Please help - Firebox x750e



  • My firebox x750e just arrived. It boots fine on the factory 256mb CF card and I can talk to the box using my serial cable @ 115200 baud. However, I CANNOT get it to boot the freedosbios image. I have tried two 32mb Sandisk cards and a 64mb sandisk cards. I've tried flashing with Win32 disk imager and physdiskwrite, I've tried with windows xp & windows 7, and I've tried two different card readers. The MD5 hash on the gzipped "FreeDOSBios2.img.gz" matches what is provided. My unpacked image's MD5 has is "86e32dc36d9d0098d11a5d15df05f586" I've also tried flashing monowall which also doesn't boot. Any ideas?

    :edit: By "does not boot" I mean I get one beep, the memory test pass screen is displayed, and then it just says "Watchguard Booting OS…"



  • Null modem cable is not correct version???

    Seen this_?

    https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox


  • Netgate Administrator

    If it never makes it to the three beeps then it's not booting no matter what your cable is. You can check the FreeDOS image is on the card by just opening it in any Windows box. Whatever box you are using to write the image presumably has that capability.

    I've not heard of anyone having a problem with such small cards. Anything less than 256MB usually boot no problem.
    One thing that can happen is that after changing the card or resetting the CMOS you have to boot twice. The first time the bios complain about there being a hardware change, but you can't see it, and loads some default values. Once it says 'Booting OS..' restart the box and it should boot. Have you tried resetting the CMOS? What is the date printed on your bios rom chip?

    Steve



  • Steve,

    You are just the guy I wanted to hear from! The BIOS chip (the socketed one) reads "MODEL NO: WGEM-550A DATECODE 2005-12-21"; the shiny Phoenix BIOS label is stamped copyright 1998. I have tried resetting the BIOS, both with the jumper and by pulling the battery (also tried another battery, but it was probably older than then one in the firebox). I'll try to boot it twice in a row as you suggested.

    My present concern is that it's the CF cards I'm using. They're all about the same age, stamped '99 on the back and they're all SanDisk. Do you know if there have been any compatibility problems between the x750e & certain CF cards? I did confirm Windows can read the CF cards.

    I really appreciate the help,
    RJ



  • I apologize, it was the CF Cards. I finally bit the bullet and imaged the the factory 256mb card & it booted the first time. Odd..


  • Netgate Administrator

    That bios is just very picky about the detected geometry. Although CF cards do not have actual cylinders, heads and sectors they still represent them to the IDE interface so they can be accessed like any other HD. The problem is because they are not real the manufacturers can choose virtually any values they want that add up to the right total capacity and that may not be a rational combination for HD. For example it could pretend to be a drive with hundreds of platters with only 1Mb on each. Anyway the bios coders probably won't have tested (or ever expected) such values and they cause problems. Then again it won't boot my 20GB HD and that presumably has fairly standard geometry.  ::)
    Sandisk are known to have produced some cards which incorrectly report their size leading to some errors:
    https://doc.pfsense.org/index.php/DMA_and_LBA_Errors

    Anyway glad to see you got going. You could try my newest modified bios that is able to boot far more things correctly:
    http://forum.pfsense.org/index.php/topic,20095.msg383842.html#msg383842
    Would be interesting if that could boot those CF cards.
    I've had no reports from anyone trying it though so you have to be brave! Works fine for me.

    Steve



  • I saw your new BIOS and will play with it later. I don't want to take the x750e down right now because it's actually being used to run the house & the family will scream bloody murder (again!).

    BTW, I actually have an SSL 500 coming in shortly. I'll check the BIOS on that and see if it matches the SSL 100 BIOS. I got the SSL 500 for a steal on ebay and it certainly looks to be the same as the x550e/750e/1250e on the inside, except it comes with 2gb ram & an 80gb HDD out of the box.


  • Netgate Administrator

    Ah interesting. The earlier model, the SSL-Core, which was based on the same hardware as the X-Core fireboxes had a 40GB HD. If the SSL-500 had an 80GB drive the only difference between that and the SSL-100 seems to be software. The 500 and 1000 runs ssl2 based VPN where as the 100 and 560 run ssl3. However there was no upgrade path for the 500, you had to buy a new box, which seems unlike Watchguards usual soft upgrade policy.  :-\

    Steve



  • I am novice. I have a 750e machine that appeared to fully boot to uptime screen when I got it. I am flashing the 128mb sandisk that came with the with FreeDOSBios. The device never leaves tho booting OS screen. When I using a USB to com cable I do not get anything on putty.

    1. Should I be able to get a comand prompt with putty if booting OS(don't think so)
    2. Do I have to do something bring the prompt?
    3. When I copied FreeDOSBios the CF card has a file Bios and in that is Bios135 which has Bios application.
    In Bios\Bios there are several .BIN files. Do they all stay there or just one?



  • koolkev - I think this will answer your question. If putty is set to 9600N1, which is the default serial setting, you should get a dos prompt after you hear 3 beeps.

    Youtube Video

    So, the answer to your questions are:

    1. Yes - the LCD is controlled via software and will continue to say "Booting OS…" That's normal.
    2. No
    3. They all stay there, but you only flash one.

    It sounds like your x750e is failing to boot from the CF card at all. How did you write the freedos image to the CF card? And did you confirm the hash of the image is correct, verifying its integrity?



  • @stephenw10:

    Ah interesting. The earlier model, the SSL-Core, which was based on the same hardware as the X-Core fireboxes had a 40GB HD. If the SSL-500 had an 80GB drive the only difference between that and the SSL-100 seems to be software. The 500 and 1000 runs ssl2 based VPN where as the 100 and 560 run ssl3. However there was no upgrade path for the 500, you had to buy a new box, which seems unlike Watchguards usual soft upgrade policy.  :-\

    Steve

    I'm going to start a new thread in the near future as my SSL 500 just arrived. Unfortunately, it arrived without a hard drive. Even more unfortunate, this unit had its warranty label intact and arrived with only 512mb of RAM. It appears to be identical to the X550e. The SSL 500 BIOS, which I backed up, did not boot the smaller CF cards I had trouble with earlier nor did it boot my 4gb PFSense imaged card. My conclusion is that the SSL 500 is a good alternative to the X550e, but it's probably not worth buying over the other X-core-e models (unless the SSL comes with the hard drive caddy).



  • Thanks for the fast help.

    Putty is at default serial setting. I get a blank black screen with a green cursor after 3 beeps. I cannot type anything. No text appears as in the video. Thanks for the video.

    How do I know failing to boot v. bad console connection to the device. I see 115200 baud as a connection rate above. I did fail to check the cable before I started. It is a microconnector.com  2303 chipset usb to serial which I read now has issues. Will try to borrow/buy a different connector.

    So I flash one bios image after I get in. What bios am I working on if I still haven't flashed the bios? If I am working on the original bios how do I know it isn't password protected? I did remove the backup battery with power disconnected and pushed the reset button with the machine on.

    I wrote the FreeDOSBios image to the CF card using physdiskwrite.

    I still need to confirm the hash of the image. Will learn how and do that later today.


  • Netgate Administrator

    Ok. So you are hearing the three beeps. That means that you have written FreeDOS to the card correctly and that it is booting successfully. The fact that can't see the prompt means you either have the wrong terminal settings or the wrong cable.
    You should be using 9600bps with the FreeDOS image.
    You might have the wrong null modem cable. See:
    https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Not_All_Null_Modem_Cables_are_Created_Equal.21

    The actual process of writing the modified bios image is also described on the wiki:
    https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Flashing_the_BIOS

    Steve



  • As Steve said, the three beeps means it's booting successfully. Make sure you're on the correct com port (sometimes a trial and error process… a good start is to look in the device manager if you're using windows). It could be compatibility problem with your USB to serial adapter or it could also be your null modem cable. I used a Dell Latitude D620 which has a native serial port onboard with a cable from amazon, linked below.

    http://www.amazon.com/gp/product/B00006B8BJ/ref=oh_details_o00_s00_i00?ie=UTF8&psc=1

    Since the firebox is booting, we know a password is at least not preventing it from booting. Once you get the terminal up, you should be able to flash the BIOS just fine. 9600 baud is correct for the FreeDOS image - the connection rates vary depending on what you're connecting to. The factory WatchGuard software connects at 115200 as does the BIOS console output after you flash. Both FreeDOS and pfSense connect at 9600 baud.

    And yes, confirm the hash on the freedos image - even if it boots, it could be altered. You want to make 100% sure that the BIOS image is intact before you flash or you risk bricking the firebox.



  • I tried 3 different USB to serial until I understood that I need a null modem cable coming out of the serial port. I have ordered that. Is there any way to get a usb serial port to act like a null modem  cable? It's not hard wired so software might be able to make the goesint a goesota.

    I do think I know which port com7 by using hardware manager.

    Still not MD5d but will work on that Monday.

    Happy Holidays.


  • Netgate Administrator

    Not really. The serial port end is still hardwired to the USB-RS232 chip in the cable. You could potentially rewire the cable but I wouldn't even attempt that. Null modem cables are cheap and you can then use the USB adapter for other things.

    One other thing that is now possible would be to modify the autoexec.bat file to automatically flash the new bios version, the latest V0.8. You could then boot the large CF card without needing a null modem cable or to access the bios at all. However I wouldn't recommend that either. You wouldn't be able to check the current bios and you might get the script wrong bricking the box. Interesting prospect though. ;)

    Steve



  • I got the null modem adapter in the mail and was able to get to the prompt. One of the USB to serial didn't work with the null modem adapter.

    I copied the bios but didn't have the card reader with me to flash the 2g card. I'm working at two locations but down the road!!



  • I am using pfSense-2.1-RELEASE-2g-i386-nanobsd-20130911-1816.img. I MD5d the gz file and unziped it. Is that an MD5 for the unpacked file. Can I run MD5 on the CF card?

    The first physdiskwrite failed so I used diskpart to clean the CF card. Diskpart said the CF card had 1944 mb. Physicdiskdrive says it wrote 1989969408 bytes. Is it safe to try the CF card vis a vi briking the watchguard?

    What is the difference between 1g 2g 4g versions of pfSense?

    Thanks BTW I donated $25 to pfSense.


  • Netgate Administrator

    The MD5 is for the img.gz compressed file. Physdiskwrite can write the file directly, decompressing it on the fly. If it still fails to write try using the 1GB image instead.

    Steve



  • I could not get serial connection or the 3 beeps with 2g or 1g. I went back to the original CF with FreeDOSBios i got the 3 beeps and serial connection.

    With the 1g when I unziped the MD5 checked file I got a folder "pfSense-2.1-RELEASE-1g-i386-nanobsd.img" with only "nanobsd.full.img" inside. Is the nanobsd.full.img all that is needed for pfSense?

    When I unzip the 2g file I get a folder with "pfSense-2.1-RELEASE-2g-i386-nanobsd-20130911-1816.img" inside.

    I will try to get a 4g CF card.


  • Netgate Administrator

    You will only hear the three beeps with the FreeDOS image. I put that in there initially because it was the only way I could be sure to know when FreeDOS had booted.
    After you have flashed the BIOS (the LCD will then show 'pfSense B7' at boot) you should be able to access the BIOS setup via the serial terminal but at 115200bps. Then you can change the hard drive parameters to allow it to boot the larger CF cards as described in the docs.

    Not sure why the images are named inconsistently between the 2G and 1G files.  :-\ Not to worry though, if the MD5 checks out just write the original img.gz file with physdiskwrite.

    Steve


Log in to reply