Watchguard XTM 5 Series
-
@stephenw10 I have tried to compile that script to no avail, keeps telling me that there is files missing, I have googled about for those files, still with no avail. In regards to the bios, would I back it up, edit the bios backup on a different PC and then reflash it back to the box?
-
Yeah I've never tried to use it under Linux. But you should be able to use the data there to set the SuperIO chip some other way. It would not surprise me to find that Linux already has a utiltiy to do it.
Yes, editing the bios and reflashing it is what I did. That's always a risk!Steve
-
@stephenw10 I found SuperIO tool which dumps all of the superIO bits and bobs, no luck to controlling the IO as of yet, although I could just be looking for the wrong thing. If needs be, I can offer someone access to it if anyone wants to dink about on it to try and get the LED working.
Some positive though, I have gotten the system temp sensor to work with lm_sensors, with little to no fan speed with the stock fans and low speed adapters, its rock solid at 65C.
Ive slapped in the dump from the superIO tool below:
superiotool r6637 Found Winbond W83627THF/THG (id=0x82, rev=0x85) at 0x2e Register dump: idx 20 21 22 23 24 25 26 28 29 2a 2b 2c 2d 2e 2f val 82 85 ff fe c6 00 00 00 00 00 00 00 00 00 ff def 82 NA ff 00 MM 00 MM 00 00 00 MM MM MM 00 00 LDN 0x00 (Floppy) idx 30 60 61 70 74 f0 f1 f2 f4 f5 val 00 00 00 00 02 0e 00 ff 00 00 def 01 03 f0 06 02 0e 00 ff 00 00 LDN 0x01 (Parallel port) idx 30 60 61 70 74 f0 val 01 03 78 07 04 3c def 01 03 78 07 04 3f LDN 0x02 (COM1) idx 30 60 61 70 f0 val 01 03 f8 04 00 def 01 03 f8 04 00 LDN 0x03 (COM2) idx 30 60 61 70 f0 f1 val 01 02 f8 03 00 04 def 01 02 f8 03 00 00 LDN 0x05 (Keyboard) idx 30 60 61 62 63 70 72 f0 val 01 00 60 00 64 01 0c 82 def 01 00 60 00 64 01 0c 80 LDN 0x07 (GPIO 1, GPIO 5, game port, MIDI port) idx 30 60 61 62 63 70 f0 f1 f2 f3 f4 f5 val 00 02 01 03 30 09 ff ff ff ff ff ff def 00 02 01 03 30 09 ff 00 00 ff 00 00 LDN 0x08 (GPIO 2) idx 30 f0 f1 f2 f3 f4 f5 f6 f7 val 01 cf 6c 00 00 ff 00 00 00 def 00 ff 00 00 00 RR 00 00 00 LDN 0x09 (GPIO 3, GPIO 4) idx 30 f0 f1 f2 f3 f4 f5 f6 val 00 ff ff ff 00 ff ff ff def 00 ff 00 00 00 ff 00 00 LDN 0x0a (ACPI) idx 30 70 e0 e1 e2 e3 e4 e5 e6 e7 f0 f1 f3 f4 f6 f7 f9 fe ff val 00 00 01 00 fb 00 30 00 00 00 00 8f 33 00 00 00 00 00 00 def 00 00 00 00 MM MM 00 00 00 00 00 00 00 00 00 00 00 RR RR LDN 0x0b (Hardware monitor) idx 30 60 61 70 val 01 0a 00 00 def 00 00 00 00
-
A (long) while back, I integrated the LED control code in a version of the lcdproc sdeclcd driver (the driver that applies to all these Watchguard/Lanner boxes). The intent was to capture all the hard discovery work generously shared by @stephenw10 before it became lost to the big bit bucket in the sky. lcdproc drivers can support a generic output function sent by a client, but it is up to the driver to interpret the number parameter as it sees fit. I meant for it to be portable FreeBSD and Linux code, but it has not been touched in a while. The code seemed a bit complex and not necessarily a great for for an LCD driver, so it was never submitted upstream. Have a look here:
-
@fmertz Beautiful, I already dinked with that driver to get the mappings correct, must've missed it. How would I control the LED with LCDProc? cant immediately see an option to do so.
-
Well, you would have to create a "client" to the LCDd server, and issue an "output" command, followed by an int. That value would be interpreted as:
/** * API: Updates LEDs as per "state". Here, "state" is supposed to contain the sequence the LEDs are * to be lit by. We need to support Red, Green and Off. Therefore, we need 2 bits to encode the * possible values. So, a 32 bit "state" can host a sequence of 16 separate illuminations. Each * group of 2 bits is examined in sequence, as a time slot, each time output is called, and the * hardware LEDs are updated accordingly. */
Read through the beginning of this: LCDproc Developer's Guide
In short, after starting LCDd with the sdeclcd driver, create a new client:
telnet 127.0.0.1 13666
Then try:
hello info output 2863311530 output 1431655765
This was only tested on an older X-Core-e, so adjust your expectations...
-
Significantly more difficult on the XTM5 because they are not directly addressable GPIOs like they were on the X-E. You need to run a sequence against the SuperIO chip to access it's registers.
Steve
-
@fmertz yup, nothing happened :/
-
I looked through this thread quite quickly and could not find this so reposting just in case.
To put WGXepc64 on an XTM5 box.. and make the arm light go green..
From the console.. each of these commands.
/root
fetch https://github.com/stephenw10/WGXepc/raw/master/WGXepc64
chmod +x WGXepc64From the GUI..
Use the shellcmd package to execute the command at startup.
System > Packages
Available Packages Tab
Locate Shellcmd
Select the + icon to the right
Confirm install is complete
Services > Shellcmd
Click the + icon to add a new command
Enter in the following
Command: /root/WGXepc64 -l green
Shellcmd Type: Shellcmd
Description: Green Arm Light
Reboot
Confirm -
Hi Guys,
Asking for a little pointer here. I have been using PFS 2.1.2 on Watchguard X550e for a few years now but wanted to update and noted comments that these units wouldn't run the latest version because of not supporting x64. So I acquired myself a Watchguard xtm 5 (not sure which model it is) in keeping with the red.
I have downloaded the current memstick-serial but have not made any attempts to flash the bios as a number of the posts said this was not necessary.
I am posting my log below but it is sticking at ata2: <ATA channel> at channel 0 on atapci1 on first boot from CF I cannot find any reference to that error and am thinking I must have made some silly mistake so any pointers appreciated.
Thanks in advance
LukeAMIBIOS(C)2006 American Megatrends, Inc. MB-7580 Ver.WD0 04/26/2010 CPU : Pentium(R) Dual-Core CPU E5300 @ 2.60GHz Speed : 2.60 GHz Press DEL to run Setup (F4 on Remote Keyboard) Press n if you want to boot from the network Press F11 for BBS POPUP (F3 on Remote Keyboard) The MCH is operating with DDR2 800 DRAM Timing: Tcl:6/Tras:18/Trp:6/Trcd:6/Twr:6/Trfc:52/Twtr:3/Trrd:3/Trtp:3 Initializing USB Controllers .. Done. 2014MB OK Auto-Detecting Pri Master..IDE Hard Disk Auto-Detecting 3rd Slave...IDE Hard Disk Ultra DMA Mode-5, S.M.A.R.T. Capable and Status OK /boot/config: -S115200 -h Consoles: serial port BIOS drive C: is disk0 BIOS drive D: is disk1 BIOS 639kB/2060928kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (Wed Nov 21 08:03:01 EST 2018 root@buildbot2.nyi.netgate.com) Loading /boot/defaults/loader.conf - - __ _ __ / _|___ ___ _ __ ___ ___ | '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \ | |_) | _\__ \ __/ | | \__ \ __/ | .__/|_| |___/\___|_| |_|___/\___| |_| +============Welcome to pfSense===========+ __________________________ | | / ___\ | 1. Boot Multi User [Enter] | | /` | 2. Boot [S]ingle User | | / :-| | 3. [Esc]ape to loader prompt | | _________ ___/ /_ | | 4. Reboot | | /` ____ / /__ ___/ | | | | / / / / / / | | Options: | | / /___/ / / / | | 5. [K]ernel: kernel (1 of 2) | | / ______/ / / | | 6. Configure Boot [O]ptions... | |/ / / / | | | / /___/ | | | / | | | /_________________________/ +=========================================+ /boot/kernel/kernel text=0x17c1930 data=0xb93d38+0x557b28 syms=[0x8+0x197400+0x8+0x197f72] Booting... KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2018 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 11.2-RELEASE-p10 #9 4a2bfdce133(RELENG_2_4_4): Wed May 15 18:54:42 EDT 2019 root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense amd64 FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0) VT(vga): resolution 640x480 CPU: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz (2593.56-MHz K8-class CPU) Origin="GenuineIntel" Id=0x1067a Family=0x6 Model=0x17 Stepping=10 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0xc00e3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE,OSXSAVE> AMD Features=0x20100800<SYSCALL,NX,LM> AMD Features2=0x1<LAHF> VT-x: HLT,PAUSE TSC: P-state invariant, performance statistics real memory = 2147483648 (2048 MB) avail memory = 1985601536 (1893 MB) Event timer "LAPIC" quality 100 ACPI APIC Table: <042610 APIC1157> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) ioapic0 <Version 2.0> irqs 0-23 on motherboard SMP: AP CPU #1 Launched! Timecounter "TSC-low" frequency 1296778444 Hz quality 1000 ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff80681430, 0) error 1 random: entropy device external interface ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff806814e0, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80681590, 0) error 1 iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE. iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff806a8460, 0) error 1 iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE. iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff806a8510, 0) error 1 iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE. iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff806a85c0, 0) error 1 wlan: mac acl policy registered kbd1 at kbdmux0 netmap: loaded module module_register_init: MOD_LOAD (vesa, 0xffffffff8120aaa0, 0) error 19 nexus0 vtvga0: <VT VGA driver> on motherboard cryptosoft0: <software crypto> on motherboard padlock0: No ACE support. acpi0: <042610 RSDT1157> on motherboard acpi0: Power Button (fixed) cpu0: <ACPI CPU> on acpi0 cpu1: <ACPI CPU> on acpi0 attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0 atrtc0: registered as a time-of-day clock, resolution 1.000000s Event timer "RTC" frequency 32768 Hz quality 0 Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pcib0: _OSC returned error 0x10 pci0: <ACPI PCI bus> on pcib0 pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0 pci1: <ACPI PCI bus> on pcib1 pci1: <encrypt/decrypt, network/computer crypto> at device 0.0 (no driver attached) vgapci0: <VGA-compatible display> port 0x6800-0x6807 mem 0xfe000000-0xfe3fffff,0xd0000000-0xdfffffff irq 16 at device 2.0 on pci0 agp0: <Intel G41 SVGA controller> on vgapci0 agp0: aperture size is 256M, detected 32764k stolen memory vgapci0: Boot video device pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0 pcib2: [GIANT-LOCKED] pci2: <ACPI PCI bus> on pcib2 em0: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0x9c00-0x9c1f mem 0xfe6e0000-0xfe6fffff,0xfe6dc000-0xfe6dffff irq 16 at device 0.0 on pci2 em0: Using MSIX interrupts with 3 vectors em0: Ethernet address: 00:90:7f:9a:09:23 em0: netmap queues/slots: TX 1/1024, RX 1/1024 pcib3: <ACPI PCI-PCI bridge> irq 17 at device 28.1 on pci0 pcib3: [GIANT-LOCKED] pci3: <ACPI PCI bus> on pcib3 em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xac00-0xac1f mem 0xfe7e0000-0xfe7fffff,0xfe7dc000-0xfe7dffff irq 17 at device 0.0 on pci3 em1: Using MSIX interrupts with 3 vectors em1: Ethernet address: 00:90:7f:9a:09:24 em1: netmap queues/slots: TX 1/1024, RX 1/1024 pcib4: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci0 pcib4: [GIANT-LOCKED] pci4: <ACPI PCI bus> on pcib4 em2: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xbc00-0xbc1f mem 0xfe8e0000-0xfe8fffff,0xfe8dc000-0xfe8dffff irq 18 at device 0.0 on pci4 em2: Using MSIX interrupts with 3 vectors em2: Ethernet address: 00:90:7f:9a:09:25 em2: netmap queues/slots: TX 1/1024, RX 1/1024 pcib5: <ACPI PCI-PCI bridge> irq 19 at device 28.3 on pci0 pcib5: [GIANT-LOCKED] pci5: <ACPI PCI bus> on pcib5 em3: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xcc00-0xcc1f mem 0xfe9e0000-0xfe9fffff,0xfe9dc000-0xfe9dffff irq 19 at device 0.0 on pci5 em3: Using MSIX interrupts with 3 vectors em3: Ethernet address: 00:90:7f:9a:09:26 em3: netmap queues/slots: TX 1/1024, RX 1/1024 pcib6: <ACPI PCI-PCI bridge> irq 16 at device 28.4 on pci0 pcib6: [GIANT-LOCKED] pci6: <ACPI PCI bus> on pcib6 em4: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xdc00-0xdc1f mem 0xfeae0000-0xfeafffff,0xfeadc000-0xfeadffff irq 16 at device 0.0 on pci6 em4: Using MSIX interrupts with 3 vectors em4: Ethernet address: 00:90:7f:9a:09:27 em4: netmap queues/slots: TX 1/1024, RX 1/1024 pcib7: <ACPI PCI-PCI bridge> irq 17 at device 28.5 on pci0 pcib7: [GIANT-LOCKED] pci7: <ACPI PCI bus> on pcib7 em5: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xec00-0xec1f mem 0xfebe0000-0xfebfffff,0xfebdc000-0xfebdffff irq 17 at device 0.0 on pci7 em5: Using MSIX interrupts with 3 vectors em5: Ethernet address: 00:90:7f:9a:09:28 em5: netmap queues/slots: TX 1/1024, RX 1/1024 uhci0: <Intel 82801G (ICH7) USB controller USB-A> port 0x7080-0x709f irq 23 at device 29.0 on pci0 usbus0 on uhci0 usbus0: 12Mbps Full Speed USB v1.0 uhci1: <Intel 82801G (ICH7) USB controller USB-B> port 0x7000-0x701f irq 19 at device 29.1 on pci0 usbus1 on uhci1 usbus1: 12Mbps Full Speed USB v1.0 uhci2: <Intel 82801G (ICH7) USB controller USB-C> port 0x6c00-0x6c1f irq 18 at device 29.2 on pci0 usbus2 on uhci2 usbus2: 12Mbps Full Speed USB v1.0 uhci3: <Intel 82801G (ICH7) USB controller USB-D> port 0x6880-0x689f irq 16 at device 29.3 on pci0 usbus3 on uhci3 usbus3: 12Mbps Full Speed USB v1.0 ehci0: <Intel 82801GB/R (ICH7) USB 2.0 controller> mem 0xfe4ff800-0xfe4ffbff irq 23 at device 29.7 on pci0 usbus4: EHCI version 1.0 usbus4 on ehci0 usbus4: 480Mbps High Speed USB v2.0 pcib8: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci8: <ACPI PCI bus> on pcib8 fxp0: <Intel 82801GB (ICH7) 10/100 Ethernet> port 0x8c00-0x8c3f mem 0xfe5ff000-0xfe5fffff irq 20 at device 8.0 on pci8 miibus0: <MII bus> on fxp0 inphy0: <i82562ET 10/100 media interface> PHY 1 on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow fxp0: Ethernet address: 00:90:7f:9a:09:22 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel ICH7 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0 ata0: <ATA channel> at channel 0 on atapci0 atapci1: <Intel ICH7 SATA300 controller> port 0x7c00-0x7c07,0x7880-0x7883,0x7800-0x7807,0x7480-0x7483,0x7400-0x740f mem 0xfe4ffc00-0xfe4fffff irq 19 at device 31.2 on pci0 ata2: <ATA channel> at channel 0 on atapci1
-
Is that booting from the memstick-serial image written to CF? Or it booted from USB and installed to CF and then booted from that?
IIRC it will only boot from USB if nothing else bootable is present, which is a problem.Do you want to run from CF or install a SATA drive?
Steve
-
@stephenw10 The first one booted from memstick-serial written to CF I want to install to HD but it isn't getting that far.
Thanks
-
What exact image did you use? You should be using, for example, this:
https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-p3-amd64.img.gzDoes it boot further if you disconnect the SATA drive?
Steve
-
@stephenw10 My exact filename is pfSense-CE-memstick-serial-2.4.4-RELEASE-p3-amd64.img it was downloaded from https://www.pfsense.org/download/ and selecting the boxes AMD64, USB Memstick Installer, Serial, New York.
I download on a mac so it may automatically unzip the file for me. Should I try the image location you suggest?
If I disconnect the HHD it is exactly the same, in fact I thought that was the issue at first as I booted without HDD attached.
Thanks
-
In my experience, you have to flash the modified bios since the official bios is locked and many options can't be changed i.e. the boot device preferences, by default it only boots from CF even if nothing else is attached. I was able to run the pfSense installer from CF and install to SATA disks, but it still refused to boot. You'll need the bios firmware, flash tool and some OS, boot that from CF just to flash the bios (you could likely even use the factory firmware and serial console for it, if you can find a compatible flash tool binary). After flashing lots of options that used to be read-only can now be changed and you can boot from SATA, USB etc. In addition with the modified bios pfSense can use front LCD to display some useful stats.
-
@samtap Ok, I thought that may be thew case, but many people on here have said to flash the bios from within pfsense, but mine will not even get that far.
@stephenw10 As you were asking about the image i tried making it on a Win7 PC incase it was the mac no writing it correctly to the CF but I get exactly the same response and it freezes in the same spot. Could my putty settings be wrong and it freezes once it goes into the setup program??
Thanks
-
I think there must be subtle differences between different xtm series and maybe even hardware revisions. For example people claim it boots USB/SATA once you disconnect CF reader, I believe them but for my xtm5 it didn't work like that.
By the way, are you sure it freezes during boot? It might be just the serial console settings that change after it gets through POST and starts booting the OS...
-
Ok.
So I went a step further and used my CF card and HDD connected to a VM and installed pfsense onto the hdd.
Tried hdd in xtm and hdd booted fine unto the exact same point.
So put the hdd back into the vm and booted the hdd and completed the setup with the network card configuration. and then restarted pfsense a couple of times to make sure it was booting all the way through with no questions hoping up. Then put hdd back into xtm and it boots up still to the exact same point, but I have my laptop plugged into port one to see if it gets an IP with the thought that maybe the console is freezing but it isn't getting an IP. And before you think it, yes I did remove the CF card.
Have removed the encryption card in case that was causing an issue but with no joy
So am now not sure what to do next?
Do I have a broken box or do I just need to find a way to flash the bios? I did note at the bios screen I have a date of 04/26/2010 which seems different from the date previously mentioned with bios flashes.
Thanks again
Luke -
It's an odd place in the boot to stop. It's well after the loader variables are set, which is where it would break if you had the wrong baud rate configured. It's before it mounts the root filesystem, which is where it stops writing to all consoles so is thas last thing you see if you have the VGA console set as primary.
Does it still boot the WG OS correctly? Or, say, the OpenWRT x86 image if you don't have the original OS?Steve
-
@stephenw10 Haha, I did power it up before I started and from what I could tell it booted normally. However in the messing about between writing images to CF cards I have overwritten the CF card that came in the unit so now can't check again :-(
Thanks
Luke