Watchguard XTM 5 Series
-
Good luck! :D
Still be interesting to get more info on the 330 though. The XTM5 is a lot more powerful than the X-e boxes, you may not need that.
Steve
Welp, I decided to roll the dice as I don't need the throughput of the 5 series firewalls, and won http://www.ebay.com/itm/Watchguard-XTM330-Firewall-VPN-Rack-Mount-7-WAN-Ports-/271556386710?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2047675.l2557&nma=true&si=KoSHr6AcHnM0%252F%252BEdBMaH37FWiFk%253D&orig_cvip=true&rt=nc on eBay.
I likely overpaid a bit, but here's to digging into it and seeing what makes it tick! At the very worst, I'll resell it and take a slight hit while stalking eBay for 5 series devices.
Thanks again for your help/insight,
Scott -
So I've just got my shiny used XTM 505 up and running with pfSense (all working fine :) ) and wanted to upgrade the BIOS with the custom version. I'm stuck trying to run the flashrom cmd earlier in the thread. Flashrom tool isn't installed by default so I followed the instructions on the X550e thread to download and install it, it seems to install ok (if I try to run the get-pkg command again it says it already exists) however if I try to run the flashrom command I just get cmd not found error - am I being thick?
Also, did anyone ever establish whether it was possible to boot directly from a SSD card (was thinking of dropping a cheap 60gb card in)
Was also going to upgrade the RAM to 4GB to better cope with large pfBlocker lists.
Cheers
Mark
EDIT: Scratch that, just stumbled across the 'rehash' command which once run means the command is now recognised :-)
-
Bit of an update on progress:
- Installed 60GB Sandisk SSD, connected it with a SATA cable to one of the free ports and the spare SATA power connector. Have just laid it in the chassis in front of the PSU where it seems to fit quite snuggly, might use some double sided tape to secure it.
- Downloaded the latest amd64 / memstick / console version of pfSense 2.1.4 and stuck it on a 2gb USB stick
- Messed with a couple of settings in the 1.8 unlocked BIOS from this thread to untick the 'always boot from CF card' option, I also changed the console baud to 9600 so you don't end up having to keep swapping.
- Installed first time straight onto SSD - now running like a charm :-) (Without the CF card installed)
- Installed LCDproc-dev and got the LCD up and running
- Installed WGXepc64 which has let me set the 'arm' LED to green :-)
Still waiting for 2 x 2GB RAM to turn up then it will be pretty much done. I was toying with the idea of putting Squid on to cache things like Windows / Mac updates etc but not sure if there will be much benefit on a 60/20 BT Infinity line - will it possibly slow general web browsing down?
Questions:
- Is it easy to call WGXepc64 to automatically run at boot time?
- I'm not sure LCDproc-dev is working quite right - the first couple of time I rebooted it started displaying standard info ok but now it sticks at Welcome to LCDproc screen - where it gives you the options?
-
Use the Shellcmd package to run WGXepc at boot.
The lcdproc dev package has some issues. ;) See this post for what I do to avoid them:
https://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513Steve
-
Hi,
I've just picked up an XTM505 for just over £100 which I thought was a steal so now I am in the process of using Pfsense to replace all of the various bits I have on my home network.
I've done a lot of reading over the past few days and a lot of tinkering in the last couple. Thanks to everyone contributing time and effort and sharing on this thread!A couple of things:
Running 2.1.4-Release Nano package via 8GB CF. Original BIOS (Not flashed)
The fans in this box are really noisy. I have WGXepc running on boot through the Shellcmd package as recomended and whilst I there is a reduction in fan speed the level of noise was still high so I did some investigation at the command-line and with the chassis open:
There are 4 fan headers on the board: Con1, Con2, COn3, Con5 (Con 4 has solder pads but is not populated)
Tha chassis fan is connected to Con5
The CPU fans are connected to Con 1 + 2
Con 3 is freeIt seems that WGXepc -f nn has an effect only on the Con5 header. On testing Con 1-3 remain at a constant speed and only Con5 changes when WGXepc is run. Incidentally, when WGXepc is run it correctly identified my system as a Firebox XTM5.
I was wondering if this is by design (either HW or SW) or if it is because I am running an un-modified BIOS, or if it is perhaps something that needs further investigation?
I also have the same issue in flasing the BIOS using the 'standard' method within PFsense as John McDonnell was having so if it is down to an un-modded BIOS I am going to have to do a bit more reading and tinkering :)
Hoping to upgrade to a core2-duo, increase the memory and move to a HDD boot over the coming weeks (work and family permitting) so will hopefully be able to add some value to this thread myself.
Cheers
James
-
It's not by design. I didn't actually make any measurements but assumed that since the PSU fan is not controlable that it was now making thee majority of the noise. It could be that my expectations are out, compared to the earlier firebox models the XTM5 is quiet even in it's default settings. ;)
The modifiedd bios does not affect the fan control at all. The fan(s) are controlled via the superIO chip which has the required thermal control features. It's been a while but I believe it has at least 3 independent fan control outputs so it's entirely possible that they need to set to control fans on con 1 and 2. I was pretty sure I tried them all though. :-\ Hmm, I'll have to check my notes when I get home.Steve
-
I did a bit more investigation and there are 3x CPU fans reported in the BIOS (2 connected, 1 absent) which I presume are Con 1,2,3) and the chassis fan (Con 5) and they have 2 minimum spin speeds set (one for the CPU group and one for the chassis fan) . All fans spin up to maximum on power on and then all fans slow to a less turbine-like speed once the system has POSTed. Therafter the chassis fan slows further when Pfsense boots (Due to the WGXepc). So I am presuming the CPU minimum speed setpoint adjusted.
It may also be that one of the 3 fans in my box is a lot noiser so might be in need of a bit of a clean (or replacement)Cheers
James
-
There is so much great information in this thread!
I just picked up an XTM 530 on Ebay and wanted your suggestions for a CF card. My experience with my 1250e was super slow with the Kingston 4GB card I used. I added a 40GB IDE HDD and the speeds were SO much better. The CF card took about 15 minutes to install LCDproc, whereas the hard drive took only seconds. Do you think I will have better results with this one: http://www.amazon.com/SanDisk-Ultra-CompactFlash-Memory-SDCFHS-004G-G46/dp/B00FQOWIWS/ref=sr_1_6?ie=UTF8&qid=1409592954&sr=8-6&keywords=4GB+compact+flash#cm_cr_dpwidget
-
15 minutes sounds a bit excessive whatever you're installing to. :o
Short answer; no that card probably won't be any quicker.
The restriction in using a CF card with Nano is that DMA is disabled so the card is operating at a slow transfer mode. This is done because on many embedded boxes the CF slot doesn't have the connections to support DMA yet the card still reports it's DMA capable leading to a string of errors and failure to boot. The X1250e definitely doesn't support DMA (though one user successfully soldered on the two required connections) but I'm not sure about the XTM5. You don't have any of the same booting issues that the X-Core-e boxes do and it supports SATA so if you are concerned about disk speed I would just use a SATA HD or even an SSD.Steve
-
My experience with my 1250e was super slow with the Kingston 4GB card I used.
arubial1229,
What is the Kingston CF card model? Was it the "standard" model http://www.kingston.com/en/flash/cf_cards#cf?
Also for nanobsd, the filesystem is mounted with sync option, this seriously slow down the disk I/O.
Without sync option, you might double the I/O speed (still much slower than HDD/SSD), but sacrifice reliability - loss of power can easily corrupt the filesystem.
-
My experience with my 1250e was super slow with the Kingston 4GB card I used.
arubial1229,
What is the Kingston CF card model? Was it the "standard" model http://www.kingston.com/en/flash/cf_cards#cf?
Also for nanobsd, the filesystem is mounted with sync option, this seriously slow down the disk I/O.
Without sync option, you might double the I/O speed (still much slower than HDD/SSD), but sacrifice reliability - loss of power can easily corrupt the filesystem.
Yes, I was using the Standard 4GB model. No worries though, I will be using an SSD in the XTM5. Thanks!
-
Has anyone got one of these to work with 2.2 and the LCDproc packages?
-
Hmm, I thought I did but I just checked and don't. Just tried to install but it failed. I'm running an older snapshot though, I'll update and retry….
Steve
-
Ok so there's definitely something not right here but the underlying driver seems to work fine. I have it running on yesterdays snapshot, 64bit.
As with previous pfSense and lcproc versions the package really has a hard time at start up. In fact it seems even worse than under 2.1.X, I failed to make it start at all using the package gui and the php client. I was able to start it manually using shellcmd entries but there is a difference. As with 2.1.X you have to install the package and then enable the server and client in the package gui setup. This generates the LCDd.conf file you need. However unlike in 2.1.X diabling lcdproc and setting the port to 'none' fails to remove the rc script so it still tries to start (and fails!) at boot. You could either re-install the lcdproc-dev package which will remove the file or probably remove it manually. Or just use the attached file I made earlier without enabling lcdproc via the gui at all. ;)Seems like a bug somewhere, even buggier than before.
Steve
-
Some time ago, like 2.5 years now :o, I spent some time trying to enable SpeedStep on the XTM5. After many, many hours of reading forums, blogs and datasheets I managed to produce a DSDT table that was loadable at boot to override that passed via ACPI and seemed to actually enable a functioning set of P-States. Shortly after that the machine I was using to compile the tables crashed and burned and most of my work was lost. No backup. Since then I have occasionally been inspired to retry but have failed until a few days ago. So find attached the source (.dsl) and compiled table (.aml) before I loose it again. ;) The .png extensions are there only to allow the attachments on the forum, remove them.
To override the table passed by the bios you have to load the .aml file into /boot and then add to /boot/loader.conf.local:
acpi_dsdt_load="YES" acpi_dsdt_name="/boot/dsdt5.aml"
It would be nice to have the file in /conf since it would then survive a firmware update but I'm not sure you can do that yet. Edit: Nope.
The table is specific to the E4500 Core2Duo I'm running but will probably work to some extent with any dual core CPU. It simply adds the required methods to export the P-state values via ACPI so the est(4) driver can find them. I have added 6 P-states with frequencies from 2.2GHz to 1.2GHz. It's worth noting that both the frequency displayed and the power value are simply taken from the table and not calculated so while the frequncy is probably correct the power is not.
[2.2-BETA][root@xtm5.localdomain]/root: sysctl dev.cpu.0 dev.cpu.0.%desc: ACPI CPU dev.cpu.0.%driver: cpu dev.cpu.0.%location: handle=\_PR_.CPU0 dev.cpu.0.%pnpinfo: _HID=none _UID=0 dev.cpu.0.%parent: acpi0 dev.cpu.0.freq: 2200 dev.cpu.0.freq_levels: 2200/65000 2000/60000 1800/55000 1600/45000 1400/35000 1200/25000 dev.cpu.0.cx_supported: C1/1/1 dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_usage: 100.00% last 333us dev.cpu.0.coretemp.delta: 58 dev.cpu.0.coretemp.resolution: 1 dev.cpu.0.coretemp.tjmax: 85.0C dev.cpu.0.coretemp.throttle_log: 0 dev.cpu.0.temperature: 27.0C
As before I found that the power consumption of the box is barely affected by the selected P-state at idle. This seems to be down to the fact that the minimum voltage the CPU will allow is not very low, VID 1D. That's only (0xB*12.5) 0.14V below the standard voltage. Attempting to set a lower voltage just results in the minimum value. Additionally there is no way to set SLFM (super low frequency mode) where lower voltages are allowable. I tried several new methods to do so. I'm not actually sure if SLFM is available on desktop C2Ds anyway. However I am now convinced that Speedstep is in fact working because you can see the performance difference at different P-states:
[2.2-BETA][root@xtm5.localdomain]/root: sysctl dev.cpu.0.freq dev.cpu.0.freq: 2200 [2.2-BETA][root@xtm5.localdomain]/root: openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 15882837 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 4528031 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 1176727 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 297511 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 37351 aes-128-cbc's in 3.00s OpenSSL 1.0.1i-freebsd 6 Aug 2014 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: cc The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 84708.46k 96597.99k 100414.04k 101550.42k 101993.13k [2.2-BETA][root@xtm5.localdomain]/root: sysctl dev.cpu.0.freq=1200 dev.cpu.0.freq: 2200 -> 1200 [2.2-BETA][root@xtm5.localdomain]/root: openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 8649110 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 64 size blocks: 2468860 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 641165 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 1024 size blocks: 162376 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 8192 size blocks: 20327 aes-128-cbc's in 2.99s OpenSSL 1.0.1i-freebsd 6 Aug 2014 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: cc The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 46249.03k 52669.01k 54855.60k 55280.38k 55651.19k
The observed difference seems to be in the ratio expected also.
The way to reduce power consumption here then would seem to be to choose a CPU that allows a lower voltage to be set. I have no idea how to find that though. Anyone running anything interesting? It may also help to enable all the available C-states. Last time it looks like I did enable C2 but if I recall it resulted in catastrophic lagging. C1E may offer more potential though.
Steve
-
Anyone running anything interesting?
I just went to the local computer store and found an E4300 (1.8ghz) that I installed today… I don't know if that would help you test or not.
Im more interested in getting a dual core unit in this box so losing a little speed on a single core didn't bother me. With two cores though it should be faster.
I am noticing though that the single core model reported (without onboard monitoring) +- 55c for a temp and now both cores hover right at 30c. I believe the board temp was lying.
Anyone know if these units will run a PLGA775 socket proc? (E4700) The E4600 unit seems to be the last LGA775...
-
Can someone please confirm that the installation instructions in this thread also works for the WatchGuard XTM 525 model as well. I just purchased one from Ebay very cheap and would like to install pfSense. Please advise ASAP.
-
One more question. I can't find any specs on the CPU, memory, and other hardware details on the Watchguard XTM 525 model.
-
The 525 is one of the second gen XTM5 models. I've never seen one. I would expect it to be just as easy to install but no promises. ;)
Anything you can tell us about the hardware would be great.Steve
-
The E4600 unit seems to be the last LGA775…
There seem to be a lot of cpus that will work. The only reason I chose the E4500 was because it closely matched the original celeron. Same lithography size and same FSB speed. Others here have fitted various others. I think the most 'extreme' confirmed to work is a Q8200S. Bare in mind that the XTM5 has a less powerful PSU and fewer fans than the Lanner box it's based on.
Steve