Watchguard XTM 5 Series
-
Hmm, interesting, it looks like I never tried it after unlocking the BIOS. It's definitely not possible to boot from USB without altering some bios settings and to do that you need to flash the unlocked version. That obviously carries some risk but I'm quite confident that image I linked to is not corrupt. I uploaded it, downloaded it again and re-flashed it to my box without issue. Just make sure the MD5 sum is correct.
Steve
-
From my experience with the XTM8 (810), you can't boot anything from the usb ports - I tried!
I imagine the XTM505 will be the same - bios locked down and restricted as to what can be used - ie mouse and keyboard is pretty much as far as the bios will get you - until you unlock it.
My XTM8 is currently out of action - deffo be careful flashing the bios ;)
Eamon
-
StephenW10,
A little late of a response but yea duh about the hardware differences… I was thinking XTM5 series: 515, 505 etc which are all the same hardware. I can't keep up with all the Watchguard models you are working on. :P
Also, after trying LCDProc-Dev (latest package) it seems the key mapping was not integrated into the latest dev package as my key mapping are still off. I'll post in the appropriate thread about this as well but wanted to reference it here, this being the official thread for XTM5 devices. Also, Stephen, could you enlighten me on the shellcmd you use to start/restart the LCDProc service? Thanks.
LCDProc-Dev Thread:http://forum.pfsense.org/index.php/topic,44034.msg349010.html#msg349010
iolaus,
With all due respect to StephenW10 and thanks for his hard work, there isn't much to gain from unlocking the bios.I would echo Eams warning in that you do not want to flash your bios unless you know 100% that you will benefit from the features. If you want to tinker, I would suggest only doing so if you are not really relying on the hardware and can afford to brick it. You will need to have a level of comfort/experience with modifying hardware/bios as you may need to create a serial jumper soldered to the board to unbrick it or reflash the serial flash device (at least this was my understanding from reading through StephenW10s posts. Please correct me if I'm wrong).
-
I will be using my XTM505 in my local network so I'll definitely have to be careful not to brick it. I had hoped to try out Snort but I'm wondering if I have to worry about the finite write capabilities of the CF card. If so, is it possible to install additional storage (SSD or larger USB Flash), perhaps as secondary storage, without unlocking the BIOS?
-
I had the same issue and question but the answer for me was much simpler/easier than having to install secondary storage. Instead I used the SHELLCMD package to mount an NFS Share at post boot and then setup logs to write to the share. A much more elegant solution, especially if you hope to use any other software (Splunk etc) to parse your log files.
Hope that helps.
-
I have to agree, general policy for flashing your bios should always be don't do it unless it offers something you need. That might go double for some hacked bios you downloaded from a forum! ;)
That said I have flashed it many times succefully, I'd have no hesitation flashing a new box if I found one for the right price. The problems Eamon had with the XTM8 were mostly due to a bios chip that wasn't correctly handled by flashrom. It was doubly unfortunate because it reported no errors and seemed to be functioning correctly.The XTM5 has provision for an internal HD by way of a power connector on the PSU and sata connectors on the board. I can't remember if the standard bios has HD auto detection enabled. :-\
Steve
-
Hi, i can confirm that the bios from stephenw10 (xtm5_83.rom) works like a charm on my XTM 510. If i remind correctly, i boot pfsense on it and downloaded the bios direct to the XTM510 in a shell.
After flashing i was wondering that the bios was still locked, but i read that the cmos have to reset. I removed the power cord and the battery, drink a coffee, and anything was fine with unlocked bios.Thanks to stephenw10!
Now i try my luck with a XTM810 to boot a other system as Watchguards XTM OS.
-
Some updates:
I've got my XTM 505 up and running. I replaced the CPU with a Core2Duo E4500, replaced the RAM with a couple 1GB sticks I had lying around, and installed a 2.5" HD which I also had lying around.
I mounted the HD to a modified Intel 2.5" to 3.5" converter cage. The cage is mounted to the XTM 505 right behind the LCD on risers.
The XTM successfully finds the SATA HD without any BIOS modification and I have SHELLCMD mounting it at boot time.
Pictures:
-
Nice! :)
I would recommend removing the VPN accelerator card. It's just using power and isn't doing anything useful, unfortunately.Steve
-
Any one have any luck locating or compiling a suitable driver for the
Cavium card? I believe a Linux one exists but no luck with BSD. -
I believe it's closed source driver in Linux or at least you have to sign an NDA before they'll give you access to the SDK. No driver like that would ever make it into FreeBSD so it would have to be reverse engineered. Not an easy task.
Steve
-
Yeah that pretty much sums that up.
Anyone wanna buy a Cavium VPN card cheap? ;D
-
You never know support for the low end cavium chips may yet appear once they are of no resale value.
It's a shame they chose to use a reversed pci-e connector, I've tried to find a female to female adapter bug failed. Having the pci-e bus terminated in an edge connector like that seems to be known as 'golden fingers'. Can turn up some interesting Google results! :PSteve
-
I'd say chances are pretty slim considering Cavium has already released several models newer than the one in this box (Nitrox CN1605). Still, you never know.
"Golden Fingers" you say?
Could always use a PCI-e to mini-pci card or wifi card. Or a 10GB Ethernet card and mod the box to have a cable permanently attached internally and fed out the back. Not the most elegant solution but would make use of the port. Seems like there is enough room left to do something with it.
-
That's just it, you can't use any of those things without some sort of adapter because the slot is on the card! I had thought a back plane style riser of the sort sued for single board computers might do it but I haven't found one of those either.
Steve
Edit: Like this maybe: http://www.onestopsystems.com/backplane_427.php
-
Hello,
We have successfully installed pfsense on a watchguard xtm 505.
Just letting you know that the Quad Core Q8200S is supported by this motherboard and runs beautifully.
This CPU actually runs cooler than the Celeron - sits between 37-40C. The "S" model is of smaller lithography and runs more efficiently / cooler.
http://ark.intel.com/products/40816/Intel-Core2-Quad-Processor-Q8200S-4M-Cache-2_33-GHz-1333-MHz-FSBOur specs are:
2GB RAM
Quad Core Q8200S
8GB Transcend CF Card (with 4GB image)Works great!
Thanks to everyone who contributed.
Scott
http://www.synergy8.com/ -
Ooo, nice!
The only reason I went for the E4500 (other than it was cheap on ebay) was that it matched the lithography and bus speed on the Celeron closely. If we can use 45nm and 1333MHz that opens up many other cpus.Are you using the original BIOS?
Steve
-
Hi Steve,
Yes - original BIOS. No changes or flashing needed.
I'm sure other faster CPUs will work. But! Id be wary of the power consumption with other CPUs. That PSU in the box is pretty small!
I would be pretty confident in saying that most of the CPUs in the "Compatible products" list of: http://ark.intel.com/products/36528/82G41-Graphics-and-Memory-Controller-Hub would work.But I can certainly confirm the stability and operation of the Q8200S. Power wise, we removed the VPN card and do not have a hard drive installed.
Here is a pic of the dashboard (some info removed).Cheers,
Scott
http://www.synergy8.com/
-
Regarding the LCDProc dev package not automatically starting at boot I'm trying StephenW's method for restarting the services with SHELLCMDs from here:
http://forum.pfsense.org/index.php/topic,7920.msg344513.html#msg344513
-
Is the XTM 5 series powerful enough to run squid and anti virus package? does it work with the CF card or do i need an appliance with HDD Installation (e.g. Symantec 5420)?