Netgate SG-1000 microFirewall

Author Topic: Watchguard Firebox XTM 8 Series  (Read 42913 times)

0 Members and 1 Guest are viewing this topic.

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #135 on: August 25, 2014, 06:02:05 pm »
Managed to write the original 2meg rom file, no writing errors - didn't verify.

Added a 1000uf capacitor between GND and VCC/HLD/WH# - wrote ok, verified ok!!

Cleared bios via jumper, booted up - XTM8 does a boot cycle, reboots then sits there and the fans go into a low power mode - thats it, nothing on screen at all :(

Added the battery to between GND and VCC etc - result same as above  >:(

Not sure what else to do apart from unsolder the chip and program it off the motherboard or replace it.

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11959
  • Karma: +469/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #136 on: August 25, 2014, 07:26:56 pm »
Hmm, interesting about the capacitor.
If the fans are changing speed then that implies at least some bios code is running to reprogram the superio chip.
Where did the 2Mb file come from? Perhaps you're not seeing any output for some reason other than it didn't write to the flash?
What program are you using to write the chip?

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #137 on: August 29, 2014, 10:17:45 am »
The 2meg rom file came form Lanner direct, they sent me two, one that was 1meg and one that was 2meg.

Currently using SPIPGM.

You're gonna suggest FLASHROM aren't you? Considering this is part of how I got into this mess I suppose it's worth a try!

Tried Flashrom, didn't seem to detect the chip, where as SPIPGM does.

Re-did it with SPIPGM... And it's only come back from the dead!!!

The rom I used was one you had edited back when I first saved the BIOS to disk prior to flashing to try and open up the menus.

I haven't tried going into the BIOS yet - but it did request boot media - stuck in a 4gb flash drive from last year and pfsense booted up!!

Of course it only got to the menu then defaulted to COM1, but after a few mins it did its beeps to confirm it was loaded :)

Eamon

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11959
  • Karma: +469/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #138 on: August 29, 2014, 11:00:31 am »
Persistence for the win!  ;D
Nice one.

JimP suggested a method for switching the com port even in Nano a while ago you might try that if you can edit the files on the CF card:
https://forum.pfsense.org/index.php?topic=76382.msg418066#msg418066

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #139 on: August 29, 2014, 11:04:36 am »
Thanks, I'm chuffed I managed to get it back from the dead  ;D

Do I try and update the BIOS to an unlocked one?... haha, might do. Getting COM2 reassigned as COM1 would be handy!

Thanks for your help Ste :)

Eamon

Offline tojaktoty

  • Newbie
  • *
  • Posts: 19
  • Karma: +1/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #140 on: November 21, 2014, 12:47:14 am »
Hey Guys,

I bought off eBay this item: http://www.ebay.com/itm/VGA-Graphics-Card-Bracket-Header-Cable-11pin-12P-Small-/150600480861?ssPageName=ADME:L:OC:AU:3160

It makes life so much easier.  It works with both the XTM 5 and the XTM 8 series.
USB ports work on both devices.  You can access the BIOS etc.

I bought another 4 of these today.  My plan is to case-mod the chassis of all my boxes and permanently add this to the side of the box.  Honestly, it is the best money I have ever spent.

XTM 8 works great out of the box with nano-bsd vga, and this vga header cable.

Cheers,
Scott



I bought that same item from that seller and just tested the vga connector on a XTM8 and seeing no vga signal on two different monitors. Can't see bios or anything else.

Console interfacing thru minicom I see nano-bsd-vga on the CF start and then console screen freezes once pfsense is booting.

What am I doing wrong with the vga? And is there any fix the COM2 redirection in pfsense?

Is there anything else I am missing?

Otherwise as a last option I may just try to solder on a connector to COM1 on the pcb but is it an active interface that would function in pfsense?

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #141 on: November 21, 2014, 05:19:04 am »
Hi tojaktoty,

So your headache is just beginning!

I've added some extra pictures for the VGA connection - I used a 15 Pin Male to Female VGA adaptor and then some Female to Male PCB adaptors to them connect the motherboard VGA connector to the female end of the VGA connector.

I suspect your VGA header card is wired straight throu, either unsolder the VGA plug end and re do the wires as below or go the makeshift route I did.

Pictures here: https://plus.google.com/photos/115736786050007462202/albums/5874219398935451569

PDF for the VGA header pin out here: https://drive.google.com/folderview?id=0B0TOx6iNE-K4Rml0bmduRURuUDg&usp=sharing

Motherboard is:
1 VGA_R
2 Ground
3 VGA_G
4 Ground
5 VGA_B
6 Ground
7 HSYNC_3V N/C
9 VSYNC_3V
10 Ground
11 DD_DATA
12 DD_CLK
 
VGA cable is Pin out: http://en.wikipedia.org/wiki/VGA_connector

I connected green as most monitors usually sync on green or at least they used to - it works.

Soldering on to COM1 on the motherboard isn't going to allow you to do anything as the BIOS is hard set to COM2.

Stick a USB keyboard in at the front, and connect up your monitor as above, and away you go.

Careful if you choose to flash the BIOS it seems to be a little hit and miss shall we say ;)

Once you have the monitor connected, flash pfSense to a card, stick it in and have fun. Mine currently runs nanobsd i386 - I should really stick the 64bit one on someday.


Eamon

Offline davislg

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #142 on: June 10, 2015, 08:48:00 am »
Hello,

I was wandering if anyone could help me get my xtm 8 working. I followed the post above and have the VGA setup working. I have tried installing both 2.2.1 i386 and 2.2.2 amd64 versions of pfsense. I've installed both version fine and everything appears to work from the WAN side. I can ping address to my gateway and to the outside world using both IP and DNS. When I disable the firewall (pfctl -d) i can also ping and access the firewall though ssh from the WAN side. WAN seems to work fine. On the other hand, the LAN is giving me nothing but grief. I cannot get anywhere on the LAN. I've tried pinging and ssh from the firewall out to the LAN and from the LAN into the firewall. I get either host is down or timeout. Cables are all good. I've tested everything I can think of. the only oddity that I can note is that when I look at ifconfig for em1 (where LAN is configured) it says no carrier. I've swapped out the cables with know good cables. I've also tried connecting to 3 different computers, switches, and wifi ap. Nothing seems to work. Any thoughts on this are greatly appreciated.

Thank you,

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11959
  • Karma: +469/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #143 on: June 10, 2015, 12:23:23 pm »
Hmm, that's weird.
Can you show us the output of 'ifconfig -a'
Do you see carrier on any of the other interfaces if you connect to them? Do you see link LEDs?

By the way it may be possible to do this far more easily now. Since the new ADI boxes are using com2 as their console the commands to change the console are known.  I havenít actually tried though.

Steve

Offline davislg

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #144 on: June 11, 2015, 02:34:22 am »
Thank you for the response. I think I have it figured out tonight. I had pfSense auto probe for the active ports on LAN and when I looked at the status of the ports in ifconfig, I noticed that it was always +1 (e.g. em1 connected, but em2 would show up as active). So I took this into account and have everything working now. WAN {em0 = em0}; LAN {em0 = em1}.

Although it appears to work, is this correct behavior or is there something else going on? I never had this type of an issue w/ x700, x1250e or any other fireboxes. I'm fine with the setup, just seems odd.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11959
  • Karma: +469/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #145 on: June 11, 2015, 06:48:41 am »
Hmm, I'm not sure I understand what you're saying there? That sounds very odd. Can you get a screen shot showing this difference?

Steve

Offline davislg

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #146 on: June 11, 2015, 01:44:15 pm »
Sure Steve. Please see the attached screen shots showing that LAN is configured on em5 and that em5 has a status of active while em4 (where my ethernet cable is actually connected) shows as no carrier.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11959
  • Karma: +469/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #147 on: June 12, 2015, 08:07:20 am »
How do you know your cable is connected to em4? The numbers on the case are only really applicable if you're running Linux, maybe even only Watchguards cut down OS.
Are all the interfaces detected as em on the XTM8? The XTM5 has one fxp interface which offsets everything by 1.
Which NICs on the front are which pfSense interfaces is determined only by the order in which they are detected at boot.

Steve

Offline davislg

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #148 on: June 12, 2015, 11:30:26 am »
Hi Steve,

It's a good point. All of the interfaces are name em0 through em9. I assumed that they names corresponded to the numbers on the front because when I go into assign the cards it shows the ports I have an ethernet cable connected to as being up.

On an alternate note, what you are suggesting makes sense. In discussions with some other friends and testing, we found that it appears em0 is automatically assigned as wan and excluded from the list on boot. Along with this, we found that the other ports seems to round robin (e.g. label 1 = em 2, label 2 = em3, label 3 = em1, and on the main board: label 4 = em 5 ... label 9 = em4}. So what you're saying about the determination does seem to have little to do with the labels on the front.

Thank you for your help and helping me to understand the setup.

~Davis

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11959
  • Karma: +469/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #149 on: June 12, 2015, 12:30:04 pm »
No problem. If you can document which port equates to which em interface I'm sure other will find that helpful.

Steve