Watchguard XTM 5 Series
-
Right, after Ermal's helpful nudge in the right direction (and mostly because it was just a cut and paste job from lcdproc!) here is a WGXepc compiled for 64bit. Works fine on my XTM5. I still have to compile it for 32bit to make sure it's good there too.
https://sites.google.com/site/pfsensefirebox/home/WGXepc64
When I tried to fetch it directly to my XTM5 box I got a certificate error, which was slightly alarming, so you may have to sftp it across. Don't forget to set the permissions.Give it a try anyone running amd64.
Steve
Hi Steve,
I have finally got around to install X64 on my xtm 510 and try your WGXepc64 on it. It works perfectly fine, thanks.
Cheers
Marian -
Good to hear, thanks for thee feedback! :)
Steve
-
Well, I finally got around to doing a permanent mount for my serial port. I got this header to DB9 connector out of a HP dc5100 PC that we were sending to the recycling company at work: .
I think I did a pretty good job with the Dremel when cutting out this hole for it:
I decided to use a drill then to put the holes for the nuts instead of cutting out a slot for them. I'm not entirely certain if this is working or not yet though as I had to smack it around with a hammer to get a nice mark of where to cut. I have several of these serial ports, so if I did end up breaking this one (I'll have to test later tonight or this weekend) I have a spare that should work just fine.
So I now have an alternate console port for when needed for FreeDOS or anything else that doesn't want to work over the RJ45 console port. Only thing left is to get myself a cheap serial GPS unit for NTP for the rest of the time that I'm not using it as a console.
-
Nice work. :)
Steve
-
Nice work. :)
Steve
Thanks! And I just verified that I didn't bust it when tapping it with the hammer to mark where to cut the hole. Loaded FreeDOS up and it worked perfectly. Now to re-install all over again. Luckily I was changing the config around completely from how it was, so I needed a re-install anyway. I really should install to a hard drive soon, but just haven't found a mount yet that I know will work. Any recommendations on a 2x2.5" mount bracket that will work in a XTM5? Preferably without modification, but I doubt that's possible.
Also, as mentioned on the XTM8 thread, I'm debating adding a VGA port but am not sure which header the cable would connect to. I might have a cable already. I know I had some video cards with the VGA port on a cable, but am not sure if I still have them. If I can dig one out and it will reach, I think I'll plug it in, just need to figure out which header it goes to.
Wish Lanner still had that forum with the files for the boards available so I could figure out what all these headers are for easier.
-
No idea on a bracket I'm afraid. Let me know if you find something. Just a single drive bracket would be great.
Steve
-
Although not directly related to this thread, I'm wondering if the XTM 330 has the same hardware and would therefore work with Pfsense? I may have access to a used device and would like to give pfsense a try for the first time. If not, I'll just buy a X550e/X750e/X1250e as I see there is good documentation on those.
I thought this related to the XTM 5 series, but maybe it's not.
-
I've not had a chance to look inside an XTM330, yet. Unfortunately Watchguard has stopped publishing (at least publicly) their de-manufacturing guides however there are some important clues in the hardware guide. There we learn it has a 1GHz dual core CPU. Since it's obviously almost identical to the XTM5 and 8 we can assume it is also a customised Lanner device.
I can only speculate here but I think it's unlikely it's a X86 CPU. It would have to be something like an embedded Atom and I can't see any dual core Atoms that run at 1GHz so it would have to be underclocked also. Combine that with the fact that Watchguard have experience Freescale PowerPC CPUs which they run in their XTM33 and XTM 25/26 models and I think it's much more likely one of those.
Edit: Could be some embedded Celeron? :-\Though the performance figures are significantly higher than the XTM33.
pfSense doesn't (currently) run on anything but X86 so you'd be out of luck.However I could be wrong so if you have access to one look at the bootloader console output and see. :)
Edit: A further clue pretty much confirms it's not X86. Watchguard released a firmware(bootloader) update for the 330 and it's U-boot.
Steve
-
I've not had a chance to look inside an XTM330, yet. Unfortunately Watchguard has stopped publishing (at least publicly) their de-manufacturing guides however there are some important clues in the hardware guide. There we learn it has a 1GHz dual core CPU. Since it's obviously almost identical to the XTM5 and 8 we can assume it is also a customised Lanner device.
I can only speculate here but I think it's unlikely it's a X86 CPU. It would have to be something like an embedded Atom and I can't see any dual core Atoms that run at 1GHz so it would have to be underclocked also. Combine that with the fact that Watchguard have experience Freescale PowerPC CPUs which they run in their XTM33 and XTM 25/26 models and I think it's much more likely one of those.
Edit: Could be some embedded Celeron? :-\Though the performance figures are significantly higher than the XTM33.
pfSense doesn't (currently) run on anything but X86 so you'd be out of luck.However I could be wrong so if you have access to one look at the bootloader console output and see. :)
Edit: A further clue pretty much confirms it's not X86. Watchguard released a firmware(bootloader) update for the 330 and it's U-boot.
Steve
Steve, thanks for the quick response. I've been scouring my sources trying to confirm that, but appreciate you providing the clarity and details I needed to make a decision. With that said I'm now watching for the xtm 5 series boxes on ebay…wish me luck!
Hope to be contributing to this thread shortly.
Thanks again,
Scott -
Good luck! :D
Still be interesting to get more info on the 330 though. The XTM5 is a lot more powerful than the X-e boxes, you may not need that.
Steve
-
Good luck! :D
Still be interesting to get more info on the 330 though. The XTM5 is a lot more powerful than the X-e boxes, you may not need that.
Steve
Welp, I decided to roll the dice as I don't need the throughput of the 5 series firewalls, and won http://www.ebay.com/itm/Watchguard-XTM330-Firewall-VPN-Rack-Mount-7-WAN-Ports-/271556386710?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2047675.l2557&nma=true&si=KoSHr6AcHnM0%252F%252BEdBMaH37FWiFk%253D&orig_cvip=true&rt=nc on eBay.
I likely overpaid a bit, but here's to digging into it and seeing what makes it tick! At the very worst, I'll resell it and take a slight hit while stalking eBay for 5 series devices.
Thanks again for your help/insight,
Scott -
So I've just got my shiny used XTM 505 up and running with pfSense (all working fine :) ) and wanted to upgrade the BIOS with the custom version. I'm stuck trying to run the flashrom cmd earlier in the thread. Flashrom tool isn't installed by default so I followed the instructions on the X550e thread to download and install it, it seems to install ok (if I try to run the get-pkg command again it says it already exists) however if I try to run the flashrom command I just get cmd not found error - am I being thick?
Also, did anyone ever establish whether it was possible to boot directly from a SSD card (was thinking of dropping a cheap 60gb card in)
Was also going to upgrade the RAM to 4GB to better cope with large pfBlocker lists.
Cheers
Mark
EDIT: Scratch that, just stumbled across the 'rehash' command which once run means the command is now recognised :-)
-
Bit of an update on progress:
- Installed 60GB Sandisk SSD, connected it with a SATA cable to one of the free ports and the spare SATA power connector. Have just laid it in the chassis in front of the PSU where it seems to fit quite snuggly, might use some double sided tape to secure it.
- Downloaded the latest amd64 / memstick / console version of pfSense 2.1.4 and stuck it on a 2gb USB stick
- Messed with a couple of settings in the 1.8 unlocked BIOS from this thread to untick the 'always boot from CF card' option, I also changed the console baud to 9600 so you don't end up having to keep swapping.
- Installed first time straight onto SSD - now running like a charm :-) (Without the CF card installed)
- Installed LCDproc-dev and got the LCD up and running
- Installed WGXepc64 which has let me set the 'arm' LED to green :-)
Still waiting for 2 x 2GB RAM to turn up then it will be pretty much done. I was toying with the idea of putting Squid on to cache things like Windows / Mac updates etc but not sure if there will be much benefit on a 60/20 BT Infinity line - will it possibly slow general web browsing down?
Questions:
- Is it easy to call WGXepc64 to automatically run at boot time?
- I'm not sure LCDproc-dev is working quite right - the first couple of time I rebooted it started displaying standard info ok but now it sticks at Welcome to LCDproc screen - where it gives you the options?
-
Use the Shellcmd package to run WGXepc at boot.
The lcdproc dev package has some issues. ;) See this post for what I do to avoid them:
https://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513Steve
-
Hi,
I've just picked up an XTM505 for just over £100 which I thought was a steal so now I am in the process of using Pfsense to replace all of the various bits I have on my home network.
I've done a lot of reading over the past few days and a lot of tinkering in the last couple. Thanks to everyone contributing time and effort and sharing on this thread!A couple of things:
Running 2.1.4-Release Nano package via 8GB CF. Original BIOS (Not flashed)
The fans in this box are really noisy. I have WGXepc running on boot through the Shellcmd package as recomended and whilst I there is a reduction in fan speed the level of noise was still high so I did some investigation at the command-line and with the chassis open:
There are 4 fan headers on the board: Con1, Con2, COn3, Con5 (Con 4 has solder pads but is not populated)
Tha chassis fan is connected to Con5
The CPU fans are connected to Con 1 + 2
Con 3 is freeIt seems that WGXepc -f nn has an effect only on the Con5 header. On testing Con 1-3 remain at a constant speed and only Con5 changes when WGXepc is run. Incidentally, when WGXepc is run it correctly identified my system as a Firebox XTM5.
I was wondering if this is by design (either HW or SW) or if it is because I am running an un-modified BIOS, or if it is perhaps something that needs further investigation?
I also have the same issue in flasing the BIOS using the 'standard' method within PFsense as John McDonnell was having so if it is down to an un-modded BIOS I am going to have to do a bit more reading and tinkering :)
Hoping to upgrade to a core2-duo, increase the memory and move to a HDD boot over the coming weeks (work and family permitting) so will hopefully be able to add some value to this thread myself.
Cheers
James
-
It's not by design. I didn't actually make any measurements but assumed that since the PSU fan is not controlable that it was now making thee majority of the noise. It could be that my expectations are out, compared to the earlier firebox models the XTM5 is quiet even in it's default settings. ;)
The modifiedd bios does not affect the fan control at all. The fan(s) are controlled via the superIO chip which has the required thermal control features. It's been a while but I believe it has at least 3 independent fan control outputs so it's entirely possible that they need to set to control fans on con 1 and 2. I was pretty sure I tried them all though. :-\ Hmm, I'll have to check my notes when I get home.Steve
-
I did a bit more investigation and there are 3x CPU fans reported in the BIOS (2 connected, 1 absent) which I presume are Con 1,2,3) and the chassis fan (Con 5) and they have 2 minimum spin speeds set (one for the CPU group and one for the chassis fan) . All fans spin up to maximum on power on and then all fans slow to a less turbine-like speed once the system has POSTed. Therafter the chassis fan slows further when Pfsense boots (Due to the WGXepc). So I am presuming the CPU minimum speed setpoint adjusted.
It may also be that one of the 3 fans in my box is a lot noiser so might be in need of a bit of a clean (or replacement)Cheers
James
-
There is so much great information in this thread!
I just picked up an XTM 530 on Ebay and wanted your suggestions for a CF card. My experience with my 1250e was super slow with the Kingston 4GB card I used. I added a 40GB IDE HDD and the speeds were SO much better. The CF card took about 15 minutes to install LCDproc, whereas the hard drive took only seconds. Do you think I will have better results with this one: http://www.amazon.com/SanDisk-Ultra-CompactFlash-Memory-SDCFHS-004G-G46/dp/B00FQOWIWS/ref=sr_1_6?ie=UTF8&qid=1409592954&sr=8-6&keywords=4GB+compact+flash#cm_cr_dpwidget
-
15 minutes sounds a bit excessive whatever you're installing to. :o
Short answer; no that card probably won't be any quicker.
The restriction in using a CF card with Nano is that DMA is disabled so the card is operating at a slow transfer mode. This is done because on many embedded boxes the CF slot doesn't have the connections to support DMA yet the card still reports it's DMA capable leading to a string of errors and failure to boot. The X1250e definitely doesn't support DMA (though one user successfully soldered on the two required connections) but I'm not sure about the XTM5. You don't have any of the same booting issues that the X-Core-e boxes do and it supports SATA so if you are concerned about disk speed I would just use a SATA HD or even an SSD.Steve
-
My experience with my 1250e was super slow with the Kingston 4GB card I used.
arubial1229,
What is the Kingston CF card model? Was it the "standard" model http://www.kingston.com/en/flash/cf_cards#cf?
Also for nanobsd, the filesystem is mounted with sync option, this seriously slow down the disk I/O.
Without sync option, you might double the I/O speed (still much slower than HDD/SSD), but sacrifice reliability - loss of power can easily corrupt the filesystem.