Netgate SG-1000 microFirewall

Author Topic: Watchguard Firebox XTM 8 Series  (Read 41257 times)

0 Members and 1 Guest are viewing this topic.

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #15 on: May 05, 2013, 03:35:56 pm »
I saw you had a post of a FreeDos .vhd file but I don't use any virtualisation software on my main pc  - I just went to their website and used some images off there and they worked.

I did close down PuTTY between baud changes - I just get garbage and then the garbage stops!

In Advanced>Remote Config screen it has Redirection After BIOS POST [Always]
But I've no way of changing it due to the 'View Only Item' message on everything :(

Eamon

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #16 on: May 05, 2013, 08:33:22 pm »
The .vhd file was my first effort though I think it can be written by anything. Try this image instead:
https://sites.google.com/site/pfsensefirebox/home/FreeDOSBios2.img.gz

That is set to use com1 at 9600 and it will beep three times just before it switches to the serial console.

If pfSense is booting in the background you will see the HD activity LED flashing after the console garbage has stopped. If that isn't happening then I suggest that the image is not writing correctly to the card. What are you extracting it with?

I always use phydiskwriteGUI which does the decompression on the fly. I know some people have had trouble with Windows 7 getting in the way.

Steve

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #17 on: May 06, 2013, 07:13:51 am »
You could also try this image which is mostly the same as the other one:
https://sites.google.com/site/pfsensefirebox/home/FreeDOSBios.img

Since that's not gzip'd you won't have to extract it. If that runs but the others didn't you know it's an extraction problem.

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #18 on: May 06, 2013, 07:33:08 am »
Ok, wrote the FreeDosBios2 image to the card - boots up to the DOS menu ok, but after the 3 beeps - nothing (on 115200).
Changed the baud rate to 9600 got the garbage, beeps then nothing again.

Did FreeDosBios2 image through WinDiskImager.

Wrote nanobsd.full.img with physdiskwrite - wrote ok - (after using DiskPart to clean the partitions) - got nothing on XTM 8 both at 115200 and 9600.

The HD led does light up during POST but nothing when loading pfSense, however it does flicker up to the beeps on FreeDosBios2 image.

I have read something about UDMA/S.M.A.R.T. having an effect on other Fireboxes - the message shows when pfSense is on the cf card, but doesn't when FreeDos is on it  ???

I think my options are:
1. Get a 12pin IDC to 15pin VGA cable and connect up a monitor.
2. Install pfSense on a VM, configure it for COM2 and transfer that to the cf card.
3. Solder a header on to the COM1 space on the board.
4. Flash the BIOS to change COM2 address to the COM1 address.

Of which:
1. Do-able but would have to wait a few days for it to arrive.
2. Do-able although I have no knowledge of FreeBSD/pfSense.
3. No chance, I can solder but I'm not willing to risk it on this board.
4. No BIOS update to flash so no go.

I'm gonna have a go at changing the FreeDosBios2 image to use COM2 - Dos I can do ;)

Eamon

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #19 on: May 06, 2013, 07:39:44 am »
You could also try this image which is mostly the same as the other one:
https://sites.google.com/site/pfsensefirebox/home/FreeDOSBios.img

Since that's not gzip'd you won't have to extract it. If that runs but the others didn't you know it's an extraction problem.

Steve

Tried that one with physdiskwrite - worked the same as the gz one, booted up but that after the beeps nothing :(

Eamon

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #20 on: May 06, 2013, 08:12:43 am »
Yes that's the first thing I'd try. Edit the autoexec.bat file to put the console to com2 instead. Relatively easy test and it would confirm the problem.

If you boot with putty at 115200 does it show anything after the bios post that might indicate the card is booting? You should have an opportunity to interrupt the process and give the bootloader some parameters. You could potentially tell it to use com2 at that point.

You could try using one of the nanobsd_vga images. That will attempt to use the keyboard/monitor as the console. The resident bios code may redirect that to the com port. No idea if that would work.

It's possible to modify the bios like I did with the XTM5 but it's risky stuff. I managed to 'brick' the box a number of times but it did give me the opportunity to learn how to recover it!  ;D

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #21 on: May 06, 2013, 02:00:25 pm »
Ok so I've got a decent version of FreeDOS loaded. I used the image that worked and copied over the other files from the image you posted.

I got a Nanobsd_vga booted to the pfSense menu but then stopped outputting once it carried on, however the HDD light did flicker every so often, nothing came over COM2 :(

I didn't think it would redirect and convert vga to ansi but it was worth a go!

So at the mo I've my own version of the FreeDOSBios image loaded, is there anything I need to run that could be of interest?

Eamon

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #22 on: May 07, 2013, 03:17:15 am »
Hmm, OK.
So your hybrid FreeDOS image doesn't switch the console to the com port I take it? Or is it using com2?

Interesting the the nanobsd_vga image booted to the menu. I would not expect to see anything on the com port normally from that image. Its console output is all text mode so I would have thought there was a good chance of it being redirected. Can you escape from the boot process at the menu to get a prompt?

So booting the normal nanobsd image do you see anything after the POST?

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #23 on: May 07, 2013, 02:15:57 pm »
Yeah with the FreeDOS image I just left everything as it was, no redirection to COM ports done and it works fine - I guess the bios is handling all of the redirection to COM2.

With nanobsd_vga it was just the first pfSense text menu that showed up, then nothing - I guess bios handling the redirection then the switch to vga ends the output.

Booting nanobsg_vga I can escape to a command prompt. I didn't get much out of it as I am not familiar with FreeBSD - managed ls but that was it!

A normal nanobsd image - nothing - however UDMA/SMART message shows in POST - it didn't show with any of the above where I can boot and at least see something.

I've a 12pin IDC to 15pin Vga lead on order from ebay, might make things simplier!

Eamon

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #24 on: May 07, 2013, 02:38:53 pm »
Ah some progress.  :)
Probably the vga cable will make things a lot easier as long as it fits. The boxes I have here have a 2mm pitch connector instead of the more common 2.54mm (0.1"). You have a link to that cable?

Here are some things you can do at the boot loader prompt:
http://doc.pfsense.org/index.php/Booting_Options
Though I've never had to try any of them.

It appears there is no way (no practical way) use any serial port other than com1 for the console:
27.6.5.2 Using a Serial Port Other Than sio0 for the Console

Using a port other than sio0 as the console requires the boot blocks, the boot loader, and the kernel to be recompiled as follows.

That's for standard FreeBSD though not NanoBSD.  :-\

I take it you tried editing the autoexec.bat file in my FreeDOS image to com2?

Steve

Edit: I see fro your BIOS shots that although there is only one serial port enabled it is still set to com2 and still uses 0x2F8 for its I/O address. Thus if this is hardcoded for com1 it won't work. But FreeDOS should be able to do it.
« Last Edit: May 07, 2013, 02:42:21 pm by stephenw10 »

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #25 on: May 07, 2013, 03:12:09 pm »
Some other thoughts while I think of it.
There is another difference between the nanobsd and nanobsd_vga images. The straight nano images have dma disabled for the CF card interface. That's because many CF card readers do have required connections for DMA but the cards still report that they are DMA capable causing all sorts of trouble. However the nanobsd_vga image does not do this because it was developed for a specific device that will not boot if DMA is disabled. Could this be an issue here? I think it's probably just that it's trying to use com1 but that doesn't explain why it doesn't continue to boot in the background (flashing the HD LED).

One possibility would be to pre-install a config file on the CF card with some interfaces setup and then use the web interface to configure from there.

Steve

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #26 on: May 08, 2013, 03:42:17 pm »
Ah some progress.  :)
Probably the vga cable will make things a lot easier as long as it fits. The boxes I have here have a 2mm pitch connector instead of the more common 2.54mm (0.1"). You have a link to that cable?

You're right it's 2mm pitch and not 2.54mm which is what arrived :( The Keyboard/Mouse header is 2.54mm pitch though.

Here are some things you can do at the boot loader prompt:
http://doc.pfsense.org/index.php/Booting_Options
Though I've never had to try any of them.

I tried the set console command but got nowhere.


It appears there is no way (no practical way) use any serial port other than com1 for the console:
27.6.5.2 Using a Serial Port Other Than sio0 for the Console

Using a port other than sio0 as the console requires the boot blocks, the boot loader, and the kernel to be recompiled as follows.

That's for standard FreeBSD though not NanoBSD.  :-\

I'm deffo not compiling my own, I don't know anything/enough about FreeBSD to be doing that.

I take it you tried editing the autoexec.bat file in my FreeDOS image to com2?

Steve

Edit: I see fro your BIOS shots that although there is only one serial port enabled it is still set to com2 and still uses 0x2F8 for its I/O address. Thus if this is hardcoded for com1 it won't work. But FreeDOS should be able to do it.

I didn't edit the autoexec.bat file, and I didn't put anything in about COM - just left it as a standard DOS boot up - the BIOS does a good job of redirecting it all to COM2 :)

Eamon


Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #27 on: May 08, 2013, 06:08:55 pm »
Some other thoughts while I think of it.
There is another difference between the nanobsd and nanobsd_vga images. The straight nano images have dma disabled for the CF card interface. That's because many CF card readers do have required connections for DMA but the cards still report that they are DMA capable causing all sorts of trouble. However the nanobsd_vga image does not do this because it was developed for a specific device that will not boot if DMA is disabled. Could this be an issue here? I think it's probably just that it's trying to use com1 but that doesn't explain why it doesn't continue to boot in the background (flashing the HD LED).

One possibility would be to pre-install a config file on the CF card with some interfaces setup and then use the web interface to configure from there.

Steve

All the successful boots I've had with pfSense (to the menu) or FreeDos (to the command prompt) is when the UDMA/SMART message hasn't appreared in the POST screen. When it does appear it just blank screens and hangs.

The config file thing is a problem, I can't edit anything on the cf card when pfSense is on it, no go in windows or linux, so kinda stumped on that front.

The VM way might be worth a go. Convert img to vdi, edit, convert back..

Eamon

Eamon

Online stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11882
  • Karma: +461/-15
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #28 on: May 08, 2013, 07:23:58 pm »
You may be able to do this but I don't know if nanobsd checks or not:
http://doc.pfsense.org/index.php/Automatically_Restore_During_Install

I would definitely try one of my images with autoexec edited for com2 instread of com1. That would at least indicate what the issue is.

All the successful boots I've had with pfSense (to the menu) or FreeDos (to the command prompt) is when the UDMA/SMART message hasn't appreared in the POST screen. When it does appear it just blank screens and hangs.

This is interesting. Where exactly does this message appear? The fact that dma is disabled in the image should not affect the POST, how could it.

Steve
« Last Edit: May 08, 2013, 07:36:06 pm by stephenw10 »

Offline Eams

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: Watchguard Firebox XTM 8 Series
« Reply #29 on: May 09, 2013, 01:40:39 am »
I was actually looking at this on the FreeBSD website, it seems to be built into FreeBSD's nanobsd build - as it's documented on pfSense I would say it's safe to assume it's in pfSense nanobsd build too.

I'll try out a autoexec with com2 in it and see how that goes. I've another cf card on order so that'll make it easier to deal with mulitple images.

Yeah the UDMA/SMART thing is puzzling, I'll get a log from PuTTY later to show where it is.

Eamon