Watchguard Firebox M400



  • Is there any way to figure out why the system hangs on reboot whereas with the XTM5 it didn't have any problems? I went ahead and did a reinstall on the SSD and it still has the issue. I'm assuming that it has something to do with no longer running from the CF card.

    EDIT: By this I mean is there any kind of logs I can pull that I could post here that might be useful in determining the cause and hopefully help find a solution to the issue?


  • Netgate Administrator

    I doubt it. There wouldn't be anything logging at that point.

    I would hook up a console and see if it shows any sort of error there.

    I just hangs still powered up rather than rebooting or halting? And a CLI reboot does the same?

    Steve



  • It will halt just fine. I will get it set back up and log in over serial and try and get a screen shot of where it sits anytime it tries to reboot whether it is due to updates or user initiated.



  • @zanthos

    The supplied memory’s sticker shows a serial number which confusingly looks like a part number. The actual Transcend part number is: TS512MLK72V6H

    I managed to get one of these from a small company in TX - took them 6 weeks to order it.



  • @stephenw10

    Here is what I get when doing a reboot from serial:

    pfSense will reboot. This may take a few minutes, depending on your hardware.
    Do you want to proceed?

    Y/y: Reboot normally
    S: Reboot into Single User Mode (requires console access!)
    F: Reboot and run a filesystem check
    

    Enter an option: y

    pfSense is rebooting now.
    Terminated
    Waiting (max 60 seconds) for system process vnlru' to stop... done Waiting (max 60 seconds) for system processbufdaemon' to stop... done
    Waiting (max 60 seconds) for system process `syncer' to stop...
    Syncing disks, vnodes remaining... 0 0 0 done
    All buffers synced.
    Uptime: 4m39s
    uhub3: detached
    uhub4: detached

    and it stays there. Now if I do a system halt it goes through a few different items but in the end it still goes through the above and the only thing after uhub4: detached is "acpi0: powering off system". So I'm not sure if its hanging on uhub4 or if its missing something after that.


  • Netgate Administrator

    Hmm, I don't see that here. I am running a modified BIOS but I don't recall setting anything that might have changed that.

    Enter an option: 5
    
    
    pfSense will reboot. This may take a few minutes, depending on your hardware.
    Do you want to proceed?
    
        Y/y: Reboot normally
        R/r: Reroot (Stop processes, remount disks, re-run startup sequence)
        S: Reboot into Single User Mode (requires console access!)
        F: Reboot and run a filesystem check
    
    Enter an option: y
    
    pfSense is rebooting now.
     Stopping package Shellcmd...done.
     Stopping package System Patches...done.
     Stopping package Service Watchdog...done.
     Stopping package bind...done.
     Stopping /usr/local/etc/rc.d/named.sh...done.
    Jan 20 13:14:08 ipsec_starter[16515]: charon stopped after 400 ms
    Jan 20 13:14:08 ipsec_starter[16515]: ipsec starter stopped
    Waiting (max 60 seconds) for system process `vnlru' to stop... done
    Waiting (max 60 seconds) for system process `bufdaemon' to stop... done
    Waiting (max 60 seconds) for system process `syncer' to stop... 
    Syncing disks, vnodes remaining... 2 0 0 0 done
    All buffers synced.
    Uptime: 12m40s
    uslcom0: detached
    uhub3: detached
    uhub4: detached
     
    
    
    Version 2.15.1236. Copyright (C) 2012 American Megatrends, Inc.                 
    MB-WG7585W Ver.WD0_MOD2_SW 20/02/2018                                           
    Press <DEL> or <ESC> to enter setup.                                            
    Tab key on remote keyboard to enter setup menu, and key 'o' for popup menu.     
    

    Steve



  • So your screen stays like that until it reboots? The only thing I had to do different was force uefi during install compared to the xtm5 which was all auto settings.


  • Netgate Administrator

    Mmm, hard to believe that would be any different at reboot rather than boot but....

    I am running a full install from CF and hence not booting uefi:

    [2.4.4-RELEASE][admin@m400.stevew.lan]/root: sysctl machdep.bootmethod
    machdep.bootmethod: BIOS
    

    Steve



  • We have a M440 up and running with pfsense but only the first (eth0) and the 2 fiberoptic connections are working. Does someone has any idea how to get the eth1-eth24 working? I studied the WG software and they have some fancy scripts and modules for it to bring up al the eth ports


  • Netgate Administrator

    There's a separate thread for it: https://forum.netgate.com/topic/136614/watchguard-firebox-m440/

    But the short answer is no.

    The igb driver does not attach to the other 3 ports because the PHY used is not recognised.

    The switch IC is connected to the CPU only via an unknown PCI device. It looks to have a serial console for some kind (the switch) but we never saw any output from it. It looked like there might be a resistor missing.

    Please post in the other thread if you wish to discuss further.

    Steve



  • What is the best CPU to use for the M500 model? Thanks..



  • @pglover19
    I have installed an Intel Xeon E3-1285L v3 3.1GHz in my M400...



  • @zanthos said in Watchguard Firebox M400:

    @pglover19
    I have installed an Intel Xeon E3-1285L v3 3.1GHz in my M400...

    The prices on Ebay is still high for the Xeon E3-1285L v3 CPU. Any other alternatives?



  • @stephenw10 said in Watchguard Firebox M400:

    Use WGXepc64. Source. 64bit binary.

    Read about its development here if you're interested:
    https://forum.netgate.com/topic/29470/as-good-as-solved-watchguard-firebox-arm-disarm-led

    Steve

    I tried using the program on my Firebox M500 and it is not working. See attachment.

    0_1551267726934_48eef350-25c5-42f9-8ad6-2868e09ee10a-image.png


  • Netgate Administrator

    Yeah, it doesn't do the fan control but does it set the led as expected?

    What's the supplied CPU in the M500?

    Steve



  • @pglover19 said in Watchguard Firebox M400:

    The prices on Ebay is still high for the Xeon E3-1285L v3 CPU. Any other alternatives?

    Check this list:
    https://en.wikipedia.org/wiki/List_of_Intel_Xeon_microprocessors#Haswell-based_Xeons
    Choose any of the LGA 1150 based CPU's. They should work all... (But I can't guarantee that…)
    At least you can inject the latest Intel CPU microcodes to the BIOS to support those CPU's.
    My Intel Xeon E3-1285L v3 3.1GHz did work indeed without any modification.


  • Netgate Administrator

    Or indeed almost any Haswell LGA 1150 CPU is likely to work. So a load of i3/i5s you could choose.
    What are you planning to use it for? What do you need a replacement CPU to do?

    Steve



  • @stephenw10 said in Watchguard Firebox M400:

    Or indeed almost any Haswell LGA 1150 CPU is likely to work. So a load of i3/i5s you could choose.
    What are you planning to use it for? What do you need a replacement CPU to do?

    Steve

    I am looking for a AES-NI CPU. This unit will only be used in my home lab. I am running pfSense on 2 DELL R320 servers in HA mode in my production environment.



  • The CPU in the M500 is G3420.


  • Netgate Administrator

    Then any relatively cheap i3 like the 4130 will work. That will give you a faster CPU with hyperthreading and AES-NI.

    I think someone fitted one earlier in this thread. (edit: several people in fact)

    Steve


  • Netgate Administrator

    For reference here is the console log if the BIOS update commands I used.

    [2.4.4-RELEASE][root@5100.stevew.lan]/root: cu -l /dev/cuaU1 -s 9600
    Connected
    
    Freedos on COM1:
    Freedos
    Current date is Sun 03-03-2019
    Current time is  9:30:01.88 pm
    C:\>dir
     Volume in drive C is FREEDOS1.0
     Volume Serial Number is 4A84-36BD
     Directory of C:\
    
    KERNEL   SYS        44,889  08-20-06  7:08a
    COMMAND  COM        66,945  08-29-06  2:40a
    BIOS                 <DIR>  03-03-19  8:37p
    AUTOEXEC BAT           277  03-03-19  9:28p
    MODE     COM        16,254  05-12-05 12:05p
             4 file(s)        128,365 bytes
             1 dir(s)      23,560,192 bytes free
    C:\>cd bios
    C:\BIOS>afudos
    +---------------------------------------------------------------------------+
    |                 AMI Firmware Update Utility  v3.07.00                     |
    |      Copyright (C)2014 American Megatrends Inc. All Rights Reserved.      |
    +---------------------------------------------------------------------------+
    | Usage: AFUDOS.EXE <ROM File Name> [Option 1] [Option 2]...                |
    |           or                                                              |
    |        AFUDOS.EXE <Input or Output File Name> <Command>                   |
    |           or                                                              |
    |        AFUDOS.EXE <Command>                                               |
    | ------------------------------------------------------------------------- |
    | Commands:                                                                 |
    |         /O - Save current ROM image to file                               |
    |         /U - Display ROM File's ROMID                                     |
    |         /S - Refer to Options: /S                                         |
    |         /D - Verification test of given ROM File without flashing BIOS.   |
    |         /A - Refer to Options: /A                                         |
    |       /OAD - Refer to Options: /OAD                                       |
    | /CLNEVNLOG - Refer to Options: /CLNEVNLOG                                 |
    | Options:                                                                  |
    |     /MEUL: - Program ME Entire Firmware Block, which supports             |
    |              Production.BIN and PreProduction.BIN files.                  |
    |         /Q - Silent execution                                             |
    |         /X - Don't Check ROM ID                                           |
    |       /CAF - Compare ROM file's data with Systems is different or         |
    |              not, if not then cancel related update.                      |
    |         /S - Display current system's ROMID                               |
    |       /JBC - Don't Check AC adapter and battery                           |
    |  /HOLEOUT: - Save specific ROM Hole according to RomHole GUID.            |
    |              NewRomHole1.BIN /HOLEOUT:GUID                                |
    |        /SP - Preserve Setup setting.                                      |
    |         /R - Preserve ALL SMBIOS structure during programming             |
    |        /Rn - Preserve SMBIOS type N during programming(n=0-255)           |
    |         /B - Program Boot Block                                           |
    |         /P - Program Main BIOS                                            |
    |         /N - Program NVRAM                                                |
    |         /K - Program all non-critical blocks.                             |
    |        /Kn - Program n'th non-critical block(n=0-15).                     |
    |     /HOLE: - Update specific ROM Hole according to RomHole GUID.          |
    |              NewRomHole1.BIN /HOLE:GUID                                   |
    |         /L - Program all ROM Holes.                                       |
    |        /Ln - Program n'th ROM Hole only(n=0-15).                          |
    |      /ECUF - Update EC BIOS when newer version is detected.               |
    |         /E - Program Embedded Controller Block                            |
    |        /ME - Program ME Entire Firmware Block.                            |
    |       /FDR - Flash Flash-Descriptor Region.                               |
    |       /MER - Flash Entire ME Region.                                      |
    |      /MEUF - Program ME Ignition Firmware Block.                          |
    |         /A - Oem Activation file                                          |
    |       /OAD - Delete Oem Activation key                                    |
    | /CLNEVNLOG - Clear Event Log.                                             |
    |   /CAPSULE - Override Secure Flash policy to Capsule                      |
    |  /RECOVERY - Override Secure Flash policy to Recovery                     |
    |        /EC - Program Embedded Controller Block. (Flash Type)              |
    |    /REBOOT - Reboot after programming.                                    |
    |  /SHUTDOWN - Shutdown after programming.                                  |
    +---------------------------------------------------------------------------+
    C:\BIOS>dir
     Volume in drive C is FREEDOS1.0
     Volume Serial Number is 4A84-36BD
    
     Directory of C:\BIOS
    
    .                    <DIR>  03-03-19  8:37p
    ..                   <DIR>  03-03-19  8:37p
    M400     ROM     8,388,608  01-14-19 10:57a
    AFUDOS   EXE       168,944  11-10-14  3:14p
    AFUEFI   EXE       159,392  04-24-14  3:59p
             3 file(s)      8,716,944 bytes
             2 dir(s)      23,560,192 bytes free
    C:\BIOS>afudos backup.rom /O
    +---------------------------------------------------------------------------+
    |                 AMI Firmware Update Utility  v3.07.00                     |
    |      Copyright (C)2014 American Megatrends Inc. All Rights Reserved.      |
    +---------------------------------------------------------------------------+
     Saving current BIOS into file: backup.rom
     Reading flash ............... done                
    C:\BIOS>dir
     Volume in drive C is FREEDOS1.0
     Volume Serial Number is 4A84-36BD
    
     Directory of C:\BIOS
    
    .                    <DIR>  03-03-19  8:37p
    ..                   <DIR>  03-03-19  8:37p
    M400     ROM     8,388,608  01-14-19 10:57a
    AFUDOS   EXE       168,944  11-10-14  3:14p
    AFUEFI   EXE       159,392  04-24-14  3:59p
    BACKUP   ROM     4,194,304  03-03-19  9:52p
             4 file(s)     12,911,248 bytes
             2 dir(s)      19,365,888 bytes free
    C:\BIOS>afudos m400.rom /B /P /N
    +---------------------------------------------------------------------------+
    |                 AMI Firmware Update Utility  v3.07.00                     |
    |      Copyright (C)2014 American Megatrends Inc. All Rights Reserved.      |
    +---------------------------------------------------------------------------+
     Reading flash ............... done                
     - ME Data Size checking . ok
     - FFS checksums ......... ok
     Erasing Boot Block .......... done                
     Updating Boot Block ......... done                
     Verifying Boot Block ........ done                
     Erasing Main Block .......... done                
     Updating Main Block ......... done                
     Verifying Main Block ........ done                
     Erasing NVRAM Block ......... done                
     Updating NVRAM Block ........ done                
     Verifying NVRAM Block ....... done                
    C:\BIOS>
    

    After running that the box reboots twice and beeps a few times. Alarming if you're not ready for it!

    I leave creating a FreeDOS bootable USB stick as an exercise for the user.

    The BIOS file Zanthos linked here has everything unlocked. I'm sure you could prevent it booting using some of the options there so if you do this choose wisely.

    Also BIOS flashing is inherently dangerous etc etc! 😉

    Steve



  • @stephenw10
    Do I understand that correctly: You tried to flash that BIOS file, the box rebooted twice and beeped a few times. But after it worked?

    Because when I tried the first time, I messed with the afudos parameters and bricked my box. So I had to use a SPI programmer to revive it...


  • Netgate Administrator

    Yes, sorry, that worked fine after going through it initialization routine because the cmos was cleared.

    Steve


Log in to reply