Watchguard Firebox XTM 8 Series
-
It is possible but it's risky.
On the XTM5, which has a very similar bios, I managed to produce corrupted bios images a number of times. The only way to recover from that was to flash the bios ROM directly via the spi header but that does not work on the XTM8 as Eams found. So if the image turns out corrupt it's going to brick the box. ;)
To do it you have to extrct the bios modules from the rom image, edit the correct one with a hex editor and then rebuild the image.Steve
-
ok, i let this bios. now flashed the second box with this bios to work on the nano installation and modifying the fstab on nano image. Hope i found the way to do it.
No way with nano image. It only brings a flashing prompt after bios. No output, nothing. Looks like it not looking for a bootloader.
But other things booting.Write the nano image with win32diskimager on the cf. In my xtm5 the nano cf is booting without problems..
-
As soon as the bootloader runs the console will switch to com1 which as we've seen doesn't exist on the xtm8. It should boot a cf card that has had interfaces already configured though, assuming the configuration is compatible with the box.
Steve
-
I can say that a 32 bit nano image run in the Igel Thin Client. Put it in the xtm8 but the orange led for hdd not flash. When running the full install on cf the led is flashing all the boottime. I Think this is a indicator that the nano image will not try to boot.
Edit:
Try now pfSense-2.1-RELEASE-1g-i386-nanobsd_vga.img.gz and it is booting without any problem!
Boottime is very fast!Can this point to a kernel problem?
-
I think it's likely that the standard Nano image attempts to write to the non-existent com1 and crashes. The only way around that seems to be either:
1. Reprogram the rear com port to be com1
or
2. Build a Nanobsd image that is coded to use com2I'm not sure what determines which port is seen as com1. It may be possible to switch them by altering the superIO chip register settings for example. More research needed.
Steve
-
The easy way is to use a nano_vga image. You only have to download it, write it to the cf and all is fine.
With monitor on vga header it can be configured. The console at start works on same settings with bios output (115200). At the Point after the question how to boot (default, acpi disabled . . .) the console shows nothing. Tried all settings in bios, tried to change baudrate to 14400 in pfsense. Nothing helps.This is my plan!
I will now close my first box, it is ready.
Make the second box up running pfsense 64 bit vga nano too.
Make a default configuration with em0 (dhcp use) for wan.
Make a backup from this cf.
Upload it for everyone need it.Than if need new install this must be the way:
write the backup to cf
boot the box with em0 (wan) connected to router
wan becomes an ip from the router dhcp
connect a usb keyboard
without see anything:
"8" for shell
"pfctl -d"
to disable firewall and connect to em0 IP that can be found in the router
configure pfsense with own settings for wan and lan.Correct me if there is a better way.
Think it is the only fast way without vga output to bring pfsense on it.For me, it s done!
-
If you configure only one interface, WAN, then that is the only way to access the webgui so the default firewall rule is there. There is no need to disable the firewall from option 8. However as soon as you add another interface the default rule moves to LAN.
If you are going to create a new image you could just start out with two interfaces defined, WAN and LAN, which would avoid any console configuration. That's how the Alix box works out of the box.You could also try to set the comconsole to com2 after boot which would be useful.
Steve
-
Need a little hint to doing that set console output to com2. Aborting boot process and than on the cli and there with set command? If this doing a output to com there is no need to do a backup image.
Edit:
Found it!
With 7 interrupt boot
set console=comconsole [Enter]
change putty from 118200 to 9600 and hit [Enter]
boot [Enter]boot and output via console ;-)
Now there is no need to make backup.
With this info everyone can install pfsense on it.
I think there is no need to flash the original bios. -
-
I made the backup with lan interface configured to a static ip and dhcp server on. Good to know, when configure em0 to wan and em1 to lan, than em0 is port0 and lan is port 4 of interfaces in front of the Watchguard XTM 8 Series. ;)
-
Hmm, that's slightly odd about the ports being 1 and 4. The numbering in pfSense is determined by he order in which they're probed..
I'm confused as to what you did to get that bootlog, I've forgotten quite where we were. ::)
So firstly it includes some information about the serial redirect module which is something I've not seen on any other box.
I assume that you got this from the rear com port whilst booting the Nano-VGA image. In which case I think it's safe to assume that it only got there by being redirected by the module (which is set to continue after boot). That could explain why you don't see anything after 'bootup complete'. The redirect module can only handle basic text so perhaps the menu is drawn in some way that it can't handle?See: https://www.freebsd.org/doc/handbook/serialconsole-setup.html#serialconsole-com2
Seems to imply that simply selecting the I/O address of the port selects the com port. That's why I was hopeful that changing the port address in the bios would suffice. It seems not. :-\Steve
-
Yes, its from the rear com port. Baudrate 118200 is showing system initializing and bios and the first boot process only to the question how to boot. At this point the boot must interupt with 7 and tell the box to use comconsole for output. After this command the baudrate must set to 9600 and it is showing the rest and stops with "Boot completed".
But now we know the way and i think with my backup from the default installation there is no need to do complete serial output. But i will test more in the new year.
-
Ah, maybe similar to the serial quirk then:
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Serial_Port_Quirk
In the X-core box that stops in exactly that place.Even if it's not necessary to have access to the serial console it's very useful to have it in case you are locked out of the webgui.
Steve
-
Not at home for christmas. Will test it in a few days.
merry xmas!
-
Any updates ???
I'm looking at an XTM810 and would like to know the ins and outs which seem it may need a bit a messin about but the end product is well worth it!
-
Hey guys,
I have recently bought an XTM 810. I can get it to boot but I lose video & console input.
Can see boot loader, can see first pfSense options menu, after this I lose video and it continues to boot completely with the startup noise. (The video and input disappear after the first pfSense options menu.)So I press 7 to exit to shell. But when I type:
set console=comconsole… I lose all video and control. This is noted to be due to it redirecting output to COM1 which is a blank header at the front of the board. COM2 at the back as discussed. Note: I have tried Putty at 9600 and tried comconsole_speed="115200" in /boot/loader.conf and /boot/loader.conf.local.
My question is: How did you get it to use COM2 instead of COM1?
On another note, angelkiller, if you get stuck at the step "Bootup complete", on other Watchguard products, as a work around with this serial quirk you can Control+C the bootup right before "Bootup complete", and then run /etc/rc.initial via command. This will give you the configuration menu and allow you to setup the interfaces and IP addresses.
Cheers,
Scott -
Replied to your PM before I read this. ::)
I don't think anyone has got com2 to work yet, Angelkiller used a Nano+VGA image I think. However JimP rcently posted a possible method for changing com ports:
https://forum.pfsense.org/index.php?topic=76382.msg418066#msg418066Steve
-
Hey Guys,
I bought off eBay this item: http://www.ebay.com/itm/VGA-Graphics-Card-Bracket-Header-Cable-11pin-12P-Small-/150600480861?ssPageName=ADME:L:OC:AU:3160
It makes life so much easier. It works with both the XTM 5 and the XTM 8 series.
USB ports work on both devices. You can access the BIOS etc.I bought another 4 of these today. My plan is to case-mod the chassis of all my boxes and permanently add this to the side of the box. Honestly, it is the best money I have ever spent.
XTM 8 works great out of the box with nano-bsd vga, and this vga header cable.
Cheers,
Scott -
Thanks for the link. Good to know. :)
Steve
-
I'll have to keep this in mind for down the road. Don't really need VGA as the serial works rather well on the XTM 5, but always nice to have options.
