Watchguard XTM 5 Series

Fffrank

@samtap I believe you have to flash the PFSense HDD with an MBR boot record. I played around with this a bit using Rufus to write the image -- I don't remember the exact settings that I used but it sounds like that is your issue.

stephenw10

I would expect it to boot a HD if there is no other boot media present. You can only change the boot order with the unlocked BIOS but the HD should be in the list, USB is not. Though I don't recall now if I ever tried it. It's been way too long.

pfSense has defaulted to 115200 for the console speed since 2.2 so you should see something there if you enabled the serial console on the install.

You can write the BIOS from flashrom in pfSense. If you write a Nano image to a CF card that will boot.

Steve

samtap

Right now the issue i'm facing is entering the BIOS. It says to press the DEL key or F4 on remote keyboards. I think in vt100 mode the del key works, and in ansi mode the F4 key (escape sequence). But it just halts the boot process, i.e. it doesn't boot Fireware from the CF card, display reads 'Watchguard` but it doesn't load the BIOS, the output just freezes :-(.

Fffrank

@samtap It's actually the tab key on vt100.

I was finally able to get mine to boot again. I don't know if I had a bad CF card or if my processor was causing issues. Another E8500 was <$10 so I swapped that out and replaced my CF card. Wrote the image on my card reader from Windows with Rufus and it booted right up. It still has an issue where occasionally the console will continue past the bios with (my guess) black on black text.... but pulling the cables and re-initializing putty brings it back up.

From the CF card I installed PFSense to a 60gb hard drive that I pulled out of an early macbook. I'd rather not worry about burning up the card. I've not stressed it, yet but my temps are much lower and I haven't received any i/o errors, yet.

I believe I've been successful. Finishing up the rest of my network rack tonight and I'll configure and deploy it. Fingers crossed!

stephenw10

Yes, use TAB to enter the BIOS setup over serial. However everything (except the date and time?) is read-only in the standard BIOS.

You should not need to enter the BIOS to boot from CF though.

Steve

samtap

Thanks @Fffrank and @stephenw10, it is the TAB key! Would have taken me forever to find that out by myself ;-). I know the bios is locked but it's good to know I can access it once i've flashed the unlocked/modified bios.

it.supportidata.se

@t-rexky Hi - we decommissioned a couple of gen 2 (04/26/2010 Bios) XTM510's last year. We've been running pfSense as routers on vmWare for several years but it's always a bit of a challenge having them virtual when it comes time to shut down the environment. If I can get the XTM510's converted I'll use them instead of the VM's that have served so well for the last couple of years.

Long story short, have succeeded in copying an install image to the 1GB CF and then installing 2.4.4 64bit to a 120MB SSD and booting to that. Interfaces are up and all seems green. Getting ready to replace the original Celeron 440's with a couple CoreDuo E5700's that I picked up off of eBay.

Can I use the your BIOS image to update my current locked American Megatrends 080015 (Rev. 8.15) with the Core Duo E5700's?

stephenw10

Yes you can. You would probably want to use the most recent file of his or the file I modded long ago as they don't contain DSDT speedstep data which the other do and wouldn't match your CPU.

Steve

it.supportidata.se

@stephenw10 Thanks for your reply - I assume his latest that will work for me is this?:

t-rexky 5 months ago
I can only imagine how many hours you spent on this! Reverse-engineering can be a lot of fun, but with a general purpose chip and so many possibilities this must have been labour of love…

I modified the most recent version of my unlocked BIOS to implement the LED initialization to red and the adventurous can obtain the file from my dropbox:

https://www.dropbox.com/s/o09qcz21apu4dk6/xtm515-bios1.3-unlocked1.9.led.rom.zip?dl=0

This has been tested on one of my units and it works fine. Please note that this version does not implement any SpeedStep definitions - it is effectively the unlocked WatchGuard factory BIOS with all my other tweaks.

stephenw10

Yes, I believe that should work though I've not tested it myself.

it.supportidata.se

@stephenw10 Well, better to be safe than sorry, I have pulled down both of your images - just to verify -
There were a few posts several years ago that said you had to have EXACTLY the 02/03/2010 BIOS, but from what I understand from you and t-rexky your versions are ok to flash over the 04/26/2010 BIOS? Since I have spent a bit of time and a little dough shopping to get new disks, cpus and memory, I don't want to end up with nothing to put them in!

Thanks again for your responses and all the work you guys have put into this over the years.

stephenw10

Well you have two shots!

But backup your existing rom file first. You can always write it back with an SPI device it you really have to.

Steve

it.supportidata.se

@stephenw10 Deed is done. Thanks Steve. Used your image and went smooth as silk.

timveer

** Bounty available **
Hello all, this may not be the mega-millions bounty, but I'll throw $20 on the table.

I have a Watchguard XTM 505, that was working fine with pfSense. However, like all tech idiots, I figured I'll flash the bios so that I can boot the Watchguard in terminal without having to wait, but just plug it in (console cable) start it up and watch the little characters dance on the screen :)

So, I flashed the bios, no problem all went fine, I rebooted into pfSense after that, again all went fine. But when I went to make changes to the bios, using putty, the highlighted item was the same color as the background (which I didn't realize at the time) and I think I changed a few settings I shouldn't have. pfSense didn't boot!!!

So, back into the bios and I selected "Choose preferred settings" (or something like that), F10 Save & Exit. pfSense won't boot again!!! Arrgghhhhhh!

So, flashing again isn't going to happen as I can't get pfSense to boot, which means I can't get out to console and, unfortunately, all I know of Linux is that they use a cool penguin for a mascot!

If someone can:
a: tell me how to reflash the bios (and I'll need a bios file)
or
b: what are the bios settings (a list of settings or screen shots) to make the dang thing work again.

Let me know what you need and I'll get the thing back on track. Once done, I'll shoot the $20 over on Paypal.

Cheers,
MadDogDean

PS: The Watchguard has the 02/03/2010 BIOS

stephenw10

What BIOS image exactly did you flash to it?

First thing to try here is just reset the CMOS using the jumper on the board. That will give you back the default values. And that should boot pfSense. It depends on what BIOS image you put in there though.

All images should boot from CF, even the default BIOS, so you can try writing a Nano image to a CF card and booting that:
https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.3.5-RELEASE-2g-amd64-nanobsd.img.gz

Steve

MadDogDean

Hi Steve, the bios I flashed was from Alpha labs over at https://alpha-labs.net/2017/08/pfsense-on-watchguard/

I was following this thread on the forum, but with over 800 postings, it became a little overwhelming. Over at Alpha Labs, the author, Christian, did quite a thorough write-up and step by to do it.

The ROM is xtm5_83.rom (this is the one that seems to be floating in the ether)

I'll give that a try to reset the CMOS and see how that fares.

I already downloaded the 2.3.5 image and dropped it on a 4GB CF. That side of things should be good. I'll get to the box and work my wonders.
Cheers,
MadDogDean

stephenw10

Ok, that's the rom I made some year ago now (unless it was changed without renaming it).
So mostly that should just give you access to the settings. I'll have to double check the settings but I think 'always boot from CF' was still enabled by default. Disabling that will allow you to boot from USB to run an install. IT should boot from SATA though with the default settings.

Steve

MadDogDean

@stephenw10 Thanks Steve, I'll check the "always boot from CF", and I'll give a go to reset the CMOS settings.

I'm not at the box right now, which jumper is it?
Cheers,
MadDogDean

MadDogDean

@stephenw10
Steve, or any of you other brainiacs, which is the CMOS jumper?
I was able to find the Lanner FW-7581 manual wherein it says the CMOS reset is J5 - ha! There is no J5 on my board. and according to the mb diagram, there should be a CMOS jumper near the CF, but on my board it's not there.
Is there a CMOS reset jumper on these boards, or just "pull the battery, have a beer, come back and it'll drain and reset"?
Cheers,
MadDogDean

t-rexky

@MadDogDean Yes, if you cannot find the clear CMOS jumper or contacts then the battery removal works. You can wait for a few minutes with no battery (and the unit unplugged from the mains of course), or if you are impatient you can use a conductive object to short the two battery socket contacts to discharge the circuit on the board instantly. If you are concerned about force discharging the circuit then just wait it out...