Watchguard XTM 5 Series
-
Just got my XTM 5 series today. Installed pfSense 2.4.5 to an SSD. I did it with the VGA. Should I have used console?
Booting with the console cable I get it halting at Auto Detecting?
Is this when I unplug the cable, plug it back in, and should see pfSense booting?
New screen I was able to get to, but can't send F1 or F2
-
You would have to enable the serrial console or install from the serial console image (where it's enabled by default) to see output on the serial console. Though you would normally see some output from the bootloader there if it was trying to boot.
I assume you installed in something else and then moved the drive across?
What image, exactly, did you use to install from?You still have the original BIOS it looks like?
Steve
-
@stephenw10 I still have the original bios.
I installed version 2.4.5-p1 AMD64 USB VGA on another computer and moved the drive.
I tried installing 2.4.5-p1 AMD64 USB Serial to the SSD, but don't see any video output and don't think that computer has serial. -
Ok, did you enable the serial console in System > Advanced > Admin Access on the other device before moving it? If not try swapping it back and doing that first.
The other way to do this is to write the serial install image to CF card, the XTM5 will boot from that with the standard BIOS and you can then install to SSD directly at the serial console.
Steve
-
@stephenw10 Just wrote the console image to the CF card and now it shows up in console but looks stuck here:
-
Are you sure you used the serial console image? That's one of the last things you would see on dual consoles before it switches to serial as primary console only.
It could be an issue with that SSD. Does it boot further if you disconnect it?
Steve
-
@stephenw10
I flashed the console version the 1GB CF card and it will boot without the SSD attached.
When I attach the SSD I get the following interuption in the console and can't go back to the install process.
I did install again to the SSD via my PC with the VGA version and set System > Advanced > Admin Access.
On my desktop I have to change to IDE from ACHI.
For Partition scheme, I tried to do MBR but then my desktop couldn't boot from the ssd.
So I set it up with GPT, but maybe the WatchGuard can't boot from this.
-
It's not a UEFI bios, MBR should work.
So it only boots as far as the installer menu if you boot without the SSD attached?
SATA is not hot-plugable like that I would not expect that to work. However it looks like there is low level issue with that SSD for some reason, which is odd since the one I have has worked with pretty much everything I've thrown at it! Can you try a different SATA device?
Steve
-
@stephenw10 With PF on the CF card, it will boot and install without the SSD attached. Unfortunately, the 1 GB CF card is not large enough to complete the install.
I have tried another SATA cable and a regular HDD. They are blank and formatted to NTFS.
What I need to try is either getting a larger CF card, what does the WatchGuard support?
Or find a computer that will let me boot with MBR. -
Pretty sure the XTM5 supports large CF cards. pfSense doesn't need much though, it will run in 2GB. However you can't boot the installer from CF and install to that same card, you would need to install to it in something else.
It's not usually this difficult, you may have something bad in the SATA there... -
@stephenw10 It seemed like installing to the same CF card was working until it ran out of space
-
Hmm, that's not intended to work shall we say. You might be able to do it and then play with the bootloader but I would expect to see issues doing that.
It should boot with a SATA device attached.
-
@stephenw10 Finally found a PC in my house that would boot with MBR formatted.
Was able to install from the VGA image and then turn on Console from Advanced settings when booted.Moved to SSD to WatchGaurd and had the following issue:
Googling the quick=0x1(4k) error led me to believe issue with format of SDD. It is an Intel X25M SSD. Let me know if this can be fixed.
Then I tried installing to a regular laptop HDD, put it in the WatchGuard and am getting this error:
Message seems to keep changing.
Something with the network connections?
-
Can you post the actual boot log? Putty should have the full log available. The screenshots don't tell us much other than it looks like there's an issue with em5.
But that would also be the case booting from CF.... -
@stephenw10 Installed to the SSD (Intel X25M) and a full size HDD (WD Green 1TB)
Here are the logs:
SSD: https://pastebin.com/jncsEbpY
HDD: https://pastebin.com/fz86D1WS
-
Hmm, so basically the same and nothing particularly unusual except that em5 is missing because:
em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xac00-0xac1f mem 0xfe7e0000-0xfe7fffff,0xfe7dc000-0xfe7dffff irq 17 at device 0.0 on pci2 em1: Using MSIX interrupts with 3 vectors em1: The EEPROM Checksum Is Not Valid device_attach: em1 attach returned 5Do you have anything connected to em1?
There are some Intel DOS tool you might use to try to correct that checksum I believe. I have not used them.
Does it boot past that when you boot the installer from CF though? Can we see the console log from that?
Steve
-
@stephenw10 Installed pfSense-CE-2.3.5-RELEASE-4g-amd64-nanobsd.img to a CF card and then everything booted correctly.
Log: https://pastebin.com/uMMPaw3J
Now the issue is getting to the webGui.
The WatchGuard will ping to google just fine.
PF isn't giving the laptop I have plugged into EM1 an IP address. I thought I made sure the DCHP server was turned on.
-
em1 is still failing there you only have 5 em NICs:
em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xac00-0xac1f mem 0xfe7e0000-0xfe7fffff,0xfe7dc000-0xfe7dffff irq 17 at device 0.0 on pci3 em1: Using MSIX interrupts with 3 vectors em1: The EEPROM Checksum Is Not Valid device_attach: em1 attach returned 5The NIC shown as em1 there is actually port 3 on the XTM5, what would normally be em2.
Steve
-
@stephenw10 Ok, I won't use em1.
Switched to em2 for LAN, computer gets an IP address, but can't get to the webGUI
-
Some route conflict?
Can you ping 192.168.5.1?
Can you ping the client IP from pfSense?You need to be on 2.4.5 though. There is no path to get there from Nano.
Steve
