Watchguard XTM 5 Series

blaxx

Do you have 'Hardware TCP Segmentation Offloading' disabled in System > Advanced > Networking?

It should be disabled by default.

Steve

Yes it is disabled. The config is default except for installation of LCDproc.

Stellan

stephenw10

Hmm, you might try some of the other tuning options here:
https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

You could also try:

hw.em.num_queues=1

or

hw.em.msix=0

Neither of which should be necessary really.

Steve

pd1dmr

Found one on Ebay

and it is on its way to me :)

can somebody confirm that installing from cf card to hdd works

so it will boot from hdd

got PFsense running on PC know

and Bios Flash from 2.3.4 pfsense install possible to custom bios made by Steve

Many thnx
Rex

stephenw10

Yeah that would probably work. I've never done that on that hardware but I've done similar things on other devices.

Write the memstick-serial install image to a CF card and it should boot from that and allow you to install to HD. I'm not sure if it will try to boot CF or HD first with the default BIOS settings.

You can write the BIOS using flashrom in pfSense.

Steve

Billyboy

Hi all,

one of my two XTM boxes surprisingly doesn´t start today. When I power it up (with the power cord), the fans blow at 100%, some (not all) LEDs on the ports are flickering or blinking, nothing in the display, no beep, no boot, power button does not work. Serial connection does not work/show anything with 9600 nor 115200 8N1. (On the the other box it works, so no cable or software issue).
Entering the Safe Mode does not work (as described by Watchguard https://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/backup_upgrade_recovery/recovery_procedures_c.html )

Meanwhile I opened the box and disconnected the SATA SSD, still same behavior. All the five LEDs on the back of the mainboard are glowing, when power is connected.

Any Idea? Does it need a reset? How?

Any help appreciated, thx in advance!

stephenw10

Sounds like a hardware issue.

I'd try disconnecting everything you can, which isn;t much in the XTM5. Rmove the crypto card though if you haven't already.

Reseat the memory and CPU. Remove any additional DIMMs you might be using. Reset the CMOS.

Steve

A Former User

This post is deleted!

Billyboy

Hi Steve, thank you, how can I reset the CMOS? Is there a jumper or should i remove the small battery?

@stephenw10:

Sounds like a hardware issue.

I'd try disconnecting everything you can, which isn;t much in the XTM5. Rmove the crypto card though if you haven't already.

Reseat the memory and CPU. Remove any additional DIMMs you might be using. Reset the CMOS.

Steve

stephenw10

Removing the battery for 10mins is a good way. There is a jumper but I forget exactly where, usually near the battery though.

Steve

stephenw10

@747Builder:

my e8400 is reporting


dev.cpu.0.freq_levels: 2992/-1 2618/-1 2244/-1 1870/-1 1496/-1 1122/-1 748/-1 374/-1
dev.cpu.0.freq: 374


est0: <enhanced speedstep="" frequency="" control="">on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 616092606000926
device_attach: est0 attach returned 6</enhanced>

Hmm, OK that's Speedstep not working. That's what I see also.

The frequency levels you do see are from ACPI throttling which doesn't really do anything useful. Those are not real P-states supported by the CPU. The only way I managed to get this sort of working was using an uploaded DSDT to override what is in the BIOS. However I've never been able to replicate it since. Memory not as good as it was. ::)

Steve

Leapo

Is there a confirmed-working 8 GB (2x 4GB) kit? Trying to max-out my XTM 505 :)

From what I understand, it will only worth it low density 4GB sticks of DDR2 PC2-6400. Is that correct?

stephenw10

I've never had a problem with the modules I've used but I've never tried to go to 8GB. You probably don't need 8GB to be honest.

Steve

Billyboy

@Leapo:

Is there a confirmed-working 8 GB (2x 4GB) kit? Trying to max-out my XTM 505 :)
From what I understand, it will only worth it low density 4GB sticks of DDR2 PC2-6400. Is that correct?

According to the website below the watchguard doesn´t accept more than 4 GB. An even the 4 GB Kit is really expensive.

https://translate.google.com/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.triebwerk23.de%2Fjoomla%2Findex.php%2Ffirewalls%2Fwatchguard-xtm-5-xtm-505-515-525-545-pfsense-64-bit&edit-text=&act=url

slaven

Hi everyone,

fist of all I like to thank Steve for the awesome work you have done with regards to the XTM 5 platform and pfSense. Thank you!! Really amazing.

Quick questions, though:

All fan connectors on the mainboard are 4-Pin headers, but only 3 pins are populated on the three Sunon fans (2x cpu, 1x sys). Does anyone know if the mainboard connectors support PWM-fans as they are 4-pin? Is there a way to test if pin 4 supplies a speed control signal?
Does anyone know if the fan inside the 220 W PSU version is 5 or 12 V? I took mine apart to clean it, but forgot to take a closer look.

Thanks and keep up this great work!

BTW, running:

XTM 505
Intel Xeon X3320
2x 2Gig 800 Mhz DDR2 RAM
500 Gig WD Blue 2,5 Inch HDD

Works like a charm! Only have to quiet the CPU fans a little by replacing them.

DeLorean

@slaven:

Does anyone know if the fan inside the 220 W PSU version is 5 or 12 V? I took mine apart to clean it, but forgot to take a closer look.

The Fan inside the PSU is a 12V version, cable connection is soldered direct to the mainboard of the PSU.
Replacing this fan with a quieter fan, will also lower the cooling, wich result in higher temperature in the PSU
and premature failure.

If you flash the unlocked BIOS , then you can lower the default lowest fan speed for
the CPU fans and separate for the case fan to almost zero.
With that option , you don't have to replace the fans.

Grtz
DeLorean

slaven

@DeLorean:

The Fan inside the PSU is a 12V version, cable connection is soldered direct to the mainboard of the PSU.
Replacing this fan with a quieter fan, will also lower the cooling, wich result in higher temperature in the PSU
and premature failure.

I just checked and the fan in my PSU is connected via a 2-pin connector. My box uses the same PSU as described in https://www.watchguard.com/docs/corporate/wg_xtm5De-MFR_instructions.pdf on page 8. Doing some more digging on the PSU (ST-220FUB-05E made by Seventeam) it seems as the PSU fan is temperature controlled as well. I will have to torture my PSU a little bit to find out, if the fan really is controlled by a temp probe. The PSU fan is a different Sunon fan than the three CPU / system fans - only 20 vs 28 mm in depth.

I have made some good experience with Noctua NF-A4x20 fans lately (http://noctua.at/en/products/fan/nf-a4x20-flx/specification). They run at 5000 rpm @ 12 V and are really silent. Airflow sure is less than on the original Sunon - ~ 10 vs 28 m³/h at max speed. But the Noctual fan has almost identical static pressure (both at max rpm). As the Sunon fans do not need to run at maximum RPM to cool the system accordingly, static pressure on the Noctua fan is higher relative to RPM. Especially in a CPU cooling configuration as used in the XTM5 the Noctua should work well in theory, as we will need high static pressure first, airflow comes second.

I am about to upgrade my box with four if theses fans, but I am still trying to figure out if I should get the PWM or the standard version of the Noctua fan for CPU and system fans. The price is identical.

Cheers!

DeLorean

Hello,

I'm looking to perform a XTM 5 Series BIOS modification.
I have a box where the 100Mbps port is giving problems by detection during boot, with the Unlocked BIOS
i can disable this port in the BIOS under Chipset -> South Bridge Configuration -> PRO-NIC Controller
But after a BIOS reset, this port will be back enabled.
I have Amibcp 3.51 for modifying the BIOS file, and can open the BIOS file and make changes in this section of the BIOS part,
but i don't get it to work that this port is disabled by default and hided.
I can only hide this section, but not hide and disabled, only disabled when choose "optimal" or "failsafe".

Thanks in advance

Grtz
DeLorean

Billyboy

@Billyboy:

Hi all,
I have two XTM5 (505 and 515) with the BIOS:

Vendor: American Megatrends Inc.
Version: 080015
Release Date: 02/03/2010

and upgraded hardware on both:

CPU: Intel E5800 @ 3.2 Ghz
RAM: 2 GB
SSD: 60 GB

running on the latest pfsense 2.3.4-p1.

…

I recognized problem:

When I pull a cable out of any of the em ports, Pfsense needs more than 5 Minutes to change the interface to down (both in the GUI DASHBOARD as well as on the Interfaces status page). However the port LEDs are switched off immediately.
...

To resolve this problem, if have done some more investigations:

I have done a fresh install 2.3.4-P1 on SSD (through PC, choosing embedded Kernel). I resetted to factory defaults and configured the two default interfaces only: em0 (WAN, DHCP) and em1 (LAN, static IP).

Still same issue, it takes minutes till PFSense recognize the disconnected cable.

Are there tuning parameters for the EM / Intel NICs?

I checked "Disable hardware checksum offload" already, no change.

Any Idea?

stephenw10

Still no idea how that could happen I'm afraid.

To recap you see the link as up reported by ifconfig during that time?

You see that same behaviour on both your boxes?

Steve

DeLorean

@stephenw10:

Still no idea how that could happen I'm afraid.

To recap you see the link as up reported by ifconfig during that time?

You see that same behaviour on both your boxes?

Steve

I know Billyboy from outside the forum,
and i done some testing to reconstruct the problem.
I have tested with
pfSense 2.2.6
pfSense 2.3.2
pfSense 2.3.3
pfSense 2.3.4

The problem is the following :
When you disconnect the WAN cable, or the LAN cable from Opt1,Opt2,Opt3…etc
that after the cable is disconnected, the Web UI stills show the interfaces as online.
Normally when you then refresh the Web UI or press F5, the interface must show offline, but it doesn't.
All the interfaces em0,em1,em2,em3,em4,em5 keeps showing that they are online,
even after multiple times pressing F5.
The only interface that response the right way after disconnecting the cable, is the fx0 (100Mbps) interface.
This behaviour occurs in 2.3.4 , 2.3.3, 2.3.2 , only in 2.2.6 the interfaces shows the correct status (online or offline).
If a LAN cable is disconnected in 2.2.6 , and press F5, the interface is immediately showing offline.

This behaviour occurs on the 2 boxes that i have here, so its definitely not a hardware issue, but a software issue.
Same result with the embedded version and full version.
So it cannot be, that with behaviour CARP of WAN Failover can work properly by other users that use CARP or Failover.

Grtz
DeLorean