Trend Micro Virus wall 2500 installation HELP



  • Hi, I have here Trend Micro Virus wall 2500 series

    I need help how to install pfsense on this, since it has no vga no console, only have a 256mb dom(disk on module ).
    Do i need to flash first the bios in order for this to boot in SATA? theres a SATA port. but when i place a bootable drive it says failes to boot OS.

    Pls advice and assist me. Thanks



  • Netgate Administrator

    Do you have internal photos? Link to specs?
    I would look for an internal serial header if it really has no serial console ports and try to hook something up that way. You won't be able to any of the standard install types with no console. The only thing you could do would be to preconfigure a drive and swap it in but it would require a large ammount of guesswork with no feedback.

    Steve



  • Thanks, Ill add some photos nextime. I tried searching the serial but no luck. After inspecting the board i see Pins with labe JTAG_ but am not familiar with the pin-outs, i tested to boot a hardrive with centos in it but LCD display says boot fail. LCD display always display trend micro, is this due to its bios?.. I better be back and upload photos.


  • Netgate Administrator

    Yes, anything you see on the LCD before it's booted will be generated by the BIOS.
    The JTAG header will not be much use unless you want to reprogram the bios or some other on-board flash. It may be that the BIOS will only boot signed images for security reasons. Sonicwall do that for example.

    What does it boot from in original configuration?

    Steve



  • The LCD Displays Trend Micro virus wall 2500, it boots on DOM(disk on module). Do i need to change its BIOS in order for it to boot other bootable media? maybe if i can ssh, would it be posible using openbios thru ssh?


  • Netgate Administrator

    It's very unlikely you'll be able to do much from the Trendmicro OS. You'd likely have to find some exploit to get root access to the hardware.
    Your best bet would be to try and boot a pfSense image in the same way as the original os. 'Boot fail' could indicate any number of things, could be that it's set to boot only from that device.

    Steve



  • "Yes, anything you see on the LCD before it's booted will be generated by the BIOS.
    The JTAG header will not be much use unless you want to reprogram the bios or some other on-board flash. It may be that the BIOS will only boot signed images for security reasons. Sonicwall do that for example."

    How did sonic wall do this, i mean what is the work around for sonicwall?


  • Netgate Administrator

    Even if they have a custom bios that checks for a signature or some other identification before booting the boards in these boxes are usually based on commodity hardware and then customised. One possibility is to use the BIOS from the original board, if the customisation is not that large it may boot from that.
    One user here is using a Sonicwall box in which they simply removed the BIOS ROM and inserted one from a different box. To be honest it was incredibly lucky that it worked since the two boxes were not really that similar at all.

    Steve



  • Hi there,

    I had updated the post and place some image link to show, hope someone can trace the mother board model so i can download original bios and flash it.
    having a hard time.. :'(


  • Netgate Administrator

    Well nothing there looks too scary, all standard stuff.  :) Do not assume you'll have to flash the bios until you have some evidence to support that, it could just be set to boot from a particular device. The bios rom is removable so that also gives you a better chance.
    Is the DOM a removable IDE device?

    It's interesting that they have put mouse and keyboard ports on the board but internally only. Why would they do that unless there was some purpose to them being there that requires their use. Is there a VGA header on the board? (maybe even a hidden socket)
    What's on the separate riser card?
    It's hard to say because the photos don't really show enough detail for me to read much off the board.

    Steve



  • I fell better,  ;D, dom card is removable, theres 2 sata ports, unfortunately no vga label found in the board, and its a blank pci-x slot in the riser card, I'm trying to find some pci vcard but its hard here in my country, we also have lots off old motherboard where i can get some removable rom chip. and studying how to flash opensource bios on it before i can find some pci vcard.

    well heres is the serial
    https://dl.dropboxusercontent.com/u/82696944/2014-03-24 17.10.05.jpg


  • Netgate Administrator

    Ok, well if it's going to boot anything it will be the DOM so here's what I'd do. Put the DOM in another machine. Back it up then write a pfSense Nano image to it.
    This will give you your best chance of booting but without a serial port it will be hard to tell what's happening. You may get some indication of whether it booted or not from the LCD but it will be limited. If it does boot you still won't be able to do the initial interface setup because you have no console. You can try to preconfigure at least one interface in the config file so that you'll have access to the webgui.
    What type number are those Intel NIC ships? Are the 10/100 or Gigabit?

    Steve

    Edit: I just read a user guide for this and it looks like it has a serial console port on the back. Does yours not have this?



  • Dom is only 256mb, i only had cf card reader here and it takes a month in ebay, maybe ill get that one soon as pci video card arrive. on its back its com port1. cant i used it? i tried attaching to my pc with a null cable, nothing show in telnet, ssh, maybe i did not guess what baud rate,

    well you it felt progressing now…


  • Netgate Administrator

    To connect to the serial port you need to use a terminal emulator not telnet or SSH. I usually use putty which can be a serial terminal.

    The default bit rate in the Trendmicro OS appears to 115200. Try booting that to check your cable is setup correctly.

    There are USB ports on the back also, have you tried booting from a USB stick?

    What drive did you attach to the SATA port? How had you installed pfSense to it?

    Steve


  • Netgate Administrator

    According to the upgrade guide you should be able to enter the BIOS via the rear serial port:

    @http://www.trendmicro.co.uk/media/misc/network-viruswall-enforcer-upgrade-guide-en.pdf:

    a. Type F4 during the countdown to enter BIOS
    b. Type the password: qZTSpdum

    Perhaps you can adjust the boot settings there.

    The box does appear to have some sort of on-board application processor, the BMC, possibly an ASIC that runs it's own firmware. It's unlikely that would be compatible with pfSense.

    Steve



  • ;D Thansk A lot fot the password. hehehe.. finally got it to boot into pfsense even with out altering the bios.
    I thought it didnt boot to other media because of the LCD display says" watchdog time out os fail" but it did..
    I confirn it when i had set proper the baud rate its 115200

    What i did:

    1. install full pfsense  in other hardware.
    2. finish installation until i got it accessed via webui
    3. enable serial out set to 115200
    4. remove hdd transfer it to Trend micro.
    5. there i have serial output..
    6. apply mount ufs:/ded/ <ad6s1a>8. re configure interfaces.

    im still working on this since not all nic are accessible via webui.

    on the LCD Display part i cant do about it it always says trend micro. os failed.
    ;D</ad6s1a>


  • Netgate Administrator

    Nice.  :)
    If you read through that upgrade guide you'll also see it lists a separate firmware for the LCD module so I imagine that generating some/all of those messages. It may be a standard part for which other firmware is available, have a close look at the LCD module.

    The administration guide for the box talks about some lan-bypass features. If it has those on some NICs then that can make them appear un-available. Often it is possible to disable that in the BIOS or via jumpers on the board.

    Steve


Log in to reply