Watchguard Firebox M440
-
Ok I assume igb0 is what is labelled port 0 on the front? And ix0/1 are the 10G SFP ports?
I expect a C2000 SoC to appear as 4 igb ports normally, but they can be disabled. We need to see the boot log / dmesg. Also the output of
pciconf -lv
may be helpful. Both as attached text files if possible.
Do you have access to the bios setup?You can upload photos directly into the post using the 'Upload Image' button.
Steve
-
This post is deleted! -
I will be back home in the next 3 hours. Where is the log files located?
-
The boot log you could get from console, putty can log all output to a file or you can copy/paste it from the console window into a file.
Or the dmesg output can be found in /var/log/dmesg.boot
The pciconf output you can redirect to a file like:pciconf -lv > /tmp/pciconf.txt
or copy/paste it.Steve
-
I can’t remember how to access the BIOS. Also I don’t know what commands to execute to get what you are looking for. Please be very specific.
-
You can execute
pciconf -lv > /tmp/pciconf.txt
in Diag > Command prompt. Then download the file from the download field there.
You can also download /var/log/dmesg.boot from there.Steve
-
I get into the BIOS of the M440, do I use the DEL or TAB key?
-
Usually TAB when connecting via the serial console.
-
Content of the Boot Log and PCIConf results.
0_1539385667815_BootLog.txt
0_1539385678756_pciconf results.txt -
@stephenw10 said in Watchguard Firebox M440:
Usually TAB when connecting via the serial console.
It is prompting me for password to enter the Setup.
-
Here is a look at the internal hardware.
-
For some reason now, the unit will not boot from SSD. I put the CF Card back when I had the SSD drive. Maybe the SSD has been wiped now....
-
Hmm, OK.
So the BIOS is password protected and there's likely no way to remove that. Though the hardware does look identical to the Lanner default so the standard bios may work.
The expected 3 i354 NICs appear in the pciconf but are not attached to by the driver for some reason. The boot log doesn't show it failing but it also doesn;t show the igb or ix NICs, it appears incomplete. I assume that was copy/pasted from the console rather than the dmesg output? You could also look at the system log since there won't be anything else in it.
Looking at the block in the manual it shows the Marvell switch connected to system via SGMIIx4 and one additional PCIe device. Which is probably this:
none8@pci0:2:0:0: class=0x020000 card=0x11ab11ab chip=0xe7fe11ab rev=0x03 hdr=0x00 vendor = 'Marvell Technology Group Ltd.' class = network subclass = ethernet
If the only way to configure that is via that PCIe device it would require a driver, likely something written from scratch, and that's unlikely to happen.
chip=0x1f418086
is the normal PCI device ID for the C2000 NIC so we need to see if the system log shows some error indicating why it's not attaching. Probably because it doesn't have a PHY in the expected way. Or perhaps it's something completely different.Steve
-
@stephenw10 said in Watchguard Firebox M440:
Hmm, OK.
So the BIOS is password protected and there's likely no way to remove that. Though the hardware does look identical to the Lanner default so the standard bios may work.
The expected 3 i354 NICs appear in the pciconf but are not attached to by the driver for some reason. The boot log doesn't show it failing but it also doesn;t show the igb or ix NICs, it appears incomplete. I assume that was copy/pasted from the console rather than the dmesg output? You could also look at the system log since there won't be anything else in it.
Looking at the block in the manual it shows the Marvell switch connected to system via SGMIIx4 and one additional PCIe device. Which is probably this:
none8@pci0:2:0:0: class=0x020000 card=0x11ab11ab chip=0xe7fe11ab rev=0x03 hdr=0x00 vendor = 'Marvell Technology Group Ltd.' class = network subclass = ethernet
If the only way to configure that is via that PCIe device it would require a driver, likely something written from scratch, and that's unlikely to happen.
chip=0x1f418086
is the normal PCI device ID for the C2000 NIC so we need to see if the system log shows some error indicating why it's not attaching. Probably because it doesn't have a PHY in the expected way. Or perhaps it's something completely different.Steve
So what else would you like me to post. Please be specific in the commands as I am a novice..
-
The actual file
/var/log/dmesg.boot
should have some output showing the drivers attaching or failing to attach.I'm assuming you were able to assign igb0 and access the GUI and SSH?
Steve
-
@stephenw10 said in Watchguard Firebox M440:
The actual file
/var/log/dmesg.boot
should have some output showing the drivers attaching or failing to attach.I'm assuming you were able to assign igb0 and access the GUI and SSH?
Steve
I will go ahead and do and upload the dmesg.boot file shortly. First, I need to reinstall pfSense on the SSD. It seems to be corrupt for some reason.
-
Reinstalled pfSense on the SSD and now the M440 is booting pfSense from the SSD. I will post the boot file shortly.
-
I was able to setup the LAN interface and access the GUI using the default 192.168.1.1. I turned on SSH and was able to use WINSCP to retrieve the boot file. Attached is the dmesg.boot file. Let me know what else you need from me. I am available most of the night.
FYI.. I had to rename the file in order to upload it.0_1539392024912_dmesg.boot.txt
-
Hmm, OK so we have errors but unfortunately that's the same error we see on the SG-2220 for example where it only has two ports. So it could imply that all 4 are simply disabled.
That also matches the block diagram where all the connectivity is via PCIe . The 4 i354 NICs are in the SoC so connectivity with the switch would be via some other bus I would think.The only connection is that one PCIex1 device. It is labelled Ethernet. But is x1 PCIe enough bandwidth there?
The best case scenario here is that the 4 on-board ethernet ports are connected to the switch chip and we can persuade the driver to attach to them. Then we use the switch in it's default config or find some other way to configure it.
You could test the switch to see what it's default config is. Try to ping between static clients on some of the ports there. It may be configured as a single layer 2 or as 3 groups. Or it may be disabled entirely as that's the most secure thing. That what we do.
Do you have the watchguard OS? The console boot log from that might determine what NICs are required to be attached.
Steve
-
Yes.. I will disconnect the SSD drive and boot from the CF and copy the content on the console to a file. I will upload the file in 10 minutes.