Watchguard Firebox M400



  • @zanthos

    Could you upload the modified bios along with a detailed step by step instruction on how to flash it over?



  • Hi there

    Just managed to unlock (hopefully) everything in this BIOS.
    Speedstep is now working 👏

    Unfortunately I cannot upload it here. File size limit ☠
    Also split files (7z and rar) don't work...

    Maybe @stephenw10 you can alter this setting?


  • Netgate Administrator

    It's better to host it somewhere separately and just link to it IMO. That's what I have always done for BIOS images.
    I can put it with the other images on my Google site if you PM me.

    Do you believe it's flashable directly? You seemed to imply you had done a number of things there.

    Steve



  • DISCLAIMER: I don't take any responsibility if you flash using my files. I won't provide help if you brick your device.
    (Unbricking is possible using SPI, see below)

    Here's the BIOS:
    https://1drv.ms/f/s!AgeHb7hLRzQ-iAw82hEAiVojSDWJ
    @stephenw10 you may copy those files to your webhost. I cannot provide those files forever.

    Currently it's my Version 5.
    There may be things to be enhanced. There may be bugs. Be warned! 👆

    How to flash:
    a) SPI:
    Use your favorite SPI programmer connected to the mainboard.
    I used this one:
    https://www.ebay.de/itm/CH341A-Series-Chip-SPI-Flash-USB-Programmer-24-EEPROM-BIOS-Writer-25-Neu/273040494657?hash=item3f927b5041:g:U8oAAOSw3wVaaagG:rk:1:pf:0
    You will need a programming software. I used "AsProgrammer":
    https://github.com/nofeletru/UsbAsp-flash/releases/
    0_1547475755662_spi-flashing.jpg

    b) Software flashing:
    Download Rufus here: https://rufus.ie/
    Create a bootable FreeDOS Stick or CF Card. FreeDOS is embedded in Rufus. So no need to download.
    Maybe your original M400 will not boot from USB. Then create CompactFlash card.
    Download "freedos_ext_v5.7z" above and extract it to your just created FreeDOS drive. Overwrite all files!!
    Maybe you will need to alter "autoexec.bat" to match your keyboard layout. Current setting is German ("keyb gr"). To have US keyboard layout, you will need "keyb us".
    Connect via Serial to your M400. Use a CISCO style cable. Use 9600 8 N 1. I tried higher speeds, didn't work.
    I can't help using AFUEFI.exe or AFUDOS.EXE. There are lots of parameters… Maybe someone here knows all the tricks or find help with your favorite Internet search engine.

    Good luck and please report back!


  • Netgate Administrator

    Just to be clear there is real risk doing this. Not until you've felt the regret of your shiny box failing to POST because you updated a firmware to get something you didn't really need in the first place will you understand that! Ask me how I know. 😉

    If you have an SPI reader then you can be reasonably confident of being able to recover it eventually if anything does go wrong. But if you don't...

    Steve



  • Do we know what the max ram is on this board?


  • Netgate Administrator

    The standard Lanner board claims 8GB.

    Steve



  • @stephenw10

    Do we know if it’s ECC registered or unbuffered?


  • Netgate Administrator

    Unbuffered ECC or non-ECC. Again that's just from the fw-7585 manual, I haven't actually tried anything else myself.
    The RAM supplied is Unbuffered ECC which means I don't have anything spare lying around to add to it. Not that I need to as 4GB is plenty for most applications, and I only use it for testing.

    Steve



  • @scorch95
    Registered ECC does not work. At least this one I tried: Samsung 8GB 2Rx4 PC3 10600R (M393B1K70CH0)
    0_1547710878565_memory_ecc_test.jpg

    .

    The supplied memory seems to be ECC unbuffered: Transcend 4G 1Rx8 DDR3 1600 ECC (679323-0288)
    0_1547711022069_memory_ecc_supplied.jpg



  • Is there any way to figure out why the system hangs on reboot whereas with the XTM5 it didn't have any problems? I went ahead and did a reinstall on the SSD and it still has the issue. I'm assuming that it has something to do with no longer running from the CF card.

    EDIT: By this I mean is there any kind of logs I can pull that I could post here that might be useful in determining the cause and hopefully help find a solution to the issue?


  • Netgate Administrator

    I doubt it. There wouldn't be anything logging at that point.

    I would hook up a console and see if it shows any sort of error there.

    I just hangs still powered up rather than rebooting or halting? And a CLI reboot does the same?

    Steve



  • It will halt just fine. I will get it set back up and log in over serial and try and get a screen shot of where it sits anytime it tries to reboot whether it is due to updates or user initiated.



  • @zanthos

    The supplied memory’s sticker shows a serial number which confusingly looks like a part number. The actual Transcend part number is: TS512MLK72V6H

    I managed to get one of these from a small company in TX - took them 6 weeks to order it.



  • @stephenw10

    Here is what I get when doing a reboot from serial:

    pfSense will reboot. This may take a few minutes, depending on your hardware.
    Do you want to proceed?

    Y/y: Reboot normally
    S: Reboot into Single User Mode (requires console access!)
    F: Reboot and run a filesystem check
    

    Enter an option: y

    pfSense is rebooting now.
    Terminated
    Waiting (max 60 seconds) for system process vnlru' to stop... done Waiting (max 60 seconds) for system processbufdaemon' to stop... done
    Waiting (max 60 seconds) for system process `syncer' to stop...
    Syncing disks, vnodes remaining... 0 0 0 done
    All buffers synced.
    Uptime: 4m39s
    uhub3: detached
    uhub4: detached

    and it stays there. Now if I do a system halt it goes through a few different items but in the end it still goes through the above and the only thing after uhub4: detached is "acpi0: powering off system". So I'm not sure if its hanging on uhub4 or if its missing something after that.


  • Netgate Administrator

    Hmm, I don't see that here. I am running a modified BIOS but I don't recall setting anything that might have changed that.

    Enter an option: 5
    
    
    pfSense will reboot. This may take a few minutes, depending on your hardware.
    Do you want to proceed?
    
        Y/y: Reboot normally
        R/r: Reroot (Stop processes, remount disks, re-run startup sequence)
        S: Reboot into Single User Mode (requires console access!)
        F: Reboot and run a filesystem check
    
    Enter an option: y
    
    pfSense is rebooting now.
     Stopping package Shellcmd...done.
     Stopping package System Patches...done.
     Stopping package Service Watchdog...done.
     Stopping package bind...done.
     Stopping /usr/local/etc/rc.d/named.sh...done.
    Jan 20 13:14:08 ipsec_starter[16515]: charon stopped after 400 ms
    Jan 20 13:14:08 ipsec_starter[16515]: ipsec starter stopped
    Waiting (max 60 seconds) for system process `vnlru' to stop... done
    Waiting (max 60 seconds) for system process `bufdaemon' to stop... done
    Waiting (max 60 seconds) for system process `syncer' to stop... 
    Syncing disks, vnodes remaining... 2 0 0 0 done
    All buffers synced.
    Uptime: 12m40s
    uslcom0: detached
    uhub3: detached
    uhub4: detached
     
    
    
    Version 2.15.1236. Copyright (C) 2012 American Megatrends, Inc.                 
    MB-WG7585W Ver.WD0_MOD2_SW 20/02/2018                                           
    Press <DEL> or <ESC> to enter setup.                                            
    Tab key on remote keyboard to enter setup menu, and key 'o' for popup menu.     
    

    Steve



  • So your screen stays like that until it reboots? The only thing I had to do different was force uefi during install compared to the xtm5 which was all auto settings.


  • Netgate Administrator

    Mmm, hard to believe that would be any different at reboot rather than boot but....

    I am running a full install from CF and hence not booting uefi:

    [2.4.4-RELEASE][admin@m400.stevew.lan]/root: sysctl machdep.bootmethod
    machdep.bootmethod: BIOS
    

    Steve



  • We have a M440 up and running with pfsense but only the first (eth0) and the 2 fiberoptic connections are working. Does someone has any idea how to get the eth1-eth24 working? I studied the WG software and they have some fancy scripts and modules for it to bring up al the eth ports


  • Netgate Administrator

    There's a separate thread for it: https://forum.netgate.com/topic/136614/watchguard-firebox-m440/

    But the short answer is no.

    The igb driver does not attach to the other 3 ports because the PHY used is not recognised.

    The switch IC is connected to the CPU only via an unknown PCI device. It looks to have a serial console for some kind (the switch) but we never saw any output from it. It looked like there might be a resistor missing.

    Please post in the other thread if you wish to discuss further.

    Steve