Watchguard Firebox XTM 8 Series
-
I remember reading the datasheet for the chip in the XTM5 and thinking that I would need to pull some pins one way or the other but in the end I didn't need to. The circuitry provided on the board did enough. Reading back the write protect pin is not conneceted at all on the XTM5 but that didn't seem to be a problem. If you try to pull up the WP pin use a resistor to be safe.
The original developer uses 150Ohm resistors. The value is not critical, they must be sufficiently large that the parallel port doesn't try to sink or supply too much current and the voltages on the pins are able to be distinguished as logic high or low. I used two 150Ohm and two 160Ohm resistors because that's what I had. Going higher is less likely to cause problems as long as you're still orders of magnitude lower than the input/output impedance of the parallel port (which I don't know but is probably ~10KOhms ;)).
Steve
-
Forgot to mention it's important to keep the cable length as short as possible. Long cables can pickup interference and cause problems. My cable was as short as I could make it, ~15cm.
Steve
-
Thanks for the info Ste.
My lead is about 15cm long too!
Eamon
-
Ok, so I've been trying this out the parallel port hack over the last couple of weekends.
What I've discovered so far - the XTM8 doesn't seem to power the chip when it's in standby - SPIPGM reports chip as unknown.
When the PSU is fully off and the board it's in standby, SPIPGM reports the SST25VF016B chips as being detected but WH# needs to be set to high.
Having connected WP# (Pin3) to VCC (Pin8) and HLD# (Pin7) - still no joy in being able to erase/write to the chip - (in standby or off).
Looks like I have to go the full way and connect a battery and capacitor to complete the circuit as per http://4.bp.blogspot.com/-EN9HFZFkT5Y/UCXczDe11mI/AAAAAAAAARY/64Wap6-FXBM/s1600/simple_diagram.jpg.
More fun and games!
Eamon
-
I pulled out my cable and looked at it again and I do indeed have pins 3, 7 and 8 (VCC, HLD and #WP) on the SPI connector joined. Another, perhaps important difference, is that I have the GND pin connected to pins 18-25 on the parallel port connector, they are strapped together. I have no idea why I did that though I'm sure I was following a diagram from somewhere. 18-25 are all ground anyway but I seem to remember other programmers requiring them externally joined.
The XTM5 and XTM8 are the same generation of hardware from the same manufacturer probably from the same factory. It seems unlikely they would have designed it to use different programming hardware. Not impossible though. :-\Steve
-
Ste,
I've connected up the GND 18-25 as per your lead.. and it seems to be working!
Chip unlocked.
Chip erased.
Wrote the rom xtm8v1.bin (1024kb) but it errored out at 50% saying 'unexpected end of file'. This is the rom you had posted for a fellow XTM8 owner.
I still have the original 1meg and 2meg roms sent to me by Lanner support so I think I'll try flashing the 2meg one.Things are looking up!
Eamon
-
Managed to write the original 2meg rom file, no writing errors - didn't verify.
Added a 1000uf capacitor between GND and VCC/HLD/WH# - wrote ok, verified ok!!
Cleared bios via jumper, booted up - XTM8 does a boot cycle, reboots then sits there and the fans go into a low power mode - thats it, nothing on screen at all :(
Added the battery to between GND and VCC etc - result same as above >:(
Not sure what else to do apart from unsolder the chip and program it off the motherboard or replace it.
Eamon
-
Hmm, interesting about the capacitor.
If the fans are changing speed then that implies at least some bios code is running to reprogram the superio chip.
Where did the 2Mb file come from? Perhaps you're not seeing any output for some reason other than it didn't write to the flash?
What program are you using to write the chip?Steve
-
The 2meg rom file came form Lanner direct, they sent me two, one that was 1meg and one that was 2meg.
Currently using SPIPGM.
You're gonna suggest FLASHROM aren't you? Considering this is part of how I got into this mess I suppose it's worth a try!
Tried Flashrom, didn't seem to detect the chip, where as SPIPGM does.
Re-did it with SPIPGM… And it's only come back from the dead!!!
The rom I used was one you had edited back when I first saved the BIOS to disk prior to flashing to try and open up the menus.
I haven't tried going into the BIOS yet - but it did request boot media - stuck in a 4gb flash drive from last year and pfsense booted up!!
Of course it only got to the menu then defaulted to COM1, but after a few mins it did its beeps to confirm it was loaded :)
Eamon
![2014-08-29 15.45.31.jpg](/public/imported_attachments/1/2014-08-29 15.45.31.jpg)
![2014-08-29 15.45.31.jpg_thumb](/public/imported_attachments/1/2014-08-29 15.45.31.jpg_thumb) -
Persistence for the win! ;D
Nice one.JimP suggested a method for switching the com port even in Nano a while ago you might try that if you can edit the files on the CF card:
https://forum.pfsense.org/index.php?topic=76382.msg418066#msg418066Steve
-
Thanks, I'm chuffed I managed to get it back from the dead ;D
Do I try and update the BIOS to an unlocked one?… haha, might do. Getting COM2 reassigned as COM1 would be handy!
Thanks for your help Ste :)
Eamon
-
Hey Guys,
I bought off eBay this item: http://www.ebay.com/itm/VGA-Graphics-Card-Bracket-Header-Cable-11pin-12P-Small-/150600480861?ssPageName=ADME:L:OC:AU:3160
It makes life so much easier. It works with both the XTM 5 and the XTM 8 series.
USB ports work on both devices. You can access the BIOS etc.I bought another 4 of these today. My plan is to case-mod the chassis of all my boxes and permanently add this to the side of the box. Honestly, it is the best money I have ever spent.
XTM 8 works great out of the box with nano-bsd vga, and this vga header cable.
Cheers,
ScottI bought that same item from that seller and just tested the vga connector on a XTM8 and seeing no vga signal on two different monitors. Can't see bios or anything else.
Console interfacing thru minicom I see nano-bsd-vga on the CF start and then console screen freezes once pfsense is booting.
What am I doing wrong with the vga? And is there any fix the COM2 redirection in pfsense?
Is there anything else I am missing?
Otherwise as a last option I may just try to solder on a connector to COM1 on the pcb but is it an active interface that would function in pfsense?
-
Hi tojaktoty,
So your headache is just beginning!
I've added some extra pictures for the VGA connection - I used a 15 Pin Male to Female VGA adaptor and then some Female to Male PCB adaptors to them connect the motherboard VGA connector to the female end of the VGA connector.
I suspect your VGA header card is wired straight throu, either unsolder the VGA plug end and re do the wires as below or go the makeshift route I did.
Pictures here: https://plus.google.com/photos/115736786050007462202/albums/5874219398935451569
PDF for the VGA header pin out here: https://drive.google.com/folderview?id=0B0TOx6iNE-K4Rml0bmduRURuUDg&usp=sharing
Motherboard is:
1 VGA_R
2 Ground
3 VGA_G
4 Ground
5 VGA_B
6 Ground
7 HSYNC_3V N/C
9 VSYNC_3V
10 Ground
11 DD_DATA
12 DD_CLKVGA cable is Pin out: http://en.wikipedia.org/wiki/VGA_connector
I connected green as most monitors usually sync on green or at least they used to - it works.
Soldering on to COM1 on the motherboard isn't going to allow you to do anything as the BIOS is hard set to COM2.
Stick a USB keyboard in at the front, and connect up your monitor as above, and away you go.
Careful if you choose to flash the BIOS it seems to be a little hit and miss shall we say ;)
Once you have the monitor connected, flash pfSense to a card, stick it in and have fun. Mine currently runs nanobsd i386 - I should really stick the 64bit one on someday.
Eamon
-
Hello,
I was wandering if anyone could help me get my xtm 8 working. I followed the post above and have the VGA setup working. I have tried installing both 2.2.1 i386 and 2.2.2 amd64 versions of pfsense. I've installed both version fine and everything appears to work from the WAN side. I can ping address to my gateway and to the outside world using both IP and DNS. When I disable the firewall (pfctl -d) i can also ping and access the firewall though ssh from the WAN side. WAN seems to work fine. On the other hand, the LAN is giving me nothing but grief. I cannot get anywhere on the LAN. I've tried pinging and ssh from the firewall out to the LAN and from the LAN into the firewall. I get either host is down or timeout. Cables are all good. I've tested everything I can think of. the only oddity that I can note is that when I look at ifconfig for em1 (where LAN is configured) it says no carrier. I've swapped out the cables with know good cables. I've also tried connecting to 3 different computers, switches, and wifi ap. Nothing seems to work. Any thoughts on this are greatly appreciated.
Thank you,
-
Hmm, that's weird.
Can you show us the output of 'ifconfig -a'
Do you see carrier on any of the other interfaces if you connect to them? Do you see link LEDs?By the way it may be possible to do this far more easily now. Since the new ADI boxes are using com2 as their console the commands to change the console are known. I haven’t actually tried though.
Steve
-
Thank you for the response. I think I have it figured out tonight. I had pfSense auto probe for the active ports on LAN and when I looked at the status of the ports in ifconfig, I noticed that it was always +1 (e.g. em1 connected, but em2 would show up as active). So I took this into account and have everything working now. WAN {em0 = em0}; LAN {em0 = em1}.
Although it appears to work, is this correct behavior or is there something else going on? I never had this type of an issue w/ x700, x1250e or any other fireboxes. I'm fine with the setup, just seems odd.
-
Hmm, I'm not sure I understand what you're saying there? That sounds very odd. Can you get a screen shot showing this difference?
Steve
-
Sure Steve. Please see the attached screen shots showing that LAN is configured on em5 and that em5 has a status of active while em4 (where my ethernet cable is actually connected) shows as no carrier.
![Screen Shot 2015-06-11 at 12.39.31 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-11 at 12.39.31 PM.png)
![Screen Shot 2015-06-11 at 12.39.31 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-11 at 12.39.31 PM.png_thumb)
![Screen Shot 2015-06-11 at 12.40.07 PM.png](/public/imported_attachments/1/Screen Shot 2015-06-11 at 12.40.07 PM.png)
![Screen Shot 2015-06-11 at 12.40.07 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-06-11 at 12.40.07 PM.png_thumb) -
How do you know your cable is connected to em4? The numbers on the case are only really applicable if you're running Linux, maybe even only Watchguards cut down OS.
Are all the interfaces detected as em on the XTM8? The XTM5 has one fxp interface which offsets everything by 1.
Which NICs on the front are which pfSense interfaces is determined only by the order in which they are detected at boot.Steve
-
Hi Steve,
It's a good point. All of the interfaces are name em0 through em9. I assumed that they names corresponded to the numbers on the front because when I go into assign the cards it shows the ports I have an ethernet cable connected to as being up.
On an alternate note, what you are suggesting makes sense. In discussions with some other friends and testing, we found that it appears em0 is automatically assigned as wan and excluded from the list on boot. Along with this, we found that the other ports seems to round robin (e.g. label 1 = em 2, label 2 = em3, label 3 = em1, and on the main board: label 4 = em 5 … label 9 = em4}. So what you're saying about the determination does seem to have little to do with the labels on the front.
Thank you for your help and helping me to understand the setup.
~Davis