Watchguard XTM 5 Series
-
–-------------------------------------------------------------------------------------------------------------------------
It may be necessary to reset the CMOS with the on board jumper to get access to the bios menus. My box has been unlocked for so long I can't remember if I had to and I have no easy way to test. ::)Steve
Hello Steve,
I would really like to use your BIOS, since it would enable Speedstep! :D
Unfortunately I get a strange error message, while I do have exactly the same XTM505. ( checked motherboard / BIOS version )
It seems that the BIOS chip is locked or something, like you have to mount it first.This is the error:
_[2.3.1-RELEASE][root@pfSense.localdomain]/tmp: flashrom -w xtm5_83.rom –programmer internal
flashrom v0.9.9-r1955 on FreeBSD 10.3-RELEASE-p3 (amd64)
flashrom is free software, get the source code at https://flashrom.orgCalibrating delay loop... OK.
Found chipset "Intel ICH7/ICH7R".
Enabling flash write... OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
[2.3.1-RELEASE][root@pfSense.localdomain]/tmp:_I would really appreciate it if you would answer on this message, even if it doesn't solve the problem! :P
Looking forward to you reply!
With kind regards,
dehardstyler
Sorry to inform you. I had this issue once flashing. I used jtag flashing to force the write unto the chip's pins. Go back to earlier post on this thread. A way to force flash is similar to reviving dead xtm5 motherboard. basically the bios was corrupted, no boot or nothing. If yours is still booting, you could leave it as is. Thanks to Steve for helping out he got me to revive my dead board.
-
Well thanks to a search engine, the proliferation of these little "Red" boxes for sale everywhere and a CCNA course I have come to know PFSense.
Thanks to many putting in the time and the jaw-dropping sleuthing on bios and equipment design I now have a XTM 5 with full install of the latest PFSense installed ( with sound on boot-up and shutdown, was a little shocking but nice not to have to eye it to know it is up or down.)I have the MB-7589 W V1.0 (Either A or B, but think it's a B )
(WG factory ) Bios V1.2
1GB DSL Ram @ 800
(have 1GB Transcend WG OS card , now removed)I had an extremely smooth install by doing the following and wanted to share it since I haven't read any post yet.
1 I downloaded PFSense , 64 bit, ISO
2 Formatted spare physical WD 80GB Black laptop drive, gathered free space available
3 Launched Microsoft windows Storage tool, created VHD the same size as the free space on the physical drive to be used ( it was faster to create VHD via Windows OS as opposed to using VirtualBox )4 Spin up Virtual Box and created 64-bit BSD profile and point it to the VHD as its medium
5 Mount PFSense 64 bit ISO into the virtual CD drive and install
6 Configure VGA, set Terminal to 115200 and VT100 in loader and boot configs, setup WebGUI WAN to DHCP and LAN to static IP, save.
7 Shutdown PFSense VM.8 Use Windows OS Storage and mound the PFSense VHD
9 Load Macrium and clone the PFSense VHD to physical WD 80GB Black laptop drive.
10 Put drive in WG XTM 5 and boot ( have sound, serial, and WebGUI )
Note I did remove the 1GB CF cardSeveral reasons I wanted to use this method is to 1 test configurations with snapshots, be able to configure setting and features, have a dirt easy way to roll out a preconfigured install ready to in to an XTM 5 box.
–-------------
Now for the questions...
1 What advantage would flashing the bios give.
2 What flash program and version is showing the best success
3 Does anyone have the SPI pin outs for MB-7589 W V1.0 B or whitepapers for the bios chip?4 Does the XTM 5 actually have VGA 11 pin header , if so - any recommendations for ribbon cable with proper connector pitch with ribbon cable a 15 pin D-sub ?
5 Regarding the PCI-E, "stephenw10 May 03, 2012, 08:17:25 am »", has any one been able to add a M-to-F PCI-E adapter and try a PCI-E card ? -
Now for the questions…
1 What advantage would flashing the bios give.
2 What flash program and version is showing the best success
3 Does anyone have the SPI pin outs for MB-7589 W V1.0 B or whitepapers for the bios chip?4 Does the XTM 5 actually have VGA 11 pin header , if so - any recommendations for ribbon cable with proper connector pitch with ribbon cable a 15 pin D-sub ?
5 Regarding the PCI-E, "stephenw10 May 03, 2012, 08:17:25 am »", has any one been able to add a M-to-F PCI-E adapter and try a PCI-E card ?1. Flashing the BIOS gives you control over the settings that are locked now. While not necessary it is nice to have the option.
2. Flashrom Package is detailed in the forums here.
3. No sorry I do not.
4. I do not believe it does.
5. I have not.To flash your BIOS, use the commands below one at a time from console-
pkg
pkg install flashrom
rehash
cd tmp
fetch https://sites.google.com/site/pfsensefirebox/home/xtm5_83.rom
md5 xtm5_83.rom
flashrom -w xtm5_83.rom –programmer internal
-
10 Put drive in WG XTM 5 and boot ( have sound, serial, and WebGUI )
Note I did remove the 1GB CF cardGood job!. Unless you flashed the bios, you will not see the option to disable always boot from CF. Flashing the bios wall allow you to change boot order with multiple drives hooked up. This is one advantage of flashing bios, among the many other options available after flashing.
-
The SPI header pin-out was pretty standard from what I remember off-hand. I thought it was detailed in fact somewhere.
Hmm, looks like some of those links are 404ing… :'(
Steve
Edit: Attached SPI pin-out I used.
-
For all you guys who have upgraded your processors:
Have you used openvpn, and have you noticed increase in throughput and if so, what is your throughput.
I'd like to saturate a 100 mbit line, preferable with 256 bit
Right now my box with the standard celeron 440 passes 50 mbit (which is mi line's max speed) at 128 bit encryption, but it completely stalls it, fail to write rrd graphs, and becomes unresponsive. The cpu usage is 100 % or near 100 %.Thanks in advance
/cortexTo answer at least partly one of my own questions:
I upgraded the unit with an E6400 I had laying around, and i worked smoothly. Just swapped the processors and booted up the unit.
I can now tunnel through 4 vpn's (128 bit) with 100 mbit at around 50 % cpu load.
It will be interesting to see what 256 bit encryption does to the cpu. -
Seems like you may have had something configured wrong there. I would expect far more that 50Mbps even with the original Celeron. Atom D525 could pass 50Mbps OpenVPN.
Of course the usual caveats apply with regard to throughput testing.Seems like it's working well with that upgrade though. :)
Steve
-
Well. Actually my previous internet connection was 50 mbit. With the new 100 mbit I could reach 60-65 mbit, but still the unit would respond very slow, and it would stop writing rrd graphs.
I don't know anything about squeezing extra speed from the encryption/decryption settings. I just used whatever private internet access guides I could find. -
10 Put drive in WG XTM 5 and boot ( have sound, serial, and WebGUI )
Note I did remove the 1GB CF cardGood job!. Unless you flashed the bios, you will not see the option to disable always boot from CF.…..
I have recently installed a SSD in a XTM 515 and did a full install,
i have not flashed the bios and the firewall boots fine straight from the SSD without the CF card.Grtz
DeLorean -
-
Hmm, I personally just ran with whatever I had already. I've never found a lack of RAM to be a problem.
That blog post certainly makes for scary reading. If you can't make those settings on a desktop it's unlikely to work in a network appliance!Steve
-
Where are you all buying the DDR2-800 4GB sticks for this? I have been looking all over and cant seem to find any except for an ebay seller with this article.
Edit:
I did find these, at $155 for 2 4GB sticks it's pricy like others have said but is the low density type.Checked Ebay prices for 8gb ddr2 low density. Results showed some 4gb x 2 sticks, all priced over $100. Not worth it for me, too expensive but each to his/her own. In my opinion, unless you will be utilizing over 4gb like running virtual OS under pfsense with byhve or massive filter list in Snort/Dansguardian, I would not buy it.
I have some 4gb high density sticks, the ones labeled "for AMD motherboard," NO! they don't work on intel boards.
If you like the xtm5 look/platform, If you plan to go big like supporting a 500+ user connection for a large corporation you may want to look at more recent pfSense system like SG-8860 1U.
-
Does anyone know where I can get the rack ears for the XTM 5 series? I bought a firebox which I am in the process of converting over but would like to find the rack ears for it; can't find any on ebay. I don't want have to buy a tray for my rack to put it on. lol :)
Thanks,
-
Does anyone know where I can get the rack ears for the XTM 5 series? I bought a firebox which I am in the process of converting over but would like to find the rack ears for it; can't find any on ebay. I don't want have to buy a tray for my rack to put it on. lol :)
Thanks,
Ive got a pair.. But only found one of them in the drawer.. Ill keep looking and repost if I find the missing one.
-
Anyone know where I can get clear stickers, like these. I know the store has the white background ones. I got some of those. But the clear ones look super.
-
I have a two 510's now and want to convert one into a PFSense box. Can I use any LGA 775 Quad Core CPU or am I limited to specific ones? What have people done to mount their SATA drive into their Fireboxes?
Also do I need to use a 4GB CF card or can I use a 16GB one for PFSense? I am asking because I would prefer not to spend weeks waiting for one to arrive from Amazon or Ebay, the camera shops here in Toronto, ON, Canada only carry 16GB + cards.
And lastly where do I find the bios update?
Thanks
-
The SPI header pin-out was pretty standard from what I remember off-hand. I thought it was detailed in fact somewhere.
Hmm, looks like some of those links are 404ing… :'(
Steve
Edit: Attached SPI pin-out I used.
What was the offset you used. Because I have tried several times to re-flash the bios via SPI using my Willem PCB6 and the board still does not boot. If i try forcing the power on using the AT psu pins/jumpers it will light up all the leds and spin up the fans but it gets no where. It will not boot. Any ideas where I need to look?
-
Can I use any LGA 775 Quad Core CPU or am I limited to specific ones?
What have people done to mount their SATA drive into their Fireboxes?
And lastly where do I find the bios update?
Thanks
I use - Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz
I modified a 2.5" to 3.5 inch adapter bracket to fit. I know a guy that uses plexiglass.
https://forum.pfsense.org/index.php?topic=43574.msg337492#msg337492
-
Had been busy with this is parallel to my normal work (I did not have so much time, because I had hoped to have it finished).
However, my preliminary findings (pictures will come when I find the optimal solution):
-
Replacement of case & CPU fan is a huge success, this eliminates a lot of noise (understatement);
-
PSU fan can be modified, but it is in general noisy, currently thinking to go PicoPSU, currently investigating the options -> modifying PSU fan is not wortth the hassle in time (to investigate & find -> low noise replacements do not exist)
What PSU power would be correct, the one currenly build in is overpowered:
-
CPU=35W (Celeron
-
3 Fans = 0.48W*3=1.5W
-
Mobo = 25-40W
-
Mem=2~5W (orginal XTM 520 mem)
-
Enclosure = 5~10W (estimate)
-
Additional HD = 3W
This mean a total of 94.5W when all components are working at max performance.
From PicoPSU the following kits can be used (net yet tested myself):-
picoPSU-160-XT + 192W Adapter Power Kit
-
picoPSU-150-XT + 150W Adapter Power Kit
-
picoPSU-150-XT + 102W Adapter Power Kit
-
picoPSU-120 + 102W Adapter Power Kit (not recommended because you need an additional cable to convert a molex to a 4 PIN ATX)
Update 5-4-2016:
I got my hands on a picoPSU-150-XT + 102W Adapter Power Kit for 50 euro, which is quite a OK deal in Europe. Tested it yesterday and the box is super duper quiet. However when you have the box in thermal mode once in a while the fans spin up, which is not preferable. Better it is to have the fans by default spin a little faster than they do in thermal mode, in general the CPU will be cooled better and will never reach the BIOS threshold. Currenlty thinking of a way how to adjust.
(Probably by putting the fans in super fast mode in BIOS and adjust the speed with a resistor)
I hope to test this afternoon.Now I will see where I can get my hands on, to test this in my Firebox.
What fans did u get? I'm thinking of spending some time on the firebox, upgrading the CPU and memory and tackle the noise as well
So this is my buy list
- CPU - Intel Core 2 Quad - Q8400 or Q8200 about $10 (have a 200MB line and will be using this for openVPN/voip/PBX)
- Memory - have some DDR2 lying around - will try to see if that works with the new CPU
- Fans - ?? CPU/Case. Will probably leave the PSU fan alone $20
- Ears - cant find the right ears for the box - ended up getting the wrong ones and will probably use those elsewhere
Thinking what the Power hit would be with the CPU Change
-
-
What fans did u get? I'm thinking of spending some time on the firebox, upgrading the CPU and memory and tackle the noise as well
So this is my buy list
- CPU - Intel Core 2 Quad - Q8400 or Q8200 about $10 (have a 200MB line and will be using this for openVPN/voip/PBX)
- Memory - have some DDR2 lying around - will try to see if that works with the new CPU
- Fans - ?? CPU/Case. Will probably leave the PSU fan alone $20
- Ears - cant find the right ears for the box - ended up getting the wrong ones and will probably use those elsewhere
Thinking what the Power hit would be with the CPU Change
Can you post a picture of the ears? If they are the ones for the XcoreE series Then I would buy them from you. I have been looking everywhere for ears for my x1250e and can not find any.
Also, an update on my XTM 5 box that will not power on. I think there is a problem with the bios chip its self, The chip is a M25P80-VMW6TG by ST. I bought 5 of them on ebay to replace the one that is on my board, the total cost of the 5 chips? A whopping $2.49 USD.. Why the heck did I not just do that in the first place.. If the new chips do not fix the issue then I guess my next step is to break out the logic analyzer and go through the board with that and a multimeter to find why the hell it wont power on. its not the PSU as I already replaced it with a new one.
