Watchguard XTM 5 Series

educatedwarrior

@gharris:

Just finished installing on a XTM 505 and a XTM 515.  I  put the pfsense-memstick-serial image on the 1 GB CF cards that were in the boxes, after making a backup image of the cards for safety sake.  Plugged in a SATA SSD in each box, then booted, reading via serial connection at 115200 baud, till the BIOS finished loading. I then quickly reconnected at 9600 baud to get to the install screens.  (You could skip watching at 115200, and just wait until the 9600 baud took over.)  I did the Serial Kernel rather than the Standard Kernel, (or is it Custom?), so that I could get to the boxes after it rebooted without having to remove the SSDs and add the serial config info to the /cf/config/config.xml file.  After the successful install, I removed the CF cards and booted up without a hitch.

If you are moving configs from an older setup to a new setup, the Ethernet ports are FXP0 for the 10/100 port, and then EM0 through EM5 for the gigabit ports.  And remember to watch out for find and replace replacing parts of your certificates!  :o

I was able to make more progress with Gharris's method running 2.2.3.  115200 baud worked fine for me to view the bios and install screens.

The issue I'm having now is when I boot from the SSD after the install.  Putty seems to print out invisible text as Pfsense boots.  I installed the embedded kernal version.  This was the same issue I had previously when I installed the full install directly to the SSD using a laptop.  Any suggestion?

chpalmer

As recommended on this page-

sprechen Sie Deutsch?

http://www.triebwerk23.de/joomla/index.php/firewalls/watchguard-xtm-5-xtm-505-515-525-545-pfsense-64-bit

Advanced/Terminal Type- VT100

Ive rebooted one time after I made this change and it seemed to print out just fine for me for the first time.  Before I would have to reset the terminal after the initial boot screen.

educatedwarrior

@chpalmer:

As recommended on this page-

sprechen Sie Deutsch?

http://www.triebwerk23.de/joomla/index.php/firewalls/watchguard-xtm-5-xtm-505-515-525-545-pfsense-64-bit

Advanced/Terminal Type- VT100

Ive rebooted one time after I made this change and it seemed to print out just fine for me for the first time.  Before I would have to reset the terminal after the initial boot screen.

That did it.  Thank you!

stephenw10

Ah, that's interesting I'll have to try that. The invisible output problem has always been an issue for me but I put it down to my console setup. If you restart putty after booting has started it will print out normally.
Thanks.

Steve

chpalmer

@stephenw10:

Ah, that's interesting I'll have to try that. The invisible output problem has always been an issue for me bit I put it down to my console setup. If you restart putty after booting has started it will print out normally.
Thanks.

About time I was able to help you out with something on these boxes!    :) Its usually you giving me the ah ha moments…

educatedwarrior

@stephenw10:

Ah, that's interesting I'll have to try that. The invisible output problem has always been an issue for me bit I put it down to my console setup. If you restart putty after booting has started it will print out normally.
Thanks.

Steve

Well, I feel much better now being the noob I am.    Pfsense is up and running I love it.  I got snort…  Next to configure Dansguardian for the kids, squid and antivirus.

pglover19

Got a weird issue. I have the latest version of pfense running on a Watchguard XTM 525 from a SSD drive. I had to unplug the CF card in order to boot from the SSD drive. The BIOS is locked down (has not been flashed). I have been running this setup for months. In pfsense, WAN port is assigned to em3 and the LAN port is assigned to em4. This corresponds to Port 5 and Port 6 on the front of the XTM 525. However, every time I reboot pfsense, the WAN and LAN port in pfsense is still assigned to em3 and em4 but it now corresponds to a different Port on the front to the XTM 525. So now I have to switch the network around on the front of the XTM 525 to get to work.

Anyone else experience this issue.. Very frustrating.

stephenw10

Hmm, that's interesting in two ways.
The ports should not change between boots, they are numbered on the order they are detected but since they are on-board that should not change. It could conceivably change with a new kernel or some PCIe subsystem component but I've never seen that.
Ports 5 and 6 on the XTM5 are the last two em ports so they should be em4 and em5 not 3 and 4. Unless you have a second gen xtm5 perhaps though I thought they were the same in terms of ports.

What ports does it change to?

Steve

marian3k

@pglover19:

Got a weird issue. I have the latest version of pfense running on a Watchguard XTM 525 from a SSD drive. I had to unplug the CF card in order to boot from the SSD drive. The BIOS is locked down (has not been flashed). I have been running this setup for months. In pfsense, WAN port is assigned to em3 and the LAN port is assigned to em4. This corresponds to Port 5 and Port 6 on the front of the XTM 525. However, every time I reboot pfsense, the WAN and LAN port in pfsense is still assigned to em3 and em4 but it now corresponds to a different Port on the front to the XTM 525. So now I have to switch the network around on the front of the XTM 525 to get to work.

Anyone else experience this issue.. Very frustrating.

I use 515 with 128GB SSD and 4GB of RAM and Quad CPU so pretty similar setup. My firewall is running very smooth and stable and only times it gets rebooted is when new pfsense is released. Thing is that I never had to move any cables around - my settings stick and survive a reboot. I did however flash the BIOS and have full functionality on it thanks to stephenw10. It is recommended but dangerous - do it on your own risk.

stephenw10

Statistically it's not that dangerous. I think I'm the only one who actually bricked their box and I only did it by flashing a bad image. It is possible to recover the bricked box also.  ;)

Steve

pglover19

@stephenw10:

Hmm, that's interesting in two ways.
The ports should not change between boots, they are numbered on the order they are detected but since they are on-board that should not change. It could conceivably change with a new kernel or some PCIe subsystem component but I've never seen that.
Ports 5 and 6 on the XTM5 are the last two em ports so they should be em4 and em5 not 3 and 4. Unless you have a second gen xtm5 perhaps though I thought they were the same in terms of ports.

What ports does it change to?

Steve

I realize this is weird. So each port on the XTM 525 has it own unique Mac address right? It looks like when I reboot the pfsense box, the port assignments in pfsense (i.e. em3 & em4) gets assigned to a different port on the XTM 525 because the unique Mac address assigned to em3 and em4 is now difference than before….

stephenw10

The only time I've seen that happen is if one of the ports is bad in some way and doesn't always come up at boot. Do you see all 7 NICs at every boot?

Steve

xTiNcTion

First of all thanks for your hard work and advice. Iam new to pfSense and Im still reading this whole topic but I'd like to ask you 2 question to resume things up:

- Does pfSense 2.2.3/4 work on XTM 505? I mean by only replacing CF with one pfSense
  - What would you say is the FW Throughput? and concurrent sessions?

do you know of any issues when using pfSense 2.2.x with XTM 505?

Best wishes for you and thank in advanced,

xTiNcTion

PowerToTheUsers

@xTiNcTion:

First of all thanks for your hard work and advice. Iam new to pfSense and Im still reading this whole topic but I'd like to ask you 2 question to resume things up:

- Does pfSense 2.2.3/4 work on XTM 505? I mean by only replacing CF with one pfSense
  - What would you say is the FW Throughput? and concurrent sessions?

do you know of any issues when using pfSense 2.2.x with XTM 505?

Best wishes for you and thank in advanced,

xTiNcTion

I'm installing my recently purchased XTM 510 as well. For now I have flashed a CF-card with pfSense 2.2.4, put it in the box and it worked flawless.
Configuring seems to be a slow process, but I read in this thread it might be due to the slow writing to CF.

I can't tell you anything about performance yet…

xTiNcTion

@PowerToTheUsers:

I'm installing my recently purchased XTM 510 as well. For now I have flashed a CF-card with pfSense 2.2.4, put it in the box and it worked flawless.

Uhmm… just to (me) be sure. You just copied image to CF ... booted from it ... and run installer I guess? and pF got installed on CF itself, right?

@PowerToTheUsers:

Configuring seems to be a slow process, but I read in this thread it might be due to the slow writing to CF.

I can't tell you anything about performance yet…

I read about cf-performance issues too. have you tried to add "extra" HDD? so pF mount it during boot??

Thanks for you reply, I appreciate it.
xTiNcTion

PowerToTheUsers

@xTiNcTion:

@PowerToTheUsers:

I'm installing my recently purchased XTM 510 as well. For now I have flashed a CF-card with pfSense 2.2.4, put it in the box and it worked flawless.

Uhmm… just to (me) be sure. You just copied image to CF ... booted from it ... and run installer I guess? and pF got installed on CF itself, right?

Rather flashing than just copying, I used Win32 Disk Imager. It's like burning an ISO-file to a DVD: if you just copy over the .iso (or in this case .img)-file it won't work.

@PowerToTheUsers:

Configuring seems to be a slow process, but I read in this thread it might be due to the slow writing to CF.

I can't tell you anything about performance yet…

I read about cf-performance issues too. have you tried to add "extra" HDD? so pF mount it during boot??

Thanks for you reply, I appreciate it.
xTiNcTion

No, and I don't think I will: the initial configuration will take some time (adding networks, NAT, firewall rules,…), but afterwards there won't be much changes. I don't use it as a proxy either, so I don't think I need a HDD.

mcmellenhead

burnt 2.2.4 image to the stock 1gb cf card in my xtm5. Trying to update the bios so I can use an old HDD. I have installed PKG, but there is not enough room to install flashrom and all its dependencies. Is everyone using a larger CF card than 1gb to accomplish this?

chpalmer

@mcmellenhead:

burnt 2.2.4 image to the stock 1gb cf card in my xtm5. Trying to update the bios so I can use an old HDD. I have installed PKG, but there is not enough room to install flashrom and all its dependencies. Is everyone using a larger CF card than 1gb to accomplish this?

Ive always used 4gig card myself so can't answer.

Cortex

Can someone guide me, in the what kind of memory I should buy to upgrade?
I can see, that it is DDR2 800, but i don't know the number of pins.

I just bought an XTM 5, but it was very unstable and slow. I loaded the image (4gb 2.2.4 64 bit) on a kingston 4 Gb card.

I boots up slow, the interface is very slow, and when changing settings, it hangs for more than one minute.
Now I'll try the 32 bit image, and a different card. I will also try changing the memory.
I bought it used on ebay, assumeably working, but I can't be sure of course.

My firebox x500 works fine.

regards

Cortex

The stability issue seems to be caused by the flash card. When using a 4 GB Sandisk extreme IV card it worked much better, even even faster when I used the Sandisk Ultra 8 Gig.

Actually I think i recall other people discussing an issue with the flash cards, specifically using a larger one.

Still didn't find out the pin number. Guess I will have to count them :)