Watchguard XTM 5 Series
-
Has anyone upgraded the fans?
-
You can replace them with something from Noctua for example. There are some references in this thread. I never bothered once I could set the minimum fan speed with WGXepc, those Noctua fans are expensive!
Steve
-
@dog2bert Noiseblocker BlackSilent Fan XM-2-40mm does the job for me, cheap and silent, even at full speed. The watchguard is in my living room.
-
@stephenw10 What value should I use for the fan speed?
Can you set it in the BIOS now that I have it unlocked?Is 10 safe?
Looks like the -f command doesn't work on the 5 series only -f2
/conf/WGXepc64 -f2 10
-
I have the system fan set to 50. The CPU fan is connected to the other controller and WGXepc can't set that (yet). You can set it manually though.
Steve
-
I have XTM 5 with the belwo BIOS
root@OPNsense:/conf # dmidecode | lessdmidecode 3.2
Scanning /dev/mem for entry point.
SMBIOS 2.5 present.
44 structures occupying 2148 bytes.
Table at 0x000FBCD0.Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: American Megatrends Inc.
Version: 080015
Release Date: 04/26/2010
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 1024 kBI am safe to use this image to update my BIOS from https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
-
They should all be compatible AFAIK, I've yet to see one that was not. That's just the date from the gen2 models, there are a few posts here confirming it works. For example:
https://forum.netgate.com/post/797569Of course flashing the BIOS is always inherently risky. You could lose power part way though etc...
And you're running the wrong OS...
Steve
-
@stephenw10
Thanks Steve... BIOS flash was successfully...
Still playing around with different firewalls before going production... if that makes sense -
The original Watchguard CF card OS boot is able to start Recovery Mode (SysB) or Safe Mode (SysA Safe) from LCD Keys
I think is something embedded in MBR or in GRUB stage...I had a crazy idea... how shall be hard making a multiboot like that to choice via LCD keys which disk / partition will have to start ?
Obviously i think who should be the right one for the answer...
Stephen i'm very cold about ASM or C coding...
I can only give an original Watchguard CF image and no more right now. -
I believe that code is in BIOS and passed to GRUB. You will still see it try to boot recovery even without a CF card present.
Steve
-
@stephenw10 sorry for the delay... i tried without the CF Card and nothing happens during the startup phase on the LCD pressing UP or DOWN button of the case keypad... only the WG BIOS V 1.2 stay.
But you could be in right and some code could be embedded in bios too to storage a flag value somewhere...I'm affascinating by bios and i wish spend time investigating.. please may you give me some hints about software you used to modding the XTM5's AMI Bios ?
I tried to search on the web but i found only recent software that don't recognize this 1024k ROM. -
[1] Install the flashrom tool
pkg pkg install flashrom rehash
[2] Download the new flash image
cd /tmp fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom md5sum xtm5_83.rom
The MD5 has should be: e75bc93ca2db547a3facb8d611f0d441
[3] Reprogram the flash
Read and save the original/current flash image
flashrom -r rom.original –programmer internal
Write the new image
flashrom -w xtm5_83.rom –programmer internal
Verify the write was successful
flashrom -v xtm5_83.rom –programmer internal
Pull the CMOS battery & mains power, wait a few minutes, reboot & voilà.
If everything's OK you can delete the new image file with:rm /tmp/xtm5_83.rom
-
For actually editing the image there are a number of tools that can open and modify the older pre-uefi AMI BIOSes. Including AMIs own proprietary tool amibcp. You'll have to go searching for that if you want to use it.
Bare in mind it's very easy to make an image that doesn't POST and then you need to reflash the chip directly. I did it several times!
https://forum.netgate.com/post/336712Steve
-
@Dufflepod thanks i'm aware about that procedure. I wish to edit the .ROM file not just to push it on the CHIP as is.
@stephenw10 i found the right (i think) 3.51 version of the amibcp tools but it seems to have a partial control on the bios. I think you found some more specific tool... to be able to change Arm/Disarm LED status and to change the LCD text during bios...
If you could help me at least telling me the name of the right software ;)
I know after that i have to do my hard work on my own...
Thanks -
The ARM LED is set by setting the appropriate SIO registers.
The LCD message I changed by hex editing the right module directly. Which is why it had to be the same number of characters. -
thx
-
@stephenw10 Hi, I bought two XTM 5, they have same motherboard (MB-7580W v1.0, CK: 9A80 2010-02-03).
They differ by the flash bios: one (I'll call it A) has a label with YK12 1046, the other (I'll call it B) has this label with YJ96 3493.
So I installed pfsense on a CF and I flashed unit A with flashrom. All fine, on boot I see the new string and the red led.
I wasn't able to do the same with unit B, flashrom was unable to find the device to write. So I loaded freedos with afudos in a cf and flashed this way. All fine on boot I see the new string but red led doesn't come up.
I can enter the bios and chenge settings but this led doesn't turn on during boot.
What happens?Ps: I unmounted the lcd assembly and mounted on the unit A and red led works.
-
Hmm, are they the same model xtm5? There were two generation but they were almost identical as far as I know.
Can you you set the LED using WGXepc?Steve
-
@stephenw10 Just tryed, WGXepc64 changes the led. I tryed with green and red.
Any ideas why the bios don't turn on the led? -
I don't. It should, it uses the same set of register changes in the SuperIO chip that WGXepc does.
-
Consider the possibility that the BIOS was previously flashed with a custom image...
-
@t-rexky Before the flashing the bios was the stock one
-
My very new unit at the time (year old display model) did not turn on the red light either.
-
@chpalmer but with the modded bios it should.
Infact the other unit ("same" as this one) turns on the red led.
I can't find the differences between them. Adding that the led works with WXGepc package. -
@valepe69 said in Watchguard XTM 5 Series:
@chpalmer but with the modded bios it should.
Infact the other unit ("same" as this one) turns on the red ledYes. it did. :) Watchguard must have made changes at some point.. Ive had several stock units (which I put pfsense on for friends) come through and noted the earlier ones had the red LED whereas mine and a later unit did not.
I always change the firmware on them when I get them.
-
Hmm, that my bios or t-rexky's? Or am I misremembering?
There are a number of things required to enable the red arm led. I'm pretty sure I set all of them....
If you run WGXepc at the command line after rebooting does it show it's having to set the GPIO pins?
https://github.com/stephenw10/WGXepc/blob/master/WGXepc.c#L1398The BIOS has to set those up for the LED to work so boxes running a modded BIOS should never show those messages.
Steve
-
@stephenw10 I used your one. When I run WGXepc I don't remeber messages. Only the the led operation.
-
Hmm, well I would try rebooting it and running WGXepc from the CLI again. If you do see one or more of those it will show the BIOS is not setting up the SIO device as expected.
Steve
-
@stephenw10 turning on the led WGXepc64 shows these lines:
Found Firebox XTM5
Enabling GPIO2
Setting GPIO2 pins as outputTurning the led off It shows only:
Found Firebox XTM5 -
OK, so it only shows that the first time it is run. It only needs to setup the GPIO pin once.
It the BIOS was setting it up correctly it wouldn't have to so you would never see those messages. You could confirm that on the other box.
So we can say that, for some reason, the BIOS is not running the SIO table on that box.Unfortunately I have no idea why that might be.
Steve
-
Anyone upgraded to pfsense 2.5 yet? Any issues with compatibility for WGXepc64 or other mods mentioned in this thread?
-
Did it last night on mine.
No major problems, except for issues with Core temp and the IPV6 Gateway bug.
I have swapped the processor for a Xeon and coretemp gets the wrong values. I fixed this before but the Kernel is now based on version 12 instead of 11 so I have had to recompile the module.
For those of you that are using Xeons, new coretemp module is attached here.
Upload coretemp2.ko to /boot/modules/coretemp2.ko
Chmod 755 coretemp2.ko
In your /boot/loader.conf.local add the following:
coretemp2_load="YES"
Then reboot.
You should now have a correct temperature reading.
-
Yeah, works fine here. No significant issues seen so far, I've been running 2.5 snapshots on it for months.
Including the coretemp values with a Xeon:Name xtm5.stevew.lan System pfSense Netgate Device ID: e436ea6ef44065f7f646 BIOS Vendor: American Megatrends Inc. Version: 080015 Release Date: Wed Feb 3 2010 Version 2.5.0-RELEASE (amd64) built on Tue Feb 16 08:56:29 EST 2021 FreeBSD 12.2-STABLE The system is on the latest version. Version information updated at Sun Feb 21 14:34:55 GMT 2021 CPU Type Intel(R) Xeon(R) CPU L3110 @ 3.00GHz Current: 2000 MHz, Max: 3000 MHz 2 CPUs: 1 package(s) x 2 core(s) AES-NI CPU Crypto: No
I'm guessing you're using a Xeon with a pin-mod?
Steve
-
Yes it is a L5420 771 to 775 conversion.
Core temp thinks it is a core2duo. Both processors have the same ID.
-
Great, ill plan for an upgrade so. Im using the box as a UniFi controller also. If there is no compatibility issues there, ill upgrade. Thanks!
-
Ah, well running unifi on there is probably completely untested. However you have installed that would need to be updated for FreeBSD 12. Really it's much better not to do that anyway.
Steve
-
I know this thread / topic is quite but I am just now getting into "flashing" an XTM 525 that I have had for years and didn't know where to begin nor really had the time. To be completely transparent, I am above average in knowledge in IT networking etc, but am definitely not up there with some of you guys. I encountered an issue while flashing and have no idea what it could be. The box powers on and that's pretty much it. Fans run like hell, full speed, never come down. The lCD is backlit and that is all. I was following a tutorial, I have actually seen it referenced here. Here is the link.
https://alpha-labs.net/2017/08/pfsense-on-watchguard/
I removed the CF Card in order to boot from the SSD's as instructed but the fans and the lcd are all I get. No serial output, nothing.
Any insight would be greatly appreciated.
-
You should see some output on the console even if there is no boot drive installed.
It should also beep and the fans should slow down when it POSTS.
If you don't see any of that it's probably failing to POST which is usually a hardware issue. Have you added any hardware components?Steve
-
Thanks for the quick reply. Yes, I swapped the cpu for an Intel E5700, put in 2 new ram modules (2gb each, non ecc), and was going to boot from 2 ssd's that have pfsense installed by another pc. Tried to boot from the ssd's and that was the 1st occurrence of the issue. I put all of the original hardware back in as well to no avail. I also put the CF card in a reader and it appeared to have been corrupted.
-
Hmm, try resetting the CMOS. Just pull the battery if the jumper is not obvious.
I assume it did boot correctly before you swapped in the CPU and RAM?
The CF card still had the WG OS on it?
The E8400 is better CPU choice IMO. As long as your RAM will run at 1333. 3x the L2 cache of the Pentium E5700. Or it will run a Core2Quad if you need it.
Steve