Watchguard Firebox M400/M500
-
@stephenw10 Awesome, thanks - I'll see if I can get my M400 to boot from it tonight. If not, looks like I'll be trying the SPI method - if I can find my SPI programmer!
-
@gilphilbert Woohoo! I'm up and running with v6. This was the only FreeDOS version that booted. I tried my own 64G CF card but it wouldn't boot from that - only the one that came with the unit.
Interestingly, FreeDOS couldn't open the serial port so I had to use a VGA cable. The message on boot was "unable to write to COM1", so I had to use a VGA cable.
I did have a moment of panic when the box rebooted then the VGA monitor stayed dark... I thought I'd bricked it until I realized the three beeps were FreeDOS booting. Attached a serial cable and relaxed again!
-
Ah nice. So you had to use the VGA header initially? I did that with the first M400 I had but I'm sure I didn't have to do that for others.
-
@stephenw10 Yep, I can't explain why, since pfSense can open the serial port and write to it, but FreeDOS wouldn't - it just complained about not being able to write to COM1 - meaning there was no serial output.
I wonder if a Watchguard firmware update has broken this along the way, although it's odd that Linux seems to be able to open ttyS0 while FreeDOS can't open COM1.
-
I started this a couple of days ago because I thought I might need it when I couldn't get FreeDOS to boot and I thought I'd share it as it doesn't need the VGA adapter to work.
I created a custom version of Tiny Core Linux that includes afulnx - the Linux version of afudos. The environment also includes Zanthos' v6 BIOS ROM ready to flash.
https://drive.proton.me/urls/F89NEJFPN8#3A6Fs0a7VBup
To use it, write the image to a CF card or USB key. Use BalenaEtcher or other cloning software (dd works just fine from Linux) to write the image directly to the device and boot the firewall from it. My unit defaults to booting the CF card, so I had to remove it to force the machine to boot from the USB key. Serial is enabled in the image (115200) and you'll be auto-logged in as the default user. There's a readme file (
~/readme
) with instructions as well as a short disclaimer (the usual, I'm not responsible for you breaking your stuff, etc.). The binary and v6 ROM are located in/opt/rom
and work the same way as afudos - the same commands to backup and flash. Since the binary loads kernel modules it needs to be run with sudo priviledges:cd /opt/rom sudo ./afulnx ~/backup.rom /O sudo ./afulnx m400.rom /B /P /N
Assuming all goes well:
sudo reboot
The usual beeps will occur and you'll likely need to clear the CMOS with J4.
Note
Make sure you store your backup in/home/tc
(~
) since other directories are not persistent and your backup will be lost when you reboot! -
That worked almost perfectly, thanks!
As you noted I could not make it boot either TinyCore or OpenWRT from anything but the CF card it came with. Which is odd I don't recall having that issue.
I also noted that after updating the BIOS it then failed boot TinyCore again from the CF. Not sure why.
Also that it does not boot USB by default after updating I had to choose it from the boot device menu.
-
@stephenw10 said in Watchguard Firebox M400/M500:
That worked almost perfectly, thanks!
As you noted I could not make it boot either TinyCore or OpenWRT from anything but the CF card it came with. Which is odd I don't recall having that issue.
I also noted that after updating the BIOS it then failed boot TinyCore again from the CF. Not sure why.
Also that it does not boot USB by default after updating I had to choose it from the boot device menu.
Now that's interesting, my machine boots TC just fine after the upgrade (I did have to clear the CMOS though). I gave up entirely trying to boot FreeDOS - it's just too picky on these machines.
Building that image was far more complicated than I expected, so I'm glad someone other than just me made use of it!
-
I'm not sure if this is normal, but I'm not getting any CPU temps from the box:
# sysctl -a | grep temperature hw.acpi.thermal.tz1.temperature: 29.9C hw.acpi.thermal.tz0.temperature: 27.9C # sysctl -a | grep "dev.cpu.*.temperature" #
Does anyone else see CPU temps? I installed an i3 and wanted to see what temp it was running at.
-
That with the default fan speed? Those temps are pretty good (low), what sort of i3 is that?
I probably need to go and blow the dust out of mine!
Oh wait you need to enable the coretemp module in Sys > Adv > Misc then check:
sysctl dev.cpu.0.temperature dev.cpu.1.temperature dev.cpu.0.temperature: 46.0C dev.cpu.1.temperature: 44.0C
That's with the default G1820, without speedstep enabled and the fans set to 0x20.
[24.03-RC][root@m500.stevew.lan]/root: sysctl dev.cpu.0.temperature dev.cpu.1.temperature dev.cpu.0.temperature: 34.0C dev.cpu.1.temperature: 30.0C
The G3420 with speedstep enabled and fans at 0x1b
-
@stephenw10 Ah, that did it (coretemp module):
# sysctl -a | grep "dev.cpu.*.temperature" dev.cpu.3.temperature: 51.0C dev.cpu.1.temperature: 49.0C dev.cpu.2.temperature: 52.0C dev.cpu.0.temperature: 50.0C
It's a Core i3 4130 with SpeedStep enabled.
I replaced the fans with Noctua ones (including the power supply) so I'm expecting the temps to be higher even with SpeedStep enabled.
-
Did you try just running the fans at a slower speed before replacing them?
-
@stephenw10 No, because my plan was to put this in my office... but that plan has now changed and it's going in a different room. Chances are I'll actually re-install the original fans for better cooling. When I do, I'll let you know what temps I get
-
@gilphilbert I appreciate your effort.
I have an M500 and I have tried to boot Firebox with the provided image and I do not have serial console access. The cable is good ( I have connection with the original firmware), so the question is if the image should work with M500. As I have seen in the specs, the motherboard is the same. In addition it is not clear for me if I need to reset the BIOS before to use the image or after.
I appreciate any feedback in this matter.Many thanks.
-
I used it on an M500. It's identical to the M400 other than the CPU and RAM which shouldn't make any difference for this.
Did you use the original CF card?
-
@stephenw10
No, I have another CF and I have tried with USB stick as well. I have successfully boot Arc loader and ubuntu core.
Many thanks for your feedback. I will keep working on it. -
It won't boot USB with the original BIOS but if you've got a CF that will boot at all that should work.
-
@stephenw10 said in Watchguard Firebox M400/M500:
iI won't boot USB with the original BIOS but if you've got a CF that will boot at all that should work.
I can boot with the original bios using USB stick As I have mentioned, I did this couple of times.
The condition is to remove the CF. -
Hmm, curious. I never managed to make that work before flashing the BIOS.
-
I manage to install Synology DMS 7.2 using an arc-24.6.2.img, then installed an SSD.
The boot is still on the USB stick.I just ordered i5-4590T CPU as replacement for the original one and 8 GB CF to not brake the original CF.
I will keep you posted. -
This M500 may have an unlocked bios, otherwise, it would not boot from USB IIRC. I had to unlock the bios through the serial console using the password others have posted in this forum. I was able to enable USB booting after unlocking the bios and successfully booted from a USB flash drive that had the USB memstick installer (Serial Console). I chose to install pfsense on the internal CF card as I did not want to open the box. The box boots off the CF now without a fuss.
I upgraded the CPU to an i5-4590T and installed low noise fans on my M400 previously, but it hangs on reboot every single time, so I left the M500 's original configuration as is.