Watchguard Firebox M400/M500

Humble_Servant

Thank you so much! That worked nicely.

zanthos

Hey there,

I created a new BIOS ROM file. Version 6.
I used the image provided by @Mookatroid. Thanks again for that.

Modifications so far:

• the latest Intel CPU microcodes
• NVMe driver (if anyone should ever want to use that )
• some carefully selected default settings
• unlocked everything

And as always, I had to mess around with the file size. It was 16m and I had to reduce it to 8m by replacing parts using UEFItool.

Warning: I flashed using SPI. Maybe it will work with software based BIOS updating, such as @stephenw10 has described some posts above.
Warning2: I have not yet tested it any further than 5 minutes runnning time...

Be sure to clear CMOS after updating! J4 pin 4-6 must be shortened.

Download here (m400_v6.7z)

Have fun!

kr81

If someone need this information, it works! Flashed the new bios with afudos. M400 is up and running. But where is the J4. Can you share a picture? I removed the cmos battary for 2 minutes.

Mookatroid

@zanthos said in Watchguard Firebox M400:

Hey there,

I created a new BIOS ROM file. Version 6.
I used the image provided by @Mookatroid. Thanks again for that.

Modifications so far:

• the latest Intel CPU microcodes
• NVMe driver (if anyone should ever want to use that )
• some carefully selected default settings
• unlocked everything

And as always, I had to mess around with the file size. It was 16m and I had to reduce it to 8m by replacing parts using UEFItool.

Warning: I flashed using SPI. Maybe it will work with software based BIOS updating, such as @stephenw10 has described some posts above.
Warning2: I have not yet tested it any further than 5 minutes runnning time...

Be sure to clear CMOS after updating! J4 pin 4-6 must be shortened.

Download here (m400_v6.7z)

Have fun!

Woohoo ! :)

Mookatroid

@kr81 said in Watchguard Firebox M400:

If someone need this information, it works! Flashed the new bios with afudos. M400 is up and running. But where is the J4. Can you share a picture? I removed the cmos battary for 2 minutes.

Woohoo x 2 !! LOL
:)

A Former User

@zanthos said in Watchguard Firebox M400:

Warning: I flashed using SPI. Maybe it will work with software based BIOS updating, such as @stephenw10 has described some posts above.
Warning2: I have not yet tested it any further than 5 minutes runnning time...

Everyone updated BIOS via Software?
Which parameter are neccessary?

zanthos

@jayphizzle
According to @stephenw10
(read his post here: console log of BIOS update)

afudos backup.rom /O
afudos m400.rom /B /P /N

The first line creates a backup of your existing rom.
The second one flashes the file "m400.rom"

iJay-XTM5

@iJay-XTM5 said in Watchguard Firebox M400:

@zanthos said in Watchguard Firebox M400:

@iJay-XTM5 said in Watchguard Firebox M400:

I'm going to be brave and see what it takes to update the microcode within the bios!

Maybe You Need to add microcode to the BIOS.
The original BIOS (Ver. WD0 10/08/2014) contains microcode for the following CPU ID's:

• 06C3 (Date: 2013/08/16)
• 06C2 (Date: 2012/10/17)
• 06C1 (Date: 2012/06/14)

If your XEON CPU has another ID it will probably not work. Then you need to add the missing microcode.

If you just want to update the existing microcode, google for "UBU" and "BIOS". Check the link in Win-Raid Forum. This tool is simple to use and let's you update the microcode easily.
I think you can also use it to add microcode, but I haven't done that.
Another method you find here: http://wp.xin.at/archives/4397

BTW: you could try to flash my BIOS with an updated Microcode for CPU ID 06C3 from 2018/04/02. See Watchguard Firebox M400

I was unsuccessful in getting the M400 to boot with the low power Xeon, with the original bios or patched with a microcode update using MMtools. The Celeron continues to boot happily while the Xeon still continues with the 4 beeps of death!
I found an alternate explanation for the beeps in the Aptio 4.x Status Codes document. The DXE beep codes list says 4 beeps means "Some of the Architectural Protocols are not available". I assume this means the board is unable to provide the low voltage levels required by the Xeon.

To add to the list of processors running on the M400, I would like to report success booting with an i5-4590t that I found on ebay over the break. The board is currently running a bios that Steve originally modified to lower the fan speed. I subsequently upgraded the CPU microcode during my previous attempts to get the low power Xeon to boot unsuccessfully.

Next, the plan is to flash zanthos' unlocked bios and install the low speed Noctua fans....

isnicolascageinjail

So there might be a simple step that I'm missing but I'm trying to flash the unlocked bios and when I use "cu -l /dev/cuaU1 -s 9600" from @stephenw10 console output log it says:

"/dev/cuaU1: No such file or directory
link down"

When I try the same command but "/dev/cuau1" just hangs when it says "connected" and nothing happens after that. I created the bootable USB with Rufas and I used the FreeDOS image Rufas already had. Am I skipping a step somewhere maybe?

edit: I'm trying this from within the PFSense Shell.

kldload ucom shows "kldload: can't load ucom: module already loaded or in kernel" and I added the ucom_load="YES" to the loader.conf.

The result of "usbconfig" is:

ugen1.1: <Intel EHCI root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen2.1: <Intel EHCI root HUB> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.1: <0x8086 XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA)
ugen1.2: <vendor 0x8087 product 0x8008> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen2.2: <vendor 0x8087 product 0x8000> at usbus2, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)
ugen0.2: <vendor 0x13fe USB DISK 3.0> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (300mA)

stephenw10

Slightly confused here; you are connecting to the m400 using a USB serial adapter in another pfSense box?

If you boot the m400 into FreeDOS you need to connect to it with some other device, typically a laptop connected to the serial console via an adapter of some kind.

Steve

isnicolascageinjail

@stephenw10

Hi Stephen,

So what I currently have is:

A m500 box running pfsense off a ssd
A usb to serial cable
And a laptop I’m using to connect to the m500 with that usb to serial cable

I’ve tried booting just FreeDOS off both the CF card and a USB but I get no output so I assume that it’s not booting correctly.

I’ve also tried to use ucom (like “tip ucom”) from within the PFSense shell but I get a “file or directory not found” message and cuaU* is not located in /dev/.

I’m unsure if maybe I just need a different cable or I’m not really sure.

stephenw10

Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.

You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.

You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.

Steve

zanthos

@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.

The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!

Good luck!

isnicolascageinjail

@stephenw10 said in Watchguard Firebox M400:

Mmmm, there is confusion here!
The only reason you would use tip or cu in pfSense is to connect via serial as a client to some other device.

You should be running those commands on your laptop if it's running Linux or FreeBSD. Or using something completely different like putty if it's running Windows.

You should see at least the output from the BIOS at the serial terminal when the m500 boots. If it's still booting pfSense you will see the complete boot log.
Try to boot the m500 into FreeDOS, you should end up at the command prompt.

Steve

@zanthos said in Watchguard Firebox M400:

@isnicolascageinjail
OK probably it is simple:
As I read you have used Rufus to create a FreeDOS stick/CF.
Now you want to boot it and see the Output using a Serial console at 9600 speed.

The unit itself (BIOS and POST) does output at 115200. That's why you don't see anything at all.
FreeDOS needs to switch the output from VGA to serial. Therefore you need to adjust settings.
If you download my file (see here) and extract it to your stick/CF and overwrite everything, the necessary settings are there…
Keep it connected at 9600!

Good luck!

Ok so I just tried to remake the CF card using the FreeDOS image Rufas already had. I then copied all the files that Zanthos posted and overwrote the files on the CF card. But when I'm booting still I get no output. I don't even see the output from the BIOs. I'm using putty at 9600 8N1 and I've tried all the flow control settings and still nothing. I'm not sure if I just need to use a different FreeDOS image maybe?

I appreciate the help so far guys, I've been trying to figure this out for a good few hours haha.

zanthos

@isnicolascageinjail
First check if you see the BIOS POST at 115200. It must!
If not, your cable might be at fault.
Or maybe you're useing the wrong COM port on your Laptop...

isnicolascageinjail

@zanthos So yeah, if I boot to pfsense and use 115200 I can see everything just fine, but when I switch to 9600 I get nothing. I am using COM1 so I think that should be fine. I just have the CF card with FreeDOS currently plugged into the device.

stephenw10

If you leave it at 115200 and boot from the FreeDOS CF card what's the last thimg you see? Does it appear to be booting from the card at all?

Styeve

isnicolascageinjail

I get a single character that looks like static and nothing after that. The longer I leave it on the louder the fans get also. I've also tried booting the same image with a USB and it'll start flashing for a second (the lights on the USB) and it'll eventually stop like it's not being read from anymore.

It'll also shutoff instantly whereas when I'm in pfsense I'll need to hold the off switch for a few seconds to give it time to turn off.

zanthos

@isnicolascageinjail
Maybe you need to set the CF partition Master Boot Record (MBR) to active.
It might not boot at all...
Use diskpart utility (Windows) for that.

isnicolascageinjail

@zanthos Ok so I used the FreeDOS image floating around in the other watchguard tutorials (FreeDOSBios2.img) and I only moved over the m400.rom, and afudos and that seems to be working. Now I just need to figure out why I can't access the BIOs.

edit: cool, looks like I got it. Thank you so much guys!