Enable VGA on Serial Memstick install
-
I have multiple WatchGuard XTM 850 that I want to run pfsense on.
I can successfully install pfsense on a separate machine, then place the hard disk back in the WatchGuard appliance and everything works great! However since I used a VGA memstick installer, the console access enabled from the System > Advanced in the web GUI settings do not survive a factory default.
Can someone help me with getting the VGA console to start on a Serial Memstick install?
-
@fibrewire said in Enable VGA on Serial Memstick install:
However since I used a VGA memstick installer, the console access enabled from the System > Advanced in the web GUI settings do not survive a factory default.
How many times do you factory default your firewall? Lot of other stuff doesn't survive that- like interface assignment. etc. I don't think it's possible to enable a VGA console on the serial image.
-
Not sure why you need the VGA console at all on that device. Been a while but I'm pretty sure you can just access the BIOS directly on those.
But, yeah, why are you trying to factory default it? Just leave the serial console enabled, restore to that base config if you have to.Steve
-
@dotdash there are many reasons to default a box. I’m sure that even yourself have defaulted or used a new piece of hardware (that had been defaulted before you got it). It’s a good “clean slate” start for any repeatable process. Even windows 10 has a similar function integrated into the operating system now, and Microsoft is huge! The same reason we don’t recompile and roll our own distributions every time we make a change - it saves time
-
@stephenw10 that’s the strange part. I get no console output until either the cf card boots Watchguard OS or until I see the bsd console options after the memstick has loaded. Unfortunately memstick won’t load unless the hard disk and/or CF card is disconnected from the box.
-
I try and keep my firewalls up for as long as possible without interruption. If I do a refresh, I generally back up the config, reinstall from the latest installer, and restore the config. The only firewalls I ever use 'reset to factory defaults' on are test units in the lab.
-
Ah, yes it's coming back to me now. Must have redacted that memory....
You can try setting the enable serial tags in /conf.default/config.xml
Steve
-
@stephenw10 yep, I found a vga header cable but the pin block is too big, gonna clip wires and slide them over the pins on the board at some point, and record the keystrokes necessary to enable console redirection for bios if im able to. In the mean time...
I pulled the CF cards out of all the 850 boxes, and pulled the hard disks as well. I booted the memstick install on a bench box and installed using the console. After i reinstalled the hard disk in the XTM 850 I reset to factory default and everything is working great over console connection.
Would have been a lot easier had I just done that from the start. Had to rig the serial port on the bench box to a server accross the room, but it was worth it. I'll try the enable serial tags asap. Thank you for your help!
-
Yeah the header is 2mm pitch which is common for VGA but not the 2.54mm pitch most other headers are. Hence I'm using some random front-panel connectors jammed in the plug!
Steve
-
Here I am, 2 more XTM 850 and stuck. I figured out to use balena etcher to write the installer to 1GB CF card and install using the ZFS option since the watchguard box boots CF before SATA. Just wanted to drop this note here because this will definitely not be the last time I need to install this, I just wish I knew the keystrokes to boot from usb without having to open the watchguard box.
-
Mmm, I never found anyway to do it whilst anything else is present.
-
@fibrewire I never found a way around it, so I opted for using the onboard VGA header. If you decide to go that route, it’s pretty painless (although only green is passed from the header).
I can confirm these pinouts are also correct for the 850 (bottom of the page):
https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/108244/howto-utm9-home-on-a-watchguard-xtm5-series
I used:
uxcell Female to Female 2P to 1P Jumper Wire 2mm to 2.54mm Pitch Ribbon Cable Breadboard DIY 20.5cm Long https://www.amazon.com/dp/B07FM72VBF/ref=cm_sw_r_cp_api_i_McngFbZ0SSXCE
And
Twinkle Bay D-SUB DB15 Female 15Pin Jack Port to Terminal Breakout Board Connector 3Row Plug, DR15 VGA Female with Case https://www.amazon.com/dp/B07F9QFMKN/ref=cm_sw_r_cp_api_i_KfngFbT4ETXQ7
Match up pinouts and PAY ATTENTION to the #1 pin on the board and orient yourself with it for lining up the pins accordingly. Also, don’t be like me and forget you subbed in a CPU without onboard graphics and are wondering why nothing is working. The 850 with gladly accept a E3-1220Lv2 (17TDP), but will complain about the lack of graphics. I figured out that 4 short beeps on boot = no graphics available.
Other notable things:
Full access to the BIOS. THE FAN SPEEDS ARE USER MODIFIABLE (I wish I knew this before dropping 100+ on fans and a 1U CPU cooler. Also, you can turn on C-states, limit the amount of active cores, etc.
In other words, you can turn the jet-engine furnace into a much more manageable device outside of a server room.
If you don’t feel like screwing with the PWM stuff, Noctua also makes a TINY fan controller that fits nicely behind the power switch.
Noctua NA-FC1, 4-Pin PWM Fan Controller (Black) https://www.amazon.com/dp/B072M2HKSN/ref=cm_sw_r_cp_api_i_6nngFb6M8PF7E
Best of luck.
-
Yeah, still pretty loud though.
I also found no way to enable console redirect for the BIOS output which would be nice.
Steve
-
@stephenw10 - thanks for your help, had to reinstall again and used the flashed CF card to reinstall 2.4.5 after I realized an issue with 2.5.0
Is the XTM-850 supportable moving forward?
https://www.watchguard.com/docs/datasheet/wg_xtm800_ds.pdf
-
I don't see why not. What was the issue?
Mine appears to have a hardware fault. You just reinstalled to HD using the memstick serial image on a CF card?
Steve
-
@stephenw10 yes both of my XTM 800 series appear as though they have a hardware fault on 2.5.0, but reinstalling from 2.4.5 from CF brought them both back online with no issues.
While running 2.5.0 I can sometimes make it to the serial console successfully, other times I cannot. It’s as if something on boot shifts the memory from one location to output on the serial console. As soon as this behavior is triggered it takes a very long time for the web interface to respond on some options, other options not so long. The pfsense boot chime is slower than normal as well.
Entering the boot loader and booting the kernel.old will remedy this, so it would seem kernel related.
-
Hmm, interesting. Something like this?
Setting up DNSs... Starting DNS Resolver...APEI ??? Error cf000000-4a78-6a04-313f-c2e10ed83fa3: Error Data: 01 6f da c9 28 52 b6 38 2e 23 e2 5c 1a 77 2c 29 e0 a8 06 9a 66 07 12 11 ff 34 09 d4 9f 63 6d a0 43 ef d4 3a 09 6e a5 a5 a4 6e 24 f9 43 87 03 52 74 96 4f 06 91 70 e9 2a 02 a9 f7 1a d5 d7 48 fa 51 c2 5d ac 10 54 aa bb a0 e2 25 3c 3a 95 3c d8 68 50 42 e6 3c 81 3f d2 69 55 c2 e4 f7 82 d9 d0 19 57 f9 66 d1 b8 c9 4e 12 1b ff c3 b1 d7 7a 7a 48 02 51 4c 71 4a 99 b7 ba e7 ab 3d 55 e0 88 e1 b1 cf ad aa be 00 fd 11 8b b7 b0 16 9f a5 6e 40 41 1c 56 c0 d0 7d 49 2c 52 aa 5f 9b 22 b2 b3 48 2c 1b e3 40 15 40 ab b2 23 e5 e7 3c 3c 24 bc 83 ab 7e 20 72 83 3a e0 0f 86 bb b5 93 e4 18 d0 1d 9d 31 bb d5 86 06 e1 92 05 76 77 76 bf 47 7e b1 c9 e4 12 bc 8a fb 64 ef c4 cb 94 ab 4a 53 07 38 76 a3 ce 1c cd 96 c7 59 95 90 3c 06 ce 74 c5 ab 97 ea 3e 38 63 00 90 92 3e f5 e9 b4 64 2f 10 06 7d 3c 4b d3 d6 1e 53 c0 1a 6a 57 cb ab e8 6d 3b 85 97 98 35 e9 aa 4c 1a 15 07 d0 fd aa ed ed 39 -
@stephenw10 yes that exactly. Hopefully it’s an easy fix?
-
Aha! Well no idea. I had assumed it was bad hardware but if it's consistent across devices though it must be something 2.5 is tickling. That's good I hads written off that box.
Digging required I guess.... -
@fibrewire What brand of CF card are you using? I have a 4gb Verbatim CF card and my box won't pick it up.
It all started when I upgraded from 2.4.5 to 2.5 and got the same boot loop error with the memory/kernel problem. Kind of a new to all of this, I tried flashing the bios with FreeDOS on a 256mb CF card, nearly bricking the system. Thankfully, it never succeeded. Then, I took out the hard drive and tried to do a fresh install via laptop, but that didnt work either as the system doesn't even boot up. I still see "WG Bios v1.3" on the LCD when I turn it on. I'm curious about the VGA route, but if I can avoid taking that route I will.
