Watchguard Firebox XTM 8 Series
-
Hmm, nope. Fails for me too:
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: flashrom -p internal -r biosbackup1.rom flashrom v1.0 on FreeBSD 10.3-RELEASE-p29 (amd64) flashrom is free software, get the source code at https://flashrom.org Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns). Found chipset "Intel ICH9DO". Enabling flash write... OK. Found SST flash chip "SST25VF016B" (2048 kB, SPI) mapped at physical address 0x00000000ffe00000. Reading flash... Transaction error! Read operation failed! FAILED. [2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: pkg info flashrom flashrom-1.0 Name : flashrom Version : 1.0 Installed on : Tue May 15 15:43:54 2018 BSTI don't think I ever did this since there was no way enable access via serial even with it unlocked IIRC.
It would be nice to enable speedstep though. -
@stephenw10 said in Watchguard Firebox XTM 8 Series:
Hmm, nope. Fails for me too:
[2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: flashrom -p internal -r biosbackup1.rom flashrom v1.0 on FreeBSD 10.3-RELEASE-p29 (amd64) flashrom is free software, get the source code at https://flashrom.org Using clock_gettime for delay loops (clk_id: 4, resolution: 1ns). Found chipset "Intel ICH9DO". Enabling flash write... OK. Found SST flash chip "SST25VF016B" (2048 kB, SPI) mapped at physical address 0x00000000ffe00000. Reading flash... Transaction error! Read operation failed! FAILED. [2.3.5-RELEASE][admin@xtm8.stevew.lan]/root: pkg info flashrom flashrom-1.0 Name : flashrom Version : 1.0 Installed on : Tue May 15 15:43:54 2018 BSTI don't think I ever did this since there was no way enable access via serial even with it unlocked IIRC.
It would be nice to enable speedstep though.I always used the flashrom command different, like this :
"flashrom -w file.rom --programmer internal"
for writing the Bios to the device and for backups :
"flashrom -r backup.rom --programmer internal"But it seems the same output.
Greetz
DeLorean -
Except that I'm completely wrong about that! Just been too long...
You can access the BIOS on the serial console if you spam F11 enough.
And I seem to have full access to it so I guess I did flash it at some point. I assume I must have done it from FreeDOS.
No Speedstep options there by default though. Booo!Steve
-
Okay, i made a huge progress.
I have managed to pull only the actual 1Mb Bios instead of the entire Rom content.
I used Freedos from the link that Stephenw10 provided :
https://sites.google.com/site/pfsensefirebox/home/FreeDOSBios.img
Used Win32DiskImager to prepare a 1Gb CF card with Freedos.
I then added the Amibios Flashtool called AFUDOS (v4.40) that i downloaded from the Amibios site.
Then i modified the autoexec.bat file to change the serial console to COM2 and 115200 bauds,
but "COM1" is 4 times stated, i tried different combinations but it kept complaining that there was no read/write device detected etc.
I them filled in 4 random COM ports like COM5, 6, 7 and 8,
and it start complaining again about the COM number, but it passed through to the command prompt with the date and clock this time.
I then used the command "AFUDOS backup.rom /O" and i started with the backup, which was very fast (less then 2minutes) and completed without any error.
This typing was very onresponsive,the cursor didn't react sometime, and then it jumped a few spaces, but it worked.
I then pulled the 1Mb Backup file from the CF card and unlocked the Bios with Amibcp (v4.53) tool.
Then i placed this unlocked Bios back to the CF card and booted Freedos again, and at the commandprompt i used the command : AFUDOS Backup.rom
And it started flashing and ended without any problem.
I reset the CMOS and i could enter the Bios and change settings.
The next goal is now for activating COM1 and solder a connector or serial cable straight to the COM1 contacts, and connect this to the COM header on the back of the firewall.
I have already looked in the Bios, and only COM2 is seen in the dropdown list, but it's maybe possible to change the adress and IRQ for using the COM1 port.
If this doesn't work, then i gonna add a VGA port to the back of the firewall.
Because this firewall can't shutdown, but reboots instead, i have looked for changing some powersettings in the Bios, but there isn't much to change this behavour.
Watchguard has modified the ATX powersupply, and added a hard on/off switch that cut of the mains inside the powersupply.
Also, near the CF card reader is a button labeled with PSW1, i presume that this is "Powerswitch1", but pressing this button place the firewall in some sort of sleepmode with all off and only the background of the LCD screen lit with no text.
On the XTM5 series, this button was placed in parallel with the soft on button on the back.
So far the progress :-)Greetz
DeLorean -
You shouldn't need to use com1, you can use com2 for everything as far as I know.
Steve
-
I have managed to use COM2 port and act like it's COM1
by reassigning the I/O Adress to 0x3F8 / IRQ4 (thanks to Stephenw10 for this tip in a earlier message in this thread.
I then removed the added line comconsole_port="0x2F8" from the /boot/loader.conf.local file.
I also modified the Bios file to set this I/O Adress fixed to 0x3F8 / IRQ4, under the option Super I/O Configuration -> Serial Port2 Adress and changed the default value of 03 to 02 in both colums failsafe and optimal.
I then flashed this modified Bios back to the firewall, did a CMOS reset and placed a blank SSD drive and installed Pfsense memstick serial without any problems.
Finally i made a entire dump of the Bios through SPI with my True-USB PRO GQ-4X Willem Programmer to a 2Mb Rom file.The next challenge is to get this firewall working like a XTM5 series, so that the firewall can be power off instead of rebooting, my modding skill are not that big, but know i can poke arround in the Bios files without bricking the firewall.
Greetz
DeLorean -
@stephenw10 said in Watchguard Firebox XTM 8 Series:
You shouldn't need to use com1, you can use com2 for everything as far as I know.
Steve
Our messages have cross eachother :-)
I assumed that after a CMOS reset, the problem of no serial output by a clean pfSense install would come back.
Correct me if i'm wrong.Greetz
DeLorean -
As far as I know the BIOS I'm using is simply unlocked, no other changes.
Console redirect was already set for com2 so you can access the BIOS setup there. Only that loader line was needed in pfSense to set com2 as the default console.One thing I have noticed is that after making some changes in the BIOS setup and savinh them WGXepc is no longer able to set the fan controllers at boot. The superio chip there was always tricky to work with. I suspect saved some default value that prevents writing the registers.
Steve
-
Before i added that loader line, my serial console hangs short after booting up the memstick serial version.
Only after doing a clean install on a XTM5 with only em0 and em3 configured, i could login to the Web Gui and added that loader line, to get the full serial console output visable.
Regarding WGXepec64, it's still possible to set the fan controllers at boot, as long as the CPU / System FAN setting in the Bios is set at "Automatic", on "Full mode on" , WGXepec64 has no effect on lowering the fan speed. With the PWM setting and a value of say 070, WGXepec64 can also work.
I use the PWM setting at 070 in the Bios, and Shellcmd to set the lower F and F2 speed to 40 with WGXepec64 in pfSense.Greetz
DeLorean -
Ah, interesting I'll have to try that. WGXepc should probably allow for that but I guess I never saw the chip in that state when I was testing.
Are you sure you used AMIBCP v4.53? I can't open file from there with any v4 version, I have to use v3.51.
Steve
-
@stephenw10 said in Watchguard Firebox XTM 8 Series:
Ah, interesting I'll have to try that. WGXepc should probably allow for that but I guess I never saw the chip in that state when I was testing.
Are you sure you used AMIBCP v4.53? I can't open file from there with any v4 version, I have to use v3.51.
Steve
You're right, it is AMIBCP v3.51 , v4.53 doesn't open the file here either.
I have downloaded many versions the last few days :-)ps: with the CPU / System FAN setting on PWM in the Bios, and WGXepec64 for lowering the Fan speed in pfSense, this work great, but when i experiment with different fan speeds through the command prompt in the Web Gui, at a sudden moment all 3 CPU's Fans and System fan stops completely, and didn respons anymore. Only when i rebooted pfSense they came back to life.
But with the settings of WGXepec64 set with Shellcmd at boot, everything works fine.
Also the Arm / Disarm LED works fine.Greetz
DeLorean -
I am having a bit of an issue upgrading or doing a fresh install to the latest version of PFSense.
I would like to say that I have been using PFSense for quite a few years without issue until now. I am running PFSense 2.4.5-RELEASE-p1 (amd64) perfectly but I am stuck here. I install from CF to an internal SATA drive on a WG XTM 800 Series.
The issue I am having happens whether or not I do an upgrade or a fresh install. I have not seen anyone yet with this issue and I feel it may be hardware related but I can not pin down what the issue is. When I start the installation, everything appears to go well but at a random interval during the installation, the screen starts scrolling hex characters. Even if I manage to install the latest version, the system freezes and fills the error log with hex characters. PFSense 2.4.5 is rock solid on my hardware and I have had zero issues over the years upgrading to this version but anything beyond 2.4.5 causes this strange behavior.
Has anyone else encountered this or have a clue to what could be causing it and how to fix it? Again, it can be a fresh install without even completing the install for this to happen.
Thanks!
-
-
@stephenw10 Thank you, I will give that a shot. I appreciate the feedback.
