Watchguard Firebox X Peak platform
I've been lurking here for sometime so it's about time I gave something back. ::)
I thought I'd setup a separate thread for the Watchguard X-Peak as I could only find passing references to it elsewhere. Also I needed to document my findings.
First off Watchguards X series came in two hardware variants: Core (X500, X700, X1000, X2500) and Peak (X5000, X6000 and X8000).
The X Peak hardware is as standard (at least in my X6000):
Pentium 4 2.8GHz (SL6PF), 512MB in two 256MB DIMMS, 128MB compact flash card (Sandisk 'industrial'!).
3X Intel 82547GI Gig Ether, 7X Intel 82551ER 10/100 Ether, USB 2.0, 2X DB9 Com ports.
Intel FWE6300ESB 875p chipset
The motherboard is an Advantech AIMB-X3 (Rev.A1 in my case).
The PSU is a Seasonic SSF-160U1
It has an unfilled mini-pci slot and a space for a hard disk caddy with a spare IDE connector.
Front mounted LCD and cursor controls.
In other words quite a tasty piece of kit! :D
See output of dmesg attached.
I've been playing with it for a few days. Firstly, installing pfSense on this hardware in incredibly easy. Just flash the nanobsd image onto a CF card stick it in the slot and away she goes. This is lucky since as there's no PCI slot it's difficult to get into the BIOS to change the boot settings. I'm using a Sony 2GB 300X card with no problems but it also boots a 16MB Canon card. Interestingly although the CF card supports UDMA it seems freeBSD does not, see here. pfSense just hangs with timeouts if you enable it.
Initial access to pfSense setup is via the front serial console. 9600,8,N,1 in case you're wandering.
The network interfaces come up conveniently from left to right. Port 3 is fxp0.
The Peak hardware does not suffer from the packet loss / timeouts the Core hardware does as it's not using Realtek NICs. Great.
The LCD driver created for the Core hardware (search the forum) works perfectly.
The board has a LOT of extra connectors and unpopulated pads. I've labled those which have pins to avoid any confusion. CN24 is under the ribbon cable leading to the LCD. CN42 looks like a spare fan connector. It's hard to say which pins are CN11,12 and 14. The labling on the board practically non-existant and there's no mention of it on Advantech's site.
Like the Core its doesn't shutdown properly and when it halts it uses more power than when it's running! I guess in a rack you don't want to have go around switching everything on. The PSU has a bare jumper (J3) which is also labled ON/OFF. It maybe that the power switching line is not connected. I can't find much info on the PSU though. pdf
It loud! :o It has three 40mm fans running flat out all the time. No thermal control.
It uses a lot of power. The box draws aroung 85-90W at boot and around 55W at idle.
Dissapointingly it seems from dmesg that the front USB port is USB1 only although it has 2.0 on board. :(
Edit: This isn't true, you can use USB2 devices in the front port.
All of these things may be possible to work around but it would be really helpful to have access to the BIOS. Unfortunately it doesn't have serial console bios access. This is what I've been working on for the past few days.
After much struggling (stupid corrupt MBR!) I have a booting CF card with Freedos loaded so I can use some bios tools. biosid.com revealed:
BIOS DATE : 10/21/2004
CHIPSET ID : Canterwood
BIOS ID : 6A79BAKDC-00
BIOS TYPE : Phoenix Technologies, Ltd.
OEM INFO : (046) EVALUATION ROM - NOT FOR SALE
Watchguard not paying for a proper bios.
Update: I should probably take this back! The bios has obviously been modified by/for Watchguard for the platform as it writes to the LCD.
Of course no info to be found on this bios.
I did read it to a file though with awdflash. File to be uploaded.
Eventually I found a bios editor that could open it in some sense. Using MODBIN6 I can look at the bios setup. Several interesting things. It has console redirect but the default is disabled. Also ACPI is disabled by default.
I can't actually modify the bios settings as they are stored in CMOS but I can set the defaults to enabled re-flash my modified bios and clear the cmos. However doing that may well brick my shiny red box! :-\
Any input most welcome.
Update: Corrected ethernet chip types
That's a lot of detailed information. I was really impressed with this box when I got it. With 3GigE interfaces and 7FastE, all with intel NIC chipsets, I'm torn between running it as a firewall or as a routing platform in my lab.
Do you know if there are any other lower-end watchguard that use intel for the NICs?
My install went pretty smooth, I used the live CD instead of the nanobsd image on a 4Gig CF. It was my first time installing the software. It was quick and painless and I booted up first time with only the DMA issue and the FSTAB to fix.
When I decided I wanted a hard drive instead of the CF, It was a little more of a challenge. The plastic rails in the HDD bay need a stud/screw or special rail (none of which I have) to hold the drive in place. The IDE connector also requires an adapter. I used a (modified) adapter from an HP nc6210 laptop I had, and it fit fine. I also used the HDD caddy from the same HP laptop for a little extra protection since I have it sitting on the bare metal deck. A (short) male<>female ribbon cable would have been nice if you want to tap holes into the bottom of the chassis to keep everything tight, otherwise you're either laying the HDD at a slant and hoping your drive doesn't disconnect.
When booting to the HDD, I didn't have a problem, so there was no need for BIOS adjustment to boot from AD2. This is even true with the CF isntalled. I blanked the CF and put it in for a little extra storage space in case I needed it. With the CF and HDD installed, I have to boot without DMA, but a simple script to run atacontrol later in bootup will adjust the HDD back to DMA mode.
Hope this helps!
All informtion is good! ;D
When you say you needed an adapter do you mean a 2.5" to 3.5" ATA cable?
Something like this:
Did you boot the CD in the laptop first or directly in a drive connected to the Firebox?
I'm afraid I don't know much about the other Watchgaurd products oter than what I've gleaned from the forum. The X series are now all 'end of life' and hence are turnign up on Ebay. The X-e series has really interesting hardware, much lower power consumption processors. They can take the Pentium M, Dothan core, which can be as low as 5W! Have to wait a year or two for those to start showing up.
In the meantime it may be possible to swap out the processor in the X fo something much cooler. The P4 has a thermal design power of 68W at 2.8GHz. It might take the P4-M, also Northwood core, which is only 32W at 2GHz. This would still be plenty for my modest uses but without access to the bios it's all a bit risky.
The default console connection speed from the BIOS is 115200. So if your bios has had console redirect enabled I'd try that first.
I should say that I'm probably best described as a keen amateur at this sort of thing so it's highly likely I could be stumped by some simple problem. ::) This is my first proper experience with BSD.
There seems to be three fan connectors on the board as well as the seperate fan assembly PCB. Probably just a parallel set of connections.
More interesting is J1. A set of 25 pins (2X13 with one missing). The fact that it's labled as a jumper and not a connector is intersting. There are no jumpers on it though. Perhaps a CPU speed selector? I thought that would all be done in the bios on this era of board. I wish someone at Advantech had bothered to lable all this! >:(
A quick update:
Just replaced the CPU with a Celeron 2GHz(SL6LC) I had spare.
The system booted no problems and correctly recognised the CPU. Interesting because this is a 400MHz FSB chip and the original P4 is 533MHz. All the more interesting because the memory is quite clearly labled 400MHz. You'd think Watchguard would be fitting top quality memory.
Power usage is much the same at idle, ~49W, but reduced at peak, ~70W.
Getting braver perhaps I'll dig out a mobile CPU and try that. :P
Also I took the board out and looked at the bottom. Nothing of any interest.
Yes, this second adapter you show here is similar to the one I used.
So, any thoughts about running it with different fans? Would that improve the power consumption?
I'm not really too concerned about the power consumption, although maybe I should be ;)
Well my first thought about different fans is that it should definitely be possible as the heatsink on the CPU seems to run stone cold all the time.
My second thought was that you shouldn't really go messing about with the cooling without having a way of reliably reading the system temps. Using the bios is good for this since it also has no idle code to keep the processor cool. However with no bios access, yet, the perhaps some BSD equivalent of lmsensors? Like I said I'm pretty inexperienced with BSD. The original Watchguard software had the capability to monitor the system I believe, although I've never used it.
The fitted fans are Sunon GM1204PQB1-8A. It seems hard to find any useful info but they seem to rated for 15.3CFM at ~40dB. You can easily, and quite cheaply, get much quieter ones but of course they shift less air. The Watchguard is not exactly a masterpiece of aerodynamics though. The grill across the back of the fans is largely not needed as the rotating part of the fans is on the inside of the box. Also there is, in my opinion, nowhere near enough air inlets. Just the two side grills. There's a grill on the front, just above the 10/100 sockets, but it's completely blocked by the front facia. Room for improvement I think.
Reducing the power consumption is basically about fitting a lower power processor. I'm wondering if I could find out which processors the board supports from the bios. It's a modular bios where some modules can be swapped in and out without effecting the key bios code, the splash screen for example. One of the modules is the microcode required for different processors. You'd think that might contain a list of processors? I need a BIOS expert! :D
Ok so because the board has a Winbond W83627HF chip mbmon works quite nicely. Newer programs don't and because ACPI is disabled by default in the bios you can't just read sysctrl directly. For reference.
Because I'm using an embedded image I first mount it read-write.
pkg_add -r mbmon
Add the mbmmon package.
Remount the CF card read only.
./mbmon -d ioctl(smb0:open): No such file or directory SMBus[Intel8XX(ICH/ICH2/ICH3/ICH4/ICH5/ICH6)] found, but No HWM available on it!! Using ISA-IO access method!! * Winbond Chip W83627HF/THF/THF-A found.
Test mbmmon can find something. Success!
./mbmon ioctl(smb0:open): No such file or directory Temp.= 39.0, 9.0, 43.0; Rot.= 20454, 20454, 19852 Vcore = 1.52, 2.24; Volt. = 3.36, 5.08, 12.10, -11.96, -0.67
What you get.
The fan speeds are nice and seem to change appropriately if you speed up one of the fans by covering it up. Although I think the fans are rated at 9600rpm :P. Voltages look good I suppose.
The temperatures are there. Don't know about the second one. I'm not sure any of those are the actual on die temperature. Quite cool anyway. :D
This should mean the phpsysinfo would work just fine but it doesn't appear in the package list on my install.
Update: Of course because i'm using embedded mbmon disappears after a reboot. Doh! ::)
Also real measurements have shown the heatsink temperature to be 25°C at idle and 30°C with the system halted in a 20°C ambient with the case open. Definately some headroom to play with.
Update: The heasink temperature with the system off after an hour shows 22°C, some discrepency between my two very cheap thermometers! Still a 3° rise is impressive cooling,way more than is required.
Update: In fact it remains installed across a reboot no problem you just have to call the program using the whole path. e.g. /usr/local/bin/mbmon
I played around with phpsysinfo and mbmon, it all seemed to work well, although the mbmon returns an error when trying to access /dev/smb0. Adding the argument -I to the mbmon script in /usr/local/etc/rc.d didn't help.
So after testing my procedure on another system that did have video and keyboard I got brave and reflashed my modified bios. Make sure to use the /cc switch with awdflash to clear to CMOS and force it to load the defaults.
I wasn't sure it had worked at first but at least it didn't brick it. It definately reflashed it though as I changed the bios message. Any way after much key pressing and googling:
Phoenix - AwardBIOS v6.00PG, An Energy Star Ally Copyright (C) 1984-2003, Phoenix Technologies, LTD Modified by Steve for default console. Main Processor : Intel(R) Celeron(R) CPU 2.00GHz(100x20.0) Memory Testing : 524288K OK CPU Brand Name : Intel(R) Celeron(R) CPU 2.00GHz Memory Frequency For DDR266 (Dual Channel Mode Enabled) Primary Master : LEXAR ATA FLASH V1.02 Primary Slave : None Secondary Master : None Secondary Slave : None Phoenix Technologies, LTD System Configurations +==============================================================================+ | CPU Type : Intel(R) Celeron(R) CPU Base Memory : 640K | | CPU ID/ucode : 0F27/37 Extended Memory : 523264K | | CPU Clock : 2.00GHz Cache Memory : 128K | |------------------------------------------------------------------------------| | Diskette Drive A : None Display Type : MONO | | Diskette Drive B : None Serial Port(s) : 3F8 2F8 | | Pri. Master Disk : CHS,PIO 4, 15MB Parallel Port(s) : 378 | | Pri. Slave Disk : None DDR at Bank(s) : 0 2 | | Sec. Master Disk : None | | Sec. Slave Disk : None | +==============================================================================+ PCI device listing ... Bus No. Device No. Func No. Vendor/Device Class Device Class IRQ -------------------------------------------------------------------------------- 0 29 0 8086 25A9 0C03 USB 1.0/1.1 UHCI Cntrlr 11 0 29 1 8086 25AA 0C03 USB 1.0/1.1 UHCI Cntrlr 5 0 29 4 8086 25AB 0880 Base Sys. Peripherals NA 0 29 5 8086 25AC 0800 I/O(X) APIC Cntrlr NA 0 31 1 8086 25A2 0101 IDE CntrlrCI Cntrlr 14 0 31 3 8086 25A4 0C05 SMBus Cntrlr 12 2 1 0 8086 1075 0200 Network Cntrlr 10 3 13 0 16AE 000A 1000 En/Decryption Cntrlr 9 3 14 0 8086 1079 0200 Network Cntrlr 9 3 14 1 8086 1079 0200 Network Cntrlr 9 4 6 0 168C 001A 0200 Network Cntrlr 10 4 9 0 8086 1209 0200 Network Cntrlr 5 4 10 0 8086 1209 0200 Network Cntrlr 10 4 11 0 8086 1209 0200 Network Cntrlr 12 4 12 0 8086 1209 0200 Network Cntrlr 11 4 13 0 8086 1209 0200 Network Cntrlr 5 4 14 0 8086 1209 0200 Network Cntrlr 10 4 15 0 8086 1209 0200 Network Cntrlr 12 Updating ESCD ... Success Building DMI Pool ............................ Success
This was from putty at 115200 8n1 with no flow control.
Because you can't send the delete key over the serial console you have to press tab.
However it's incredibly flaky! ::) In fact it almost seemed like I had to press everything three times. It's almost impossible to navigate the bios, the keys seem virtually random.
I'm going to try it again at a lower baud rate to see if that's the problem.
Some interesting results from the POST, though nothing we didn't already know.
Update: tried 9600, no different. I've only once managed to have display the complete POST. >:(
Hmm. The way you describe that serial output sounds like a flow control issue. Have you tried xon/xoff or hardware(if your cable supports it).?
I've tried a large number of different settings, mostly in puTTY but also in Hyperterminal for good measure. However I should probably work through them in order to make sure I didn't miss anything out.
The null modem cable I'm using was supplied with an SMC switch and seems to work perfectly in pfSense and from freedos.
It's as if every key is interpreted as escape. Which seems to make sense if putty is sending escape sequences.
Award calls their console redirect Award Preboot Agent. It seems that it was possible to get an companion program, Award Preboot Manager, that would talk to it and enable all sorts of interesting functions. Mapping a floppy drive from a remote machine so you can upload a new bios for example. Good luck finding anything about it though. ::)
I'll have to try and borrow another cable or get my multimeter out and test this one.
The device in the post: Vendor ID 16AE; Device 000A would seem to be a Safenet SafeXcel 1841. It seems that it should be supported under FreeBSD but isn't recognised. It's the larger of the two chips with silver heatsinks (the other one's gig ether) and runs quite hot.
Update: It isn't supported in the safe(4) driver from FreeBSD 7.3 or 8. However..
Prices for the SafeXcel-184x series start at $85 per chip in quantities of 10,000
Sweet! I'm prising it off and selling it! ;D
Still playing here. ;D
I just swapped the processor for a Pentium 4-M (SL6FH). It's rated at 1.8GHz but because the board doesn't support speed step it defaults to it's lower speed of 1.2GHz. The board booted and ran fine using slightly less power, ~46W at idle.
It does seem that there may be some potential for a pin mod to make it run faster.
However looking at the output of mbmon the core voltage being supplied by the board is 1.57V when it should be 1.3V. ::) Not good! The chip does have a far higher rated junction temperature though so could be run hotter. Still 1.57 is actually higher than the voltage provided for the original P4 so I think we can assume that the bios knows nothing about the P4-M. A Shame. :(
Bios access is still defeating me. I can now semi-reliably get the first part of the POST which helps when swapping CPUs.
I am left thinking that the bios module that supports console access is basically knackered and was never meant to be used. I've tried every combination serial settings and several cables. I even installed a serial sniffer to watch what was actually being sent and received. It seems that the bios is just not receiving/interpreting what I'm sending correctly. Looking at instructions for other motherboards of the same era with the same bios modules and chipset it seems that it should just work with no problem.
Update: I got braver and went for the pin mod I linked to above. Removing pin AE1, or bending it as I have, reduces the core voltage by 0.4V. So far it seems stable and cooler. ~42W at idle.
[1.2.3-RELEASE] [root@pfSense.local]/usr/local/bin(17): ./mbmon ioctl(smb0:open): No such file or directory Temp.= 35.0, 7.5, 37.5; Rot.= 21093, 21093, 19852 Vcore = 1.15, 2.16; Volt. = 3.38, 5.05, 12.10, -12.04, -0.62
Should be able to fit quieter fans now for sure.
Still only getting 1.2 Ghz from that processor after the pin mod? How much is that chip going for on ebay?
Yep still running at 1.2GHz. I only tried the voltage mod though. By removing another pin you can set the bus speed to 133MHz (up from 100) giving 1.6GHz. I haven't tried that yet though. I paid £2 for it. ;D
However like it says in the article I linked to you'd be better off with the equivalent mobile celeron because they didn't have speedstep.
The way I look at it if I ever run out of processor headroom I can always swap back something more powerful. This is unlikely though as the box I'm replacing is an old Cyrix 333MHz running IPCop. A lot more interfaces on the Firebox though. :-\
My new fans arrived today so I fitted them straight in. The cables need shortening really I ended up having to stuff it all into the fan enclosure which can't be good for air flow. :P
I went for three Akasa AK-161BL-S which are a 40x40x20mm fan, narrower than the originals. They're are specced at 6.27CFM so quite a lot less than the originals.
The results are - great! ;D
They are so much quieter. I would say about the same level as the Shuttle XPC I'm typing this on, I would happily use a desktop PC this loud. They also seem to keep thigs plenty cool enough. I've had the firebox runing for the last few hours and:
[1.2.3-RELEASE] [root@pfSense.local]/root(15): /usr/local/bin/mbmon -I Temp.= 38.0, 13.5, 37.5; Rot.= 5578, 5357, 5232 Vcore = 1.15, 2.19; Volt. = 3.38, 5.05, 12.10, -11.96, -0.62
I also have a thermocouple on the CPU heatsink which is stable at 30°C. This is in a 21° ambient with the case closed.
I have a feeling that both the temperatures measured by mbmon are chipset rather than cpu. Anyway to find out?
Here's a quick pic. I'm a sucker for a blue LED! ::)
looking nice, I would most likely use red LED instead to match the case and my other computer fans (I like to have some kind of color coordination and contrast lol) nice job!
Thanks Jamie. 8)
Oooo red, now there's an idea! It's a tough call though. Plenty of red led fans, plenty of 40mm fans, plenty of quiet fans but all three in one fan? I've not found one. To be honest you won't see it anyway once it's installed. :D
i know, but the glow in the dark room…thats worth it :)
I agree with the red LED, who ever heard of a blue firewall? that's preposterous! J/K
My preference? I want the fires of hades illuminating the wall behind my security devices.
how much did the fans and the firewall set you back?
The Firebox was £40 from Ebay. It was sold as faulty though because the root partition on the Watchguard CF card was corrupt. Bit of a risk but it paid off.
The P4-M processor I'm currently running was £2.
The fans were £3.50 each.
I'm not sure how much I paid for the wireless mini-pci card a while back but it was around £5.
2 weeks fun and tinkering, priceless! ;D
so really I should look for ones that have "software issues" then? for the best bang for my buck?
Yes, that would be best. Although since they are all now end of life they shouldn't be sold as anything more than hardware only.
Like I said it was a bit risky. People on Ebay often say things like; "this laptop is mint condition, it just has a small software issue. I'm sure anyone familiar with it could fix it in seconds. A bargin". And then when you get it you find it needs a new motherboard! >:( I thought it was worth a £40 gamble.
hmmmm…but for people like us who are building and rebuilding our own firewalls thats not that huge of an issue...well to me it would be more annoyance I think...
Have you been able to use the USB port for anything fun/useful? I was thinking something like a thumb drive with an BSDNANO (since I'm running with HDD) but I think the Mobo has to support it first.
I also used my mni PCI slot for a crypto chip from an X700 I bricked, so a USB WLAN would be interesting.. maybe even try to get my 3G Mifi (verizon) connected to it for a secondary WAN connection.
I tested it with a Belkin ethernet adapter I had to hand, I was recognised and came up as an interface no problem. Interestingly it was shown in dmesg as being connected to a USB 1 controller so the port on the front may be limited to 11Mbps. Or it maybe just a usb1 device, needs futher testing. There are certainly a number of usb conrollers in the firebox. Just next to the usb port on the board is what looks like another usb header with pins, could be interesting for internal usb.
There are options for USB booting in the bios (fdd,hdd,zip,ls120,cdrom). Maybe I'll pull out my usb zip drive! :D
By default it's set to try other boot devices so you could be in luck although it will try floppy, hdd0 and ls120 first.
Do you actually use the crypto card? The one that's built in is way more powerful but there's no drivers. :'(
I haven't set up any encryption services on the box yet (it's still in staging process until I get a kid's room painted and the storage room cleaned out). I do have some hopes that the X700 crytpo card will work however. It shows up in the Dmesg and I have run some tests with openssl as was described in one of the stickied forums here.. so as long as IPsec or whatever uses the correct engine it should use the crypto card without a problem.
Zip drive huh? ugh.. i used to work in the plant that made those disks.. ::Grin:: well good luck with that.. hope you haven't developed the "click of death" in storage.
The idea of going back something that big that only hold 100MB seems ridiculous, yet I remember when I first got a zip drive it was the answer to all my storage problems. :P
The Saftenet 1141 from the X-core is working just fine and is supported by the safe(4) driver unlike the 1841 in the X-peak. But check out the difference in performance:
• 268 Mbps sustained ESP (AES,
SHA-1, 1500 byte packets)
• 160 Mbps sustained ESP (3-DES,
SHA-1, 1500 byte packets)
• Sustained ESP: SPI-3 (data) + EMI (SA)
2.0 Gbps (1500-byte packets)
1.9 Gbps (350-byte packets)
1.2 Gbps (64-byte packets)
• Sustained ESP: PCI-X (data) + EMI (SA)
1.3 Gbps (1500-byte packets)
900 Mbps (350-byte packets)
510 Mbps (64-byte packets)
Need to get onto the safe(4) maintainer with some bribes!
Of course the 1141 fits my setup just right, no GigE on my network, but if this driver ever gets updated, I'll all over it!
My poor knowledge of USB is being shown up badly! :-[
I can't make it boot from a usb flash. The same stick boots in my shuttle fine, similar bios different chipset though. But I did have to set the bios manually to USB-HDD.
Important to note that the USB connector is recessed in the facia and a lot of things won't go into it properly. I had use a USB extension cable for everything that didn't have a cable connection.
Looking at dmesg it would seems that the board has 3 usb controllers, 6 ports in total. uhub0 and uhub1 are USB1 and uhub2 is USB2. I'm pretty vague on this. However here is some output generated by plugging and unplugging stuff from front USB port.
[root@pfSense.local]/root(2): unknown: at uhub2 port 1 (addr 2) disconnected aue0: <admtek 0="" 2="" usb="" to="" lan="" converter,="" class="" 0,="" rev="" 1.10="" 1.01,="" addr="">on uhub0 miibus7: <mii bus="">on aue0 acphy0: <acxxx 10="" 100="" media="" interface="">PHY 1 on miibus7 acphy0: 100baseFX, 100baseFX-FDX, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto aue0: Ethernet address: 00:05:1b:00:52:fc [1.2.3-RELEASE] [root@pfSense.local]/root(2): aue0: at uhub0 port 1 (addr 2) disconnected aue0: detached acphy0: detached miibus7: detached
The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.
More reading needed! ;)
The Belkin LAN adapter which is detected fine but is only a usb1 device is connected to uhub0 port1 where as the unknown device, which is actually a 54Mb wifi adapter and usb2, is conneted to uhub2 port1. Both of these were plugged into the same physical port.
USB controllers capable of USB 2 speeds (480Mbps) automatically switch devices to different hubs depending on the speed capability of the device (480Mbps or 12Mbps).
Ah. Thanks! :)
I knew it would be something like that but I couldn't find it.
Conclusion: the usb port on the front of the firebox is capable of USB2 speeds.
Yeh, I have bios access! ;D
I have concluded that the console redirect portion of the bios code in my firebox was so buggy it's unuseable. Certainly Watchguard never intended it to be used or they would have enabled it by default. Of course it could still be a number of bad cables. Anyway I was investigating the posssibility of adding usb port with an internal header. What I originally thought was USB turns out to be a PS2 header, under the ribbon cable to the LCD board. I have labled it in the photo on the first page of this thread, CN24. It is a standard pinout (I pulled a cable out of an ancient PC and was already wired correctly) as detailed in the other threads on the forum:
! o o !
! o o o o !
8 6 4 2
pins 3 and 5 doesn't exist!
here is the wiring between firebox and PS/2:
1 : CLK ----- 5
2 : GND
4 : DATA-----1
6 : nc
7 : GND------3
8 : +5VDC---4
Anyway I didn't think this would work but it seems that if you can get into the bios via the console you can still use a keyboard attached to the PS2 port. I would have thought it would only accept input from the serial console. So now I can view the bios via the serial console whilst operating the attached keyboard, great. ;D
Some interesting things reveal themselves:
The values in the PC Health Status screen exactly match those shown by mbmon.
The system is set to boot hdd-0 then hdd-1 and nothing else.
It's not possible to enable ACPI as the entire power management section of the bios is disabled.
There is no possiblity to alter the CPU voltage or frequency.
I did try setting the bios to boot from USB-HDD but still couldn't boot it from my USB flash drive.
Anyone else with an X-peak care to post which bios version they have? Anyone got anything newer than 10/21/2004?
I have modified the bios again to enable the power management setup menu. By default everything is disabled, HDD spindown, suspend mode etc.
I enabled ACPI. Now it won't boot. ::) It seems to stall at 'Starting device manger (devd)….'. It doesn't hang as the system still returns information with Ctrl-T. This seems like the exact behaviour described for the Alix single port boards described here. Unfortunately although the thread is marked solved the solution is to disable ACPI! >:(
Same behaviour with pf2 beta.
It seems as though it is possible to adjust the cpu frequecy (presumably FSB) from 100 to 132 but it seems to have no effect on the processor speed.
Still haven't manged to make it boot from USB. It looks as though it doesn't power up the ports untill after it has POSTed.
Investigating the internal USB ports, or lack thereof, there is what looks to be an unpopulated 9 pin usb header just behind the front usb port. Also there is a 5 pin header just next to that that seems to have data tracks coming from the same place. Unfortunately the data lines for all four ports pass through a row of components marked CK1 to CK4 or which only CK4 is present connecting up the front port. Not sure what they are, isolators perhaps? There are other headers to ivestigate
I'm no further with the usb headers (or any others) besides noting that J3 is almost certainly clear cmos.
I've been wanting to stress test my firebox since I have dramatically reduced the cooling and the CPU power.
After some looking I stumbled across cpuburn. It's a bit old so it's not optimised for anything modern, even the relatively old processors I'm using. It seems to do the job though and it's easy to use.
/etc/rc.conf_mount_rw pkg_add -r cpuburn /etc/rc.conf_mount_ro /usr/local/bin/burnP6 &
This will install the package and run it i the background. I'm using the P6 burn but there are others for other CPUs.
Check that it's running with top:
74 processes: 2 running, 72 sleeping CPU: 100% user, 0.0% nice, 0.0% system, 0.0% interrupt, 0.0% idle Mem: 20M Active, 11M Inact, 35M Wired, 128K Cache, 29M Buf, 420M Free Swap: PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 49772 root 1 118 0 132K 28K RUN 37:19 98.97% burnP6 48816 root 1 76 20 3656K 1360K wait 0:01 0.00% sh 23590 root 1 44 0 3316K 1240K select 0:01 0.00% apinger 28658 root 1 44 0 7996K 3568K select 0:01 0.00% sshd
Keep an eye on the system temperatures:
[root@pfSense.localdomain]/root(13): /usr/local/bin/mbmon -I Temp.= 39.0, 27.5, 40.0; Rot.= 5672, 5443, 5232 Vcore = 1.15, 2.21; Volt. = 3.38, 5.03, 12.10, -12.04, -0.67
As I've said before I don't think the actual cpu core temp is listed here. I'm pretty sure that T1 and T2 are both system/chipset sensors as they get hotter if you remove the case (reducing the airflow across the board). T2, although obviously miscalibrated, could be cpu as it rises when you run cpuburn and it tracks the heatsink temp. I have a thermocouple on the cpu heatsink and it seems to have leveled off at 40°C. I'm quite happy with that especially because under 'normal' conditions the cpu usage barely registers! :D
Update: I ran it today for 6 hours with the cpu pegged at 100%, the heatsink got up to 41°C at one point but the room temperature fluctuated a little. Also the power meter shows the firebox draws 37W at idle and 51W at 100% cpu.
Edit: Anyone reading this: These are instructons are old and overly complex. See this post for a simpler updated solution.
Mostly for my own benefit because I completely hosed my install messing about with ACPI and have to reflash my CF card. ::)
Here's some concise instructions for installing the firebox lcd software.
Download the file with the driver, lcdd3.tar, from here (can't attach it to this post >:()
Copy it to the firebox to /var/tmp. This is a folder that only exists in memory and gets wiped at boot. I used WinSCP.
Connect to the box (with putty via ssh or serial or whatever). Then:
[root@pfSense.local]/root(2): cd /var/tmp [root@pfSense.local]/var/tmp(5): tar -xvf lcdd3.tar x ./install-embed.lcdd.sh x ./lcdd/ x ./lcdd/drivers/ x ./lcdd/LCDd.conf x ./lcdd/lcdd.sh x ./lcdd/lcdproc x ./lcdd/LCDd x ./lcdd/drivers/curses.so x ./lcdd/drivers/sdeclcd.so x ./lcdd2.tar [root@pfSense.local]/var/tmp(7): ./install-embed.lcdd.sh [root@pfSense.local]/var/tmp(8): cd /lib [root@pfSense.local]/lib(10): /etc/rc.conf_mount_rw [root@pfSense.local]/lib(11): ln -s libc.so.7 libc.so.6 [root@pfSense.local]/lib(12): ln -s libkvm.so.4 libkvm.so.3 [root@pfSense.local]/lib(13): /etc/rc.conf_mount_ro [root@pfSense.local]/lib(14): /usr/local/etc/rc.d/lcdd.sh
And it should all be working! ;)
I have removed a few steps from the other instructions on the forum. I have included the newest driver in the tarball. I found I didn't need to alter the permisions of the install script.
I tested this on a fresh install of the embedded 1.2.3-release.
It will not work on 2.0 beta, I tried! :P
Edit: It does work in 2.0 you have to sym link both libkvm.so.3 and libkvm.so.4 to libkvm.so.5
I've got one, so I have seen one and have one. It works nicely for me, I boot from a harddrive in it.