Watchguard Firebox M400/M500
-
@Mookatroid said in Watchguard Firebox M400:
Update time ! :)
Xeon E3-1265L v3 arrived.
Installed it and posted without issue.
Dropped a 128GB SATA SSD onto SATA4 interface and tucked it into the front left corner.
Pushed USB installer image to CF card.
Powered up and booted from CF.
Installed to SSD without issue.
Reboot and running pfSense 2.4.4 from SSD without issue
:)PS ... fan control set manually to 67
Final deployment update :)
My M400 build and bench testing finally wrapped up and I went live with a brand new 120/20 cable ISP with it.
The ISP drop is a single gigabit line to the M400 WAN interface, but I setup a 2xgigabit LACP LAGG between the M400 and my primary switch for PrivateLAN traffic and a 2xgigabit LACP LAGG (with assigned VLAN tagging) for my GuestLAN (both wired and wireless clients).
All is ripping along at a beautiful pace !!
:) -
@eisenb11 Where you ever able to get the LED lights to Arm/ Disarm? If so what steps did you use to achieve this function? I have a WatchGuard m400 with pfSense installed to a 16GB CF Card and the LAN & Wan's are working however I can not get the LEDs to work as with the XTM 5 Series.
-
See the post below his question.
https://forum.netgate.com/post/803206
Steve
-
@stephenw10 This does not appear to work either.
-
Because you are running an ancient version :
[2.5.0-DEVELOPMENT][admin@m400-2.stevew.lan]/root: ./WGXepc64 Found Firebox M400/500 WGXepc Version 1.4 13/8/2019 stephenw10 WGXepc can accept two arguments: -f (CPU fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -f2 (System fan) will return the current and minimum fan speed or if followed by a number in hex, 00-FF, will set it. -l (led) will set the arm/disarm led state to the second argument: red, green, red_flash, green_flash, red_flash_fast, green_flash_fast, off -b (backlight) will set the lcd backlight to the second argument: on or off. Do not use with LCD driver. -t (temperature) shows the current CPU temperature reported by the SuperIO chip. X-e box only. Not all functions are supported by all models
Steve
-
Well that explains why it is not working do you have the link to the updated version?
-
The link from that post should always point to the most recent version.
WGXepc64 binarySteve
-
Thank you so much! That worked nicely.
-
Hey there,
I created a new BIOS ROM file. Version 6.
I used the image provided by @Mookatroid. Thanks again for that.Modifications so far:
- the latest Intel CPU microcodes
- NVMe driver (if anyone should ever want to use that )
- some carefully selected default settings
- unlocked everything
And as always, I had to mess around with the file size. It was 16m and I had to reduce it to 8m by replacing parts using UEFItool.
Warning: I flashed using SPI. Maybe it will work with software based BIOS updating, such as @stephenw10 has described some posts above.
Warning2: I have not yet tested it any further than 5 minutes runnning time...Be sure to clear CMOS after updating! J4 pin 4-6 must be shortened.
Download here (m400_v6.7z)
Have fun!
-
If someone need this information, it works! Flashed the new bios with afudos. M400 is up and running. But where is the J4. Can you share a picture? I removed the cmos battary for 2 minutes.
-
@zanthos said in Watchguard Firebox M400:
Hey there,
I created a new BIOS ROM file. Version 6.
I used the image provided by @Mookatroid. Thanks again for that.Modifications so far:
- the latest Intel CPU microcodes
- NVMe driver (if anyone should ever want to use that )
- some carefully selected default settings
- unlocked everything
And as always, I had to mess around with the file size. It was 16m and I had to reduce it to 8m by replacing parts using UEFItool.
Warning: I flashed using SPI. Maybe it will work with software based BIOS updating, such as @stephenw10 has described some posts above.
Warning2: I have not yet tested it any further than 5 minutes runnning time...Be sure to clear CMOS after updating! J4 pin 4-6 must be shortened.
Download here (m400_v6.7z)
Have fun!
Woohoo ! :)
-
@kr81 said in Watchguard Firebox M400:
If someone need this information, it works! Flashed the new bios with afudos. M400 is up and running. But where is the J4. Can you share a picture? I removed the cmos battary for 2 minutes.
Woohoo x 2 !! LOL
:) -
@zanthos said in Watchguard Firebox M400:
Warning: I flashed using SPI. Maybe it will work with software based BIOS updating, such as @stephenw10 has described some posts above.
Warning2: I have not yet tested it any further than 5 minutes runnning time...Everyone updated BIOS via Software?
Which parameter are neccessary? -
@jayphizzle
According to @stephenw10
(read his post here: console log of BIOS update)afudos backup.rom /O afudos m400.rom /B /P /N
The first line creates a backup of your existing rom.
The second one flashes the file "m400.rom" -
@iJay-XTM5 said in Watchguard Firebox M400:
@zanthos said in Watchguard Firebox M400:
@iJay-XTM5 said in Watchguard Firebox M400:
I'm going to be brave and see what it takes to update the microcode within the bios!
Maybe You Need to add microcode to the BIOS.
The original BIOS (Ver. WD0 10/08/2014) contains microcode for the following CPU ID's:- 06C3 (Date: 2013/08/16)
- 06C2 (Date: 2012/10/17)
- 06C1 (Date: 2012/06/14)
If your XEON CPU has another ID it will probably not work. Then you need to add the missing microcode.
If you just want to update the existing microcode, google for "UBU" and "BIOS". Check the link in Win-Raid Forum. This tool is simple to use and let's you update the microcode easily.
I think you can also use it to add microcode, but I haven't done that.
Another method you find here: http://wp.xin.at/archives/4397BTW: you could try to flash my BIOS with an updated Microcode for CPU ID 06C3 from 2018/04/02. See Watchguard Firebox M400
I was unsuccessful in getting the M400 to boot with the low power Xeon, with the original bios or patched with a microcode update using MMtools. The Celeron continues to boot happily while the Xeon still continues with the 4 beeps of death!
I found an alternate explanation for the beeps in the Aptio 4.x Status Codes document. The DXE beep codes list says 4 beeps means "Some of the Architectural Protocols are not available". I assume this means the board is unable to provide the low voltage levels required by the Xeon.To add to the list of processors running on the M400, I would like to report success booting with an i5-4590t that I found on ebay over the break. The board is currently running a bios that Steve originally modified to lower the fan speed. I subsequently upgraded the CPU microcode during my previous attempts to get the low power Xeon to boot unsuccessfully.
Next, the plan is to flash zanthos' unlocked bios and install the low speed Noctua fans....
-
So there might be a simple step that I'm missing but I'm trying to flash the unlocked bios and when I use "cu -l /dev/cuaU1 -s 9600" from @stephenw10 console output log it says:
"/dev/cuaU1: No such file or directory
link down"When I try the same command but "/dev/cuau1" just hangs when it says "connected" and nothing happens after that. I created the bootable USB with Rufas and I used the FreeDOS image Rufas already had. Am I skipping a step somewhere maybe?
edit: I'm trying this from within the PFSense Shell.
kldload ucom shows "kldload: can't load ucom: module already loaded or in kernel" and I added the ucom_load="YES" to the loader.conf.
The result of "usbconfig" is:
ugen1.1: <Intel EHCI root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen2.1: <Intel EHCI root HUB> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen0.1: <0x8086 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA) ugen1.2: <vendor 0x8087 product 0x8008> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen2.2: <vendor 0x8087 product 0x8000> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA) ugen0.2: <vendor 0x13fe USB DISK 3.0> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (300mA)
-
Slightly confused here; you are connecting to the m400 using a USB serial adapter in another pfSense box?
If you boot the m400 into FreeDOS you need to connect to it with some other device, typically a laptop connected to the serial console via an adapter of some kind.
Steve
-
Hi Stephen,
So what I currently have is:
A m500 box running pfsense off a ssd
A usb to serial cable
And a laptop I’m using to connect to the m500 with that usb to serial cableI’ve tried booting just FreeDOS off both the CF card and a USB but I get no output so I assume that it’s not booting correctly.
I’ve also tried to use ucom (like “tip ucom”) from within the PFSense shell but I get a “file or directory not found” message and cuaU* is not located in /dev/.
I’m unsure if maybe I just need a different cable or I’m not really sure.
-
Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.
You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.Steve
-
@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!Good luck!