tip ucom" part, but you were able to clear that up for me and I got it. The fans thankfully no longer run at max speed.

kr81

Last week i also had to flash a m400 box. But my three year old son got my bios flash cf card and i could not find it. I tried many things to get a new cf card up and running with freedos without luck. I also used zanthos freedos files and there also not getting into the command promt with three beeps. Than i remember that i had done a backup of this cf card with win32diskimager. This was my luck and i get a new card that bootet freedos and i was able to flash the m400. Two day later i found the original cf card that my son put into my shoes ;)
Here is a link to my cf card backup that can be written to cf with win32diskimager:

https://drive.google.com/open?id=1j297B0Yj7fq43yRadHctv1JSIP3oR36-

I also bootet with 115200 baud rate but there is no output with original bios when boot up the box. When flashed with the modified bios it is showing the boot up and you can get into the bios.

iJay-XTM5

I was able to flash zanthos' unlocked bios and didn't know it had console redirect enabled. Since I had VGA connected before flashing the bios and no video after I cleared the CMOS, I had a moment of panic until I heard the familiar bios startup beeps.
@stephenw10 you were right, the bios is unlocked to a dangerous level

While the system is functioning post upgrade, I have a few issues that I need help with:
First, I notice the CPU temperature reported in the bios under Advanced -> H/W Monitor is much higher than pfsense dashboard. Is this expected behavior? I have smart fan control enabled, and the fan speed constantly cycles.

Secondly, the CPU seems to run at full speed most of the time even though the load is 1-3%. EIST is enabled, and only occasionally I see the CPU speed drop to 1500 MHz. Is this expected behaviour?
My eventual goal is to reduce fan noise and power consumption as far as possible.

Apologies for the long winded post. I appreciate any help I can get with these issues. Thanks!

stephenw10

The temperature reported in the BIOS is probably using some sensor on the superio chip that may be set incorrectly for that CPU. The value reported by the Coretemp driver from the on die sensors look OK though.
The smart fan settings probably need tuning further if it's constantly cycling.

The cpu frequency should be checked using the sysctl directly rather than the dashboard as simply displaying that can use enough CPU cycles to ramp up powerd.

Steve

devid79

@zanthos Hello bro, is possible have a guide and the pin sequence for spi programmer? i brick my m400 thx a lot

devid79

@Mookatroid is possible have a diagram pin for vga? thx a lot

zanthos

@devid79 Here you go

@devid79 said in Watchguard Firebox M400:

@zanthos Hello bro, is possible have a guide and the pin sequence for spi programmer? i brick my m400 thx a lot

@devid79 said in Watchguard Firebox M400:
@Mookatroid is possible have a diagram pin for vga? thx a lot