Watchguard XTM 5 Series

chpalmer

Are you trying to start it with the console cable plugged in and console active?  Try it both ways. with and without.

How long are you waiting?  Ive noted my unit at times went a minute or two without doing anything.

Have a SATA drive you could try?

Dont throw it away!  Someone will take it off your hands.  ;D

AlexJamesHaines

Interesting…

I had tried flashing the 1GB CF card and it still wouldn't boot (I was really pissed).

I came back to this thread and saw this message about trying to boot without serial connected. This works reliably (out of four boots)! If I wait until the three beeps are heard in close proximity and then connect the console all is fine. I will now try and do the same with the SSD and report back.

Throwback

I will try adding more patience and wait 5 mins before connecting…

Can't try the Sata port because I need to flash the bios to boot from it afaik? Or will it boot Sata if I remove the cf card? I've got enough Sata disks in the spare parts box... I'd kinda like to put an ssd and a ram upgrade in it anyway but I'm not spending any money on it unless I can get past step 1!

Throwback

chpalmer - you are bang on the money - add more patience!

Waited 5 minutes until i heard the magic three beeps and THEN connected to the console. Bingo.

I'd waited over 15 minutes before with the console connected and no response - it seems NOT connecting to the console until boot is completed is the secret (obviously, I couldn't wait to see the progress before…)

Think I might buy a nice big SATA disk, because more storage is always good...

Thanks guys! No need to trash a perfectly good (but traded up, so no sale...) 515.

chpalmer

Were you able to do this=

Throwback

No… not yet. Requires flashing the bios, no?

Iain

AlexJamesHaines

Anytime I try and press the key to enter the BIOS it just locks up (as I have now discovered because I have the terminal connected).

Can I connect a USB keyboard and press the keys on that instead and then connect to the terminal after a while to see the BIOS screens?

Throwback

Remember, its tab to enter the bios - ignore the directives given by the bios itself!!!

Just console on 115200 and start hitting tab as soon as boot starts - read only though, so this is just to prove it works…

My recipe is:

flash disk with image, replace cf card
remove console cable - power on.
open a beer and start drinking - half way through you will heard the three beeps indicating pfsense has booted
NOW connect the console cable and putty in.

XTM 5 seems to be like schroedingers firewall - observing the console at boot confuses it...

NOW to try out a Watchguard M500... i am in the very lucky position to have one with a fscked soft power switch that i warrantied, and watchguard never asked for the original back... i think that will be a 50c component replacement...

Will open a new thread with results if i get any luck with an m500 (about $8000 to on a trade in at the moment, so probably hasnt appeared here yet...)

Iain

chpalmer

I really do recommend that you guys do the bios flash as soon as your able or willing. Its scary because if it crashes then…

But It seems to make things boot better.

But then again as long as you never have to reboot.......    ;D

Cortex

For all you guys who have upgraded your processors:

Is it necessary to flash the bios first, or can it be done without, and does the unit change clock speed etc. automatic?

Have you used openvpn, and have you noticed increase in throughput and if so, what is your throughput.
I'd like to saturate a 100 mbit line, preferable with 256 bit
Right now my box with the standard celeron 440 passes 50 mbit (which is mi line's max speed) at 128 bit encryption, but it completely stalls it, fail to write rrd graphs, and becomes unresponsive. The cpu usage is 100 % or near 100 %.

Does the unit accept any AES-NI capable processor?

[edit: added 3rd question]
Thanks in advance
/cortex

Scorch95

@Cortex:

For all you guys who have upgraded your processors:

Is it necessary to flash the bios first, or can it be done without, and does the unit change clock speed etc. automatic?

Have you used openvpn, and have you noticed increase in throughput and if so, what is your throughput.
I'd like to saturate a 100 mbit line, preferable with 256 bit
Right now my box with the standard celeron 440 passes 50 mbit (which is mi line's max speed) at 128 bit encryption, but it completely stalls it, fail to write rrd graphs, and becomes unresponsive. The cpu usage is 100 % or near 100 %.

Does the unit accept any AES-NI capable processor?

[edit: added 3rd question]
Thanks in advance
/cortex

1. You do not have to flash the bios to change out the cpu. At least I didn't, but I ended up doing so later on.

2. I do run openvpn however it is as a client not a host so not sure if it's what you're looking for however I haven't speed tested it yet. Somehow that part slipped my mind.

3. I do not believe the xtm5 series can handle a aes-ni processor. My understanding those started at the i5/7 series processors where as this supports c2d/q processors from the generation before.

Cortex

@Scorch95:

1. You do not have to flash the bios to change out the cpu. At least I didn't, but I ended up doing so later on.

2. I do run openvpn however it is as a client not a host so not sure if it's what you're looking for however I haven't speed tested it yet. Somehow that part slipped my mind.

3. I do not believe the xtm5 series can handle a aes-ni processor. My understanding those started at the i5/7 series processors where as this supports c2d/q processors from the generation before.

It is running as a client, and I would like to be able to use OpenVPN at even higher speeds than 50 mbit (around 90-100 mbit).

What processor did you slip in your unit?

Scorch95

@Cortex:

It is running as a client, and I would like to be able to use OpenVPN at even higher speeds than 50 mbit (around 90-100 mbit).

What processor did you slip in your unit?

I'm running a q9550s as its a low power model. I've seen some run full power models but the xtm isn't as fully spec'd as the original Lanner appliance so I didn't want to risk it burning itself up. Plus in all honesty I'm probably overkill as it is as I'm still trying to learn myself.

When I get home I will try to remember to run a speed test. Any preference on what exactly you want measured?

Edit: I did run a speed test however my line is capped at 50Mb down and it hits it just fine. Sorry I can't tell you my actual max.

Cortex

I'm running some vpn clients with 128 encryption algorithm (BF-CBC) and SHA1 160 bit.

The router is fine delivering throughput at 50 mbit with low cpu usage, except (of course) when it is tunnelling all the data through the vpn. If I limit it to 45 mbit the interface stays fine, but at 49 mbit (limited) it starts to hang.

Cortex

Anyone know if the E8400 xeon will work.
It seem like it isn't drawing more power than the supply is rated?

dehardstyler

@stephenw10:

–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test.  ::)

Steve

Hello Steve,

I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.

This is the error:

_[2.3.1-RELEASE][root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop... OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][root@pfSense.localdomain]/tmp:_

I would really appreciate it if you would answer on this message, even if it doesn't solve the problem!  :P

Looking forward to you reply!

With kind regards,

dehardstyler

DeLorean

@dehardstyler:

@stephenw10:

–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test.  ::)

Steve

Hello Steve,

I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.

I can be wrong, but i think the BIOS versions that Stephen provide, are only for the E-series,
and or not suitable for the XTM 5 series.
Normally a XTM 5 series don't need flashing or a modified BIOS, because this BIOS is newer then the one from the E-series.
I have rebuild last year a XTM 510 for pfSense and after putting in the CF with pfSense, it booted right away.
For Speedstep to enable, this is controlled by de EST driver in pfSense, and not depended from the BIOS,
so for enabling Speedstep, you don't need the modify the BIOS.
Only search for the supported cpu's, and a few settings in pfSense, and Speedstep will work.

Grtz
DeLorean

chpalmer

@dehardstyler:

I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.

This is the error:

_[2.3.1-RELEASE][[email]root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop… OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][[email]root@pfSense.localdomain]/tmp:_

flashrom -w xtm5_83.rom –programmer internal

You used the exact command Ive used on all my units without issue. From older to newer..  Not sure.  Have you tried pulling the battery and letting it sit for a few minutes?

DeLorean-  Steve did make a version for these boxes which unlocks the BIOS to enable us to make changes if we so desire.  While not crucial it is nice to have control.  Ive done all 4 of the boxes that have passed through my shop here.

DeLorean

@chpalmer:

DeLorean-  Steve did make a version for these boxes which unlocks the BIOS to enable us to make changes if we so desire.  While not crucial it is nice to have control.  Ive done all 4 of the boxes that have passed through my shop here.

Thx for the update, i didn't know that there was also a unlocked BIOS for the XTM 5 series  :-X
I have last year converted a XTM 510 with pfSense, but everything worked fine without updating the BIOS.

Grtz
DeLorean

uknownme123

@dehardstyler:

@stephenw10:

–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test.  ::)

Steve

Hello Steve,

I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.

This is the error:

_[2.3.1-RELEASE][root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop... OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][root@pfSense.localdomain]/tmp:_

I would really appreciate it if you would answer on this message, even if it doesn't solve the problem!  :P

Looking forward to you reply!

With kind regards,

dehardstyler

Sorry to inform you. I had this issue once flashing. I used jtag flashing to force the write unto the chip's pins. Go back to earlier post on this thread. A way to force flash is similar to reviving dead xtm5 motherboard. basically the bios was corrupted, no boot or nothing.  If yours is still booting, you could leave it as is. Thanks to Steve for helping out he got me to revive my dead board.