Watchguard XTM 5 Series
-
This post is deleted! -
Hi Steve, thank you, how can I reset the CMOS? Is there a jumper or should i remove the small battery?
Sounds like a hardware issue.
I'd try disconnecting everything you can, which isn;t much in the XTM5. Rmove the crypto card though if you haven't already.
Reseat the memory and CPU. Remove any additional DIMMs you might be using. Reset the CMOS.
Steve
-
Removing the battery for 10mins is a good way. There is a jumper but I forget exactly where, usually near the battery though.
Steve
-
@747Builder:
my e8400 is reporting
dev.cpu.0.freq_levels: 2992/-1 2618/-1 2244/-1 1870/-1 1496/-1 1122/-1 748/-1 374/-1 dev.cpu.0.freq: 374est0: <enhanced speedstep="" frequency="" control="">on cpu0 est: CPU supports Enhanced Speedstep, but is not recognized. est: cpu_vendor GenuineIntel, msr 616092606000926 device_attach: est0 attach returned 6</enhanced>Hmm, OK that's Speedstep not working. That's what I see also.
The frequency levels you do see are from ACPI throttling which doesn't really do anything useful. Those are not real P-states supported by the CPU. The only way I managed to get this sort of working was using an uploaded DSDT to override what is in the BIOS. However I've never been able to replicate it since. Memory not as good as it was. ::)
Steve
-
Is there a confirmed-working 8 GB (2x 4GB) kit? Trying to max-out my XTM 505 :)
From what I understand, it will only worth it low density 4GB sticks of DDR2 PC2-6400. Is that correct?
-
I've never had a problem with the modules I've used but I've never tried to go to 8GB. You probably don't need 8GB to be honest.
Steve
-
Is there a confirmed-working 8 GB (2x 4GB) kit? Trying to max-out my XTM 505 :)
From what I understand, it will only worth it low density 4GB sticks of DDR2 PC2-6400. Is that correct?According to the website below the watchguard doesn´t accept more than 4 GB. An even the 4 GB Kit is really expensive.
https://translate.google.com/translate?sl=de&tl=en&js=y&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.triebwerk23.de%2Fjoomla%2Findex.php%2Ffirewalls%2Fwatchguard-xtm-5-xtm-505-515-525-545-pfsense-64-bit&edit-text=&act=url
-
Hi everyone,
fist of all I like to thank Steve for the awesome work you have done with regards to the XTM 5 platform and pfSense. Thank you!! Really amazing.
Quick questions, though:
-
All fan connectors on the mainboard are 4-Pin headers, but only 3 pins are populated on the three Sunon fans (2x cpu, 1x sys). Does anyone know if the mainboard connectors support PWM-fans as they are 4-pin? Is there a way to test if pin 4 supplies a speed control signal?
-
Does anyone know if the fan inside the 220 W PSU version is 5 or 12 V? I took mine apart to clean it, but forgot to take a closer look.
Thanks and keep up this great work!
BTW, running:
XTM 505
Intel Xeon X3320
2x 2Gig 800 Mhz DDR2 RAM
500 Gig WD Blue 2,5 Inch HDDWorks like a charm! Only have to quiet the CPU fans a little by replacing them.
-
-
- Does anyone know if the fan inside the 220 W PSU version is 5 or 12 V? I took mine apart to clean it, but forgot to take a closer look.
The Fan inside the PSU is a 12V version, cable connection is soldered direct to the mainboard of the PSU.
Replacing this fan with a quieter fan, will also lower the cooling, wich result in higher temperature in the PSU
and premature failure.If you flash the unlocked BIOS , then you can lower the default lowest fan speed for
the CPU fans and separate for the case fan to almost zero.
With that option , you don't have to replace the fans.Grtz
DeLorean -
The Fan inside the PSU is a 12V version, cable connection is soldered direct to the mainboard of the PSU.
Replacing this fan with a quieter fan, will also lower the cooling, wich result in higher temperature in the PSU
and premature failure.I just checked and the fan in my PSU is connected via a 2-pin connector. My box uses the same PSU as described in https://www.watchguard.com/docs/corporate/wg_xtm5De-MFR_instructions.pdf on page 8. Doing some more digging on the PSU (ST-220FUB-05E made by Seventeam) it seems as the PSU fan is temperature controlled as well. I will have to torture my PSU a little bit to find out, if the fan really is controlled by a temp probe. The PSU fan is a different Sunon fan than the three CPU / system fans - only 20 vs 28 mm in depth.
I have made some good experience with Noctua NF-A4x20 fans lately (http://noctua.at/en/products/fan/nf-a4x20-flx/specification). They run at 5000 rpm @ 12 V and are really silent. Airflow sure is less than on the original Sunon - ~ 10 vs 28 m³/h at max speed. But the Noctual fan has almost identical static pressure (both at max rpm). As the Sunon fans do not need to run at maximum RPM to cool the system accordingly, static pressure on the Noctua fan is higher relative to RPM. Especially in a CPU cooling configuration as used in the XTM5 the Noctua should work well in theory, as we will need high static pressure first, airflow comes second.
I am about to upgrade my box with four if theses fans, but I am still trying to figure out if I should get the PWM or the standard version of the Noctua fan for CPU and system fans. The price is identical.
Cheers!
-
Hello,
I'm looking to perform a XTM 5 Series BIOS modification.
I have a box where the 100Mbps port is giving problems by detection during boot, with the Unlocked BIOS
i can disable this port in the BIOS under Chipset -> South Bridge Configuration -> PRO-NIC Controller
But after a BIOS reset, this port will be back enabled.
I have Amibcp 3.51 for modifying the BIOS file, and can open the BIOS file and make changes in this section of the BIOS part,
but i don't get it to work that this port is disabled by default and hided.
I can only hide this section, but not hide and disabled, only disabled when choose "optimal" or "failsafe".Thanks in advance
Grtz
DeLorean -
Hi all,
I have two XTM5 (505 and 515) with the BIOS:Vendor: American Megatrends Inc.
Version: 080015
Release Date: 02/03/2010and upgraded hardware on both:
CPU: Intel E5800 @ 3.2 Ghz
RAM: 2 GB
SSD: 60 GBrunning on the latest pfsense 2.3.4-p1.
…
I recognized problem:
When I pull a cable out of any of the em ports, Pfsense needs more than 5 Minutes to change the interface to down (both in the GUI DASHBOARD as well as on the Interfaces status page). However the port LEDs are switched off immediately.
...To resolve this problem, if have done some more investigations:
I have done a fresh install 2.3.4-P1 on SSD (through PC, choosing embedded Kernel). I resetted to factory defaults and configured the two default interfaces only: em0 (WAN, DHCP) and em1 (LAN, static IP).
Still same issue, it takes minutes till PFSense recognize the disconnected cable.
Are there tuning parameters for the EM / Intel NICs?
I checked "Disable hardware checksum offload" already, no change.
Any Idea?
-
Still no idea how that could happen I'm afraid.
To recap you see the link as up reported by ifconfig during that time?
You see that same behaviour on both your boxes?
Steve
-
Still no idea how that could happen I'm afraid.
To recap you see the link as up reported by ifconfig during that time?
You see that same behaviour on both your boxes?
Steve
I know Billyboy from outside the forum,
and i done some testing to reconstruct the problem.
I have tested with
pfSense 2.2.6
pfSense 2.3.2
pfSense 2.3.3
pfSense 2.3.4The problem is the following :
When you disconnect the WAN cable, or the LAN cable from Opt1,Opt2,Opt3…etc
that after the cable is disconnected, the Web UI stills show the interfaces as online.
Normally when you then refresh the Web UI or press F5, the interface must show offline, but it doesn't.
All the interfaces em0,em1,em2,em3,em4,em5 keeps showing that they are online,
even after multiple times pressing F5.
The only interface that response the right way after disconnecting the cable, is the fx0 (100Mbps) interface.
This behaviour occurs in 2.3.4 , 2.3.3, 2.3.2 , only in 2.2.6 the interfaces shows the correct status (online or offline).
If a LAN cable is disconnected in 2.2.6 , and press F5, the interface is immediately showing offline.This behaviour occurs on the 2 boxes that i have here, so its definitely not a hardware issue, but a software issue.
Same result with the embedded version and full version.
So it cannot be, that with behaviour CARP of WAN Failover can work properly by other users that use CARP or Failover.Grtz
DeLorean -
Still no idea how that could happen I'm afraid.
To recap you see the link as up reported by ifconfig during that time?
You see that same behaviour on both your boxes?
Steve
…
I have tested with
pfSense 2.2.6
pfSense 2.3.2
pfSense 2.3.3
pfSense 2.3.4The problem is the following :
When you disconnect the WAN cable, or the LAN cable from Opt1,Opt2,Opt3...etc
that after the cable is disconnected, the Web UI stills show the interfaces as online.
......After a maximum of 10 minutes (differs from try to try) the system recognizes the disconnected cable. But reconnection is recognized immediately.
Tried the latest beta/nightly as well, no success.
I have already tried the following without success:
Enabled all TCP offloads
Disabled MSI/MSIx and flow-control
hw.pci.enable_msix=0
hw.pci.enable_msi=0
hw.em.fc_setting=0As we have seen this now on 4 boxes, this is probably a general problem/bug!!!
Who can test this on his existing box with 2.3.4?
-
I just checked and the fan in my PSU is connected via a 2-pin connector. My box uses the same PSU as described in https://www.watchguard.com/docs/corporate/wg_xtm5De-MFR_instructions.pdf on page 8. Doing some more digging on the PSU (ST-220FUB-05E made by Seventeam) it seems as the PSU fan is temperature controlled as well. I will have to torture my PSU a little bit to find out, if the fan really is controlled by a temp probe. The PSU fan is a different Sunon fan than the three CPU / system fans - only 20 vs 28 mm in depth.
I have made some good experience with Noctua NF-A4x20 fans lately (http://noctua.at/en/products/fan/nf-a4x20-flx/specification). They run at 5000 rpm @ 12 V and are really silent. Airflow sure is less than on the original Sunon - ~ 10 vs 28 m³/h at max speed. But the Noctual fan has almost identical static pressure (both at max rpm). As the Sunon fans do not need to run at maximum RPM to cool the system accordingly, static pressure on the Noctua fan is higher relative to RPM. Especially in a CPU cooling configuration as used in the XTM5 the Noctua should work well in theory, as we will need high static pressure first, airflow comes second.
I am about to upgrade my box with four if theses fans, but I am still trying to figure out if I should get the PWM or the standard version of the Noctua fan for CPU and system fans. The price is identical.
Did you succeed?
Was it worth the money and effort? -
Hi all,
For those of you with Xeons that would like coretemp to report the correct temp, you can try this recompiled coretemp module.
I have set the TJMax value to 70c
Remove the png extension and upload to /boot/coretemp2.ko
Chmod 755 coretemp2.ko
In your /boot/loader.conf.local add the following:
coretemp2_load="YES"
Reboot.
You should now have a correct temperature reading. I did this several months ago and its been working fine.
If your CPU is in the same family as L5420 this should also work for you.
-
Not sure anyone found this yet, but I was convinced there must be a PCIe "female-to-female" adapter that would be usable and I came across this:
https://www.aliexpress.com/store/product/PCI-Express-x1-x4-x8-x16-Male-to-Male-PCI-E-3-0-Male-to-Female/113308_32830684089.html
The "R33FF" model appears to be a x16 female to female adapter. It's a little pricey at $51 plus shipping. Anyone try anything like this to use the PCIe slot? I'm not sure I want to use the PCIe slot for anything frankly, but hopefully this helps someone (or someone can help me come up with an excuse to try it.)
-
This post is deleted! -
I thought I would share how I got pfSense 2.4 (mostly) running on an SSD on my XTM 5 version 2 box (initially a XTM 515) since I encountered a few snags along the way that I hadn’t seen brought up in this thread. In the previous forty some pages, there were a lot of questions about what the version 2 boxes had under the hood: It’s a Celeron E3400 processor with 2x1GB RAM. As far as I can tell, everything else is similar. My BIOS firmware declared it was “WG BIOS 1.3” on the LCD, which is newer than the 1.2 BIOS that is (modified or otherwise) floating around in this thread. See later on for more on the BIOS.
The only thing I haven’t resolved is that the WAN interface fails to get an IP address on boot. More details at the end; any help would be appreciated.
Anyway, here goes:
-
Remove the unsupported Cavium card & the 1GB CF card.
-
Take a Dremel tool to a 2.5” to 3.5” bay adapter to make it fit. Mine had holes that lined up relatively closely with the power supply screws, so after cutting the adapter to size I just drilled those holes out a bit larger.
-
I hooked up the SSD to my laptop via USB to SATA adapter similar to this one: http://www.newertech.com/products/usb3_universaldriveadap.php
-
I used VirtualBox on Ubuntu to install pfSense to the hard drive. This presented a few hiccups:
I allowed access to a raw hard disk (/dev/sdc in my case) using this procedure: https://www.serverwatch.com/server-tutorials/using-a-physical-hard-drive-with-a-virtualbox-vm.html However, I needed root permissions to both create the VirtualBox hard drive that pointed to the real drive (sudo VboxManage…) and I also needed to run VirtualBox as root as well for it to work. I’m sure there is a better way to manage permissions and not run as root, but I really wasn’t concerned enough to investigate.
I set up the VM with 2GB of RAM, the same amount I had on the XTM 5.
I enabled the serial console in the VM using a “host pipe” as explained here so I could use it in VirtualBox if necessary: https://www.gonwan.com/2014/04/07/setting-up-serial-console-on-virtualbox/
I also included two network adapters so I could set up WAN and LAN in VirtualBox if necessary. The first, for WAN, I left as NAT, and the second for LAN I created a host-only network on vmnet0 with DHCP disabled. I changed the Host IP to 192.168.56.10 so I could give pfSense 192.168.56.1. See https://www.virtualbox.org/manual/ch06.html for more on VirtualBox networking. I theoretically wouldn’t need these network adapters or the serial console, since others installing previous versions of pfSense to a hard disk simply did so, dropped it in to the Firebox before rebooting, and configured it from there, but…
Setup from the ISO does not enable the serial console by default, which I realized after I had already installed pfSense to the hard drive and tried to boot it on the Firebox. Perhaps there is a way to do this from setup itself or the console after installation, but I couldn’t find it readily. So, I fired up pfSense in VirtualBox, configured the network adapters, and connected to the web interface at https://192.168.56.1/. From there, the serial console can be enabled in System > Advanced. I connected to the host pipe with minicom to test the serial console and reboot. Voila!
-
After installing the SSD in the Firebox, I grabbed an old Windows XP laptop out of storage that actually had a serial port on it to connect to the serial console. After putting the appropriate settings in PuTTY, I pushed the button, and just got an error “ding.” No error message; just “ding.” So, I dug out a USB to Serial adapter and used my laptop with Ubuntu. Minicom and gtkterm worked generally okay, so out of curiosity I installed PuTTY in Ubuntu. I put in the settings, pushed the button… error “ding.” I’m probably missing something obvious. Anyway, I found that pfSense kept em0 as WAN and em1 as LAN from when I set that up in VirtualBox, so the networks didn’t have to be reconfigured. Everything worked seemingly well.
-
Install flashrom and LCDproc. I only had to change the driver to the Firebox one and the port to parallel; I left all other LCDproc options on the Web Configurator alone.
-
I know it’s not completely necessary, but I wanted to unlock the BIOS. However, I didn’t want to flash someone else’s random BIOS I found on a forum! I wanted to modify my BIOS with some random tool I found on the internet instead! ;D So, after finding the now ancient AMIBCP 3.51 (The links in this thread are dead; the link I used was this: https://ulozto.net/!PfXQpYPhn/amibcp-3-51-zip ) all I did was change the access level to 3 and enabled the “Always CF Card Boot” menu item in Advanced. I left everything else alone. I couldn’t find where to mess with the Arm/Disarm LED, I wasn’t sure how to enable speedstep (and later posts make it sound like it doesn’t work anyway,) and I thought decompressing modules was a little complicated and didn’t care what it said on the LCD at boot. My Arm/Disarm LED never lit up either before or after BIOS modification. If there’s other things that could/should be enabled, let me know (Steve?). I have attached both the original BIOS and my modified one to this post in a zip file; as usual, use with extreme caution. I flashed my modified BIOS, pulled the battery for a while, and when I put everything back together and booted it up I had full access to the BIOS menus.
MD5SUMs for the very brave:
8eaeb054452c9b8f6ba98d8a5c99ca9f XTM5v2_BIOS.rom
5599976bee52736c37806fbd8a4af9b7 MJR-BIOS.rom8] The final hiccup, and why I said it almost works: I connected the XTM 5 to my present router for testing. On boot, it will not get an IP address on the WAN interface. I always have to make it try again somehow (via the web configurator refresh button, for example.) Any thoughts? As a stopgap, I was thinking of writing a script and that pings Google DNS, if it fails, make dhclient get a new DHCP lease on WAN, and have the script run as a CRON job every hour or so. Any help would be appreciated.
Thanks,
MattEDIT: I can't speel gud
-
