Watchguard Firebox M400/M500
-
The BIOS is password protected and I have not managed to remove it. Console redirect is not enabled by default either. But even after enabling it or hooking up VGA you can't enter setup.
What size SSD is it? Something unusual? Can you try a different drive?
You can full install to CF, which is what I did. Just be sure to remove the SWAP slice at install time and then move /var and /tmp to RAM drives after booting.
Can you install to the SSD in the laptop and then move it back?
Steve
-
My M400 install was rather uneventful. I had a working SSD installation in an XTM525, which I tried transplanting into the M400 but wouldn't boot. Upon Steve's suggestion, I booted from a CF card in the M400 and installed to the 120 GB SSD. Next I removed the SSD and the box booted up just fine off the SSD.
I hooked up the VGA port to diagnose the original issue of not being able to boot off the SSD, no matter which port I used. BTW, the box only has SATA 2,3 and 4 connectors. SATA 1 connector is not populated atleast in my box. The VGA output is very useful in tinkering with the box.
I downloaded a copy of the user manual for Lanner's FW-7585 as the M400 appears to be a derivative with some items missing; connection to the VGA port is relatively straightforward once you have the manual, I ended up using jumper cables I had lying around.
I'm no expert but it looks like you may have a SATA controller issue if none of your SATA ports is able to boot. I would suggest verifying the SSD (looks like you already did), booting the box via CF - I used pfSense-CE-memstick-serial-2.4.3-RELEASE-amd64, and installing to the SSD. I had the SSD connected to SATA 4 for the install as it was the nearest port to the SSD but I did check and the box boots fine with the other ports as well.
If you're still not able to complete the install successfully, I would suggest booting with an image of freeDOS and running hardware tests to ensure your SATA controller is working.
I'm afraid I don't know of any but perhaps Steve might be able to point you in the right direction.
I hope to install an i3 at some point in my box as well for AES-NI so it's good to know a 4370T works.
Hope this helps -
SSD is OCZ arc100-120gb and pfsense installs fine and works fine if I use my notebook.
When moving back to Firebox, doesn't boot.So it seems I can't boot from sata at all, even with CF removed.
I ordered an old vga card, the older low profile ones have the same pinout for the vga connector as this board. So I ordered it for the cable with vga port, was cheaper than ordering jumpercables and vga port seperately ;).
Freedos needs vga port if I am correct, so I can do that next week. Vga card arrives saturday or monday.
Maybe the m500 has more restrictions in bios? How can I dump the bios to a rom and open it?
Or maybe the bios is set to legacy mode for sata instead of the other one(can't come up with the name now)?ADDED: Did you try to reset CMOS? Does that remove password?
ADDED2: I noticed someone here had the same problem: https://forum.pfsense.org/index.php?topic=61799.0. He got it installed by disabling some features for the cpu. As you guys have the original CPU and I have got 2cores/4threads(and a bunch of extra features), maybe it's because the cpu has too many features. Still doesn't explain why a working installation won't boot… I will try to access bios when I have got the vga cable ;)
-
ADDED: Did you try to reset CMOS? Does that remove password?
Yes. No.
It's custom coded into the BIOS code somewhere which makes it difficult to impossible to remove.
The CPU option theory is interesting though I think most of that is disabled in the BIOS default settings anyway, speedstep, hyperthreading etc. Also it still boots the Nano image.
When you installed to the SSD in the laptop I assume you used the VGA installer? Did you enable the serial port? Did you complete the install using the laptop NIC as an interface? If it wasn't an igb NIC the SSD might be booting fine but stopping at the interfaces assign screen due to the mismatch and you dont see it because it's on the VGA console.
Steve
-
I installed with vga, and also it uses the laptop NIC. So you are right it isn't the igb0/igb1 I use on firebox for wan/lan.
Where can I enable serial port after vga-installation? And how can I configure it so it uses the igb0 and igb1 for wan/lan?
ADDED: found the serial setting. fresh install on the ssd, works fine in notebook. Put it in the firebox, no output on serial port. So looks like it just won't boot sata. I think when I have the vga port I can use windows live cd, create bios rom and try to tinker with that. Or maybe the vga output shows a message which describes how to fix it ;)
ADDED2: Is it possible to install an ami bios from ami itself? So without passwords and such? Or maybea bios from the FW-7585 mainboard?
ADDED3: Got it to boot. Sata2: nothing. Sata4: error with privileges or something. Sata3: boots. Strange, any explanations?
-
Good deal, looks like you're finally on your way!
If you need to access the VGA, all you need are some $3 arduino jumper cables from ebay. Here's what my crappy setup looks like - not very elegant, but works! I was able to boot freedos and tinker a bit….
-
Yeah, I think my bios is setup for different devices on the sata ports. In the manual I saw that you need to select which kind of device is connected to which sata port. So it seems Sata4 is for HDD in a Firebox m500.
The complete videocard with the right vga port+cable was 8dollars including shipping. I will send a picture when I have it up and running ;)
-
Hopefully the BIOS is setup to switch automatically to an external VGA when one is detected. The problem with the locked BIOS is you can't change any setting.
I was naive and actually called WatchGuard support expecting to get an unlocked version of the BIOS or the password to unlock it! :) -
I'd be surprised if it cannot boot a legacy install though it might be locked out of doing so in the BIOS. You'd have to inspect the BIOS image to know for sure.
What options did you chose in the install process?
My own VGA hookup was even more basic. I connected only the green signal line and used some random header cables from an old PC. ;)
Steve
-
Well, it seems only uefi will boot, nothing else.
And for my vga cable, forgot a few holidays here, so that will arrive tuesday. I am not using the vga card, only the vga cable that comes with it. It's a low profile card and those had the blue vga port above the rest(full profile), but in low profile you needed an extra steel plate next to the card and there you would mount the blue vga port. That's why on those cards the vga port is connected via a ribbon with 12pin(1NC) connector. Ordering header/arduino cables was an option, but it was cheaper to buy an entire graphics card which has the correct vga port with ribbon ;)
-
That's interesting. Yet legacy images boot fine from CF?
I don't see anything in the default BIOS settings that I can see in the image that might do that. However some stuff is not visible there.
Can we see a comparative output from the console command 'geom part list'?
For example from a Minnowboard Turbot which only boots UEFI:
[2.4.4-DEVELOPMENT][admin@4220.stevew.lan]/root: geom part list Geom name: ada0 modified: false state: OK fwheads: 16 fwsectors: 63 last: 62533255 first: 40 entries: 152 scheme: GPT Providers: 1\. Name: ada0p1 Mediasize: 209715200 (200M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 20480 Mode: r0w0e0 efimedia: HD(1,GPT,3da27220-1e32-11e8-8da9-0008a20bc486,0x28,0x64000) rawuuid: 3da27220-1e32-11e8-8da9-0008a20bc486 rawtype: c12a7328-f81f-11d2-ba4b-00a0c93ec93b label: (null) length: 209715200 offset: 20480 type: efi index: 1 end: 409639 start: 40 2\. Name: ada0p2 Mediasize: 29855055872 (28G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 209735680 Mode: r1w1e2 efimedia: HD(2,GPT,3da318d6-1e32-11e8-8da9-0008a20bc486,0x64028,0x379c000) rawuuid: 3da318d6-1e32-11e8-8da9-0008a20bc486 rawtype: 516e7cb6-6ecf-11d6-8ff8-00022d09712b label: (null) length: 29855055872 offset: 209735680 type: freebsd-ufs index: 2 end: 58720295 start: 409640 3\. Name: ada0p3 Mediasize: 1601175552 (1.5G) Sectorsize: 512 Stripesize: 0 Stripeoffset: 20480 Mode: r1w1e1 efimedia: HD(3,GPT,3da43efe-1e32-11e8-8da9-0008a20bc486,0x3800028,0x2fb800) rawuuid: 3da43efe-1e32-11e8-8da9-0008a20bc486 rawtype: 516e7cb5-6ecf-11d6-8ff8-00022d09712b label: (null) length: 1601175552 offset: 30064791552 type: freebsd-swap index: 3 end: 61847591 start: 58720296 Consumers: 1\. Name: ada0 Mediasize: 32017047552 (30G) Sectorsize: 512 Mode: r2w2e5
Any 2.4.X should be able to create that. You do have to choose efi rather than freebsd-boot though.
Steve
-
I will install a CF image(nanobsd) and will try the command. Or is there a faster way to use the command? Now I have install image on my CF and unfortunately only have 1 CF.
I don't think the images are legacy images, my image has got an efi-partition and is a GPT not MDR. -
The installer image has both efi and freebsd-boot partitions so it should boot either.
In the MBT which only boots efi the installer only adds en efi image. I'm pretty sure I didn't do anything special there. I suspect it adds the partion type depending on how the installer booted. Trying to confirm that.
So if you installed to a HD in an efi laptop it will probably work.
Steve
-
Ok, geom part list command executed on pfsense 2.1(grabbed a 1gb card from my dad). Seems MBR, but it could be that sata needs efi(as each sata port needs to be configured and can only accept what was configured by firebox). I don't have the vga cable yet, so I can't run anything to grab the bios image.
# geom part list Geom name: ad4 modified: false state: OK fwheads: 16 fwsectors: 63 last: 1969631 first: 63 entries: 4 scheme: MBR Providers: 1\. Name: ad4s1 Mediasize: 472195584 (450M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 32256 Mode: r1w0e2 attrib: active rawtype: 165 length: 472195584 offset: 32256 type: freebsd index: 1 end: 922319 start: 63 2\. Name: ad4s2 Mediasize: 472195584 (450M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 472260096 Mode: r0w0e0 rawtype: 165 length: 472195584 offset: 472260096 type: freebsd index: 2 end: 1844639 start: 922383 3\. Name: ad4s3 Mediasize: 52641792 (50M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 944455680 Mode: r1w0e2 rawtype: 165 length: 52641792 offset: 944455680 type: freebsd index: 3 end: 1947455 start: 1844640 Consumers: 1\. Name: ad4 Mediasize: 1008451584 (961M) Sectorsize: 512 Mode: r2w0e4 Geom name: ad4s1 modified: false state: OK fwheads: 16 fwsectors: 63 last: 922256 first: 0 entries: 8 scheme: BSD Providers: 1\. Name: ad4s1a Mediasize: 472187392 (450M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 40448 Mode: r1w0e2 rawtype: 0 length: 472187392 offset: 8192 type: !0 index: 1 end: 922256 start: 16 Consumers: 1\. Name: ad4s1 Mediasize: 472195584 (450M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 32256 Mode: r1w0e2 Geom name: ad4s2 modified: false state: OK fwheads: 16 fwsectors: 63 last: 922256 first: 0 entries: 8 scheme: BSD Providers: 1\. Name: ad4s2a Mediasize: 472187392 (450M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 472268288 Mode: r0w0e0 rawtype: 0 length: 472187392 offset: 8192 type: !0 index: 1 end: 922256 start: 16 Consumers: 1\. Name: ad4s2 Mediasize: 472195584 (450M) Sectorsize: 512 Stripesize: 0 Stripeoffset: 472260096 Mode: r0w0e0
ADDED: I don't have any other device that uses uefi boot. laptops and computers all don't use uefi.
-
Tested MBR image in CF->works.
Image installed to ssd->doesn't work.So it seems my router requires UEFI on sata. The router has a locked bios, so can't change anything there.
The pfsense 2.4.3 image has uefi, but when it installs it formats the ssd GPT and doesn't add an efi-partition with data to the ssd. So I think I just need an option to let pfsense install an efi-partition and data on the ssd. -
You can just add an efi partition using the manual install method. I've never tried that and don't have any easy way to test it but it should work.
You can probably remove the freebsd-boot slice too. Though it should work with both in place.
Steve
-
With manual installation I can add an efi-partition. But pfsense doesn't install anything in it, so it's just an empty partition. Maybe I need to use another command to install something in the efi-partition?
-
Ok try installing using the 'Auto (ZFS)' option. Then you can set the Partition Scheme to GPT(UEFI) or GPT (BIOS+UEFI). Both of which should boot.
[2.4.3-RELEASE][admin@pfSense.localdomain]/root: gpart show => 40 8388528 ada0 GPT (4.0G) 40 409600 1 efi (200M) 409640 1024 2 freebsd-boot (512K) 410664 984 - free - (492K) 411648 7974912 3 freebsd-zfs (3.8G) 8386560 2008 - free - (1.0M)
Steve
-
That worked! I selected GPT(UEFI) and it installed and booted without a problem.
-
Nice! :D
That's weird. Learned something there though.
Steve