pfSense English Support > Hardware

Watchguard XTM 5 Series

(1/137) > >>

kmeyntz:
I have done a bit of digging around on net but have not seen the model that I have, is it possible to install pfSense  on the watchguard xtm 5 series?

stephenw10:
Probably.  :)
It looks like standard X86 hardware from the de-manufacturing instructions.
I think you're the first person with a spare one though, they are still fetching big money second hand.
It looks like it has a seperate VPN accelerator card of some sort, it probably isn't supported by FreeBSD so I'd remove that.
If you can document your progress that would be great!  :)

Steve

stephenw10:
I have managed to acquire one of these boxes, an XTM 505, for a very reasonable cost. Unfortunately it was damaged in shipping which cracked the front panel but that does mean I have an excuse to void the warranty to repair/replace it.  :)



These are really quite nice boxes. As with previous Watchguard offerings the 5 series models share the same hardware package and are only differentiated by the licensing which is not relevant for pfSense use.

The box has:
A Celeron 440 CPU.
1GB of DDR2 ram in a single DIMM. There are two slots on the motherboard supporting up to 4GB (at least, the G41 chipset claims to support 8GB or DDR2).
It has an ICH7 82801GB southbridge.
1X Intel 10/100 NIC (built into the chipset)
6X Intel 82574L Gigabit NICs.  ;D
2X front panel USB sockets
RJ-45 style serial console connection

It has a VPN accelerator card connected via PCI-e, a Cavium Nitrox CN1605, which is not supported by FreeBSD at this time. It doesn't cause a problem though.
The connection to this card is the reverse of what you might expect but common in SBCs. The PCI-E slot is on the card and the edge connector is on the motherboard. Some adapter would be required to use this for a standard PCI-E card.

It has two CPU fans and one system fan (plus one in the PSU) but thankfully unlike previous models they are software controllable and are set to thermal control (possibly via the Winbond W83627THG super I/O though the board also has a W83792G chip which could also do the job) in the BIOS by default. Resulting in a relatively quiet appliance.

Like previous models it has an LCD with front panel buttons. This is a Vitek Display VC202W-GGE-JC01. It is still connected via a parallel interface but is different to the earlier units. It also has the familiar Watchguard arm/disarm LED though my unit only ever shows green, possibly damaged.

Edit: Although different manufacturer and type it still complies with the original spec from the X-Core consequently the current driver in the lcdproc-dev package works just fine.  ;D The keys are not correct but do work to some extent.

There are two SATA headers on the motherboard and the PSU has an unused SATA power connector. There is also space to mount a drive but additional hardware would be needed.

The unit draws ~30W at idle. It seems to run quite cool, 35C in the BIOS, and the platform has much upgrade potential for alternative CPUs.

Like the X-e box it has some diagnostic LEDs on the board (near the PSU). There are 5 leads labled led3-7. LED3 indicates power to the board, even when the unit is 'off'. After successfully POSTing all 5 are lit. Unlike previos models it has a soft power switch, it's never totally de-powered. There is a microswitch on the motherboard which appears to be connected  in parallel with the rear power switch.

Unlike other models the BIOS on the 5 series is easily accessible. Console redirect is enabled by default at 115200 8N1, press TAB to enter the bios setup (in colour!). This is great for CPU swaps etc however everything in the bios is set to read only (except the clock) so nothing can be adjusted.  :( It's an AMI bios I'm unfamiliar with and the BIOS rom is non-removable so playing with this is high risk.  ;)

The bios is stored on an ST M25P80 (pdf), an 8 pin serial flash device. It is readable with flashrom in FreeBSD.

The motherboard had a 'lan bypass' option and the menu for configuring it is still present in the bios however the necessary relays are missing from the PCB.

Unfortunately this means it cannot be set to boot from the USB sockets (would be a security risk I suppose  ::)) so to install pfSense you need to replace the CF card. The Watchguard OS is stored on a 1GB Transcend card and I had no trouble booting a 4GB Transcend card though there is a significant delay before booting starts.

There are numerous other populated headers on the board almost all unlabled. However it may be possible to discover there use since this is a custom appliance built by Lanner. It very similar to the FW-7580 and indeed the motherboard is labelled MB-7580 W. The LCD has been moved for some reason and is now attached via a long cable.   ???

Is running 2.0.1 like a champ!  :)

See attached file dmesg.boot.

More to come...

Steve

Edit: Additional LCD info.
Edit: Correction

fmertz:

--- Quote from: stephenw10 on May 03, 2012, 08:17:25 am ---Edit: Although different manufacturer and type it still complies with the original spec from the X-Core consequently the current driver in the lcdproc-dev package works just fine.  ;D The keys are not correct but do work to some extent.

--- End quote ---
If you discover the mapping of key to port value, I'll be happy to update the driver code. Same if you can pass along the exact ICH pci device id (we already know the manufacturer to be Intel id 0x8086), as well as GPIO pins for the LEDs.

stephenw10:
Working on it.  :)
In fact all the keys work they are just incorrectly mapped to the expected function.
The arm/disarm led on my box is suspect (never shows red) so it might be tricky to get a definate mapping.
Fun and games!

Steve

Navigation

[0] Message Index

[#] Next page

Go to full version