4G LTE Service consists of a 4G LTE cellular modem and a subscription plan. 4G LTE Service can be used with the Vault as a backup/failover Internet connection in the event the primary WAN service is down or as the primary WAN interface when a wired Internet connection is unavailable . For any business or operation, a 4G LTE failover solution ensures that Internet connectivity is preserved and eliminates potential loss of sales and loss of productivity. Maintaining a constant Internet connection is particularly crucial these days as so many applications and business functions are in the “cloud” and only accessible via the Internet.
4G LTE Service options are extremely cost effective compared to the loss of business and/or productivity. Baseline pricing is $29.99 per month for 1 Giga Byte (GB) of data or $34.99 per month for 1 GB with a public Static IP address. Additional usage is only $1 per 100 MB for either subscription plan. Protectli 4G LTE Products and Services can be found at this link.
In addition to backup/failover, there are numerous applications that are ideal for a standalone cellular connection. Examples are:
Temporary or short term connections for construction sites, sporting events, concerts, etc.
Permanent retail kiosks that are not close to a wired connection
Remote sensor monitoring
Remote vehicle and storage areas
Many others ……
4G LTE Service Configuration
As noted above, the 4G LTE Service consists of a 4G LTE cellular modem and a subscription plan. The modem and subscription plan are ordered together from Protectli. Protectli will insert a SIM card for the subscription plan and test connectivity to the cellular service. When the modem arrives it is fully functional and no configuration is required on the modem itself. It is required to attach the antennas to the “Main” and “Aux” connectors of the modem to get a good signal. Simply connect the LAN port of modem to one of the Vault’s Ethernet ports using the supplied Ethernet cable. There may need to be configuration of the Vault, depending on the installed operating system (OS). See the Protectli Knowledge Base at this link for articles that are specific to 4G LTE and particular OS.
4G LTE Service Specifications
4G LTE Category 4
Max download data rate up to 150 Mbits/second
Max upload data rate up to 50 Mbits/second
3G Failover
Band 2 (1900 MHz), Band 4 (1700/2100 MHz), Band 5 (850 MHz), Band 17 (700 MHz)
PXE (Preboot Execution Environment), allows for remote clients to boot from a network hosted image. In this article we will be setting up a PXE server on CentOS 7 with a pfSense® router in place. Vault models FW2B, FW4B, and all versions of the FW6 can be flashed to coreboot which has PXE capabilities.
We have guides covering how to install CentOS, pfSense® CE and how to flash coreboot on to the Vault.
Example Setup
For this example we will be configuring a CentOS 7 server for hosting PXE files along side pfSense® running the DHCP server to allow for network boot and install of CentOS 7 on a FW2B flashed with coreboot.
Log into your pfSense® webGUI and locate the DHCP Server menu under the Services tab
pfSense® DHCP Server
Scroll down to “Other Options” and fill in the TFTP server IP address
Verify the “Enables network booting” box is ticked
Enter the IP address of the Next Server (same as TFTP)
For “Default BIOS file name” enter pxelinux.0
DHCP PXE Settings
Click Save
At this point you can boot up the PXE client and verify that it lists the image and network installation functions. If you experience any issues, please feel free to reach out to us at: support@protectli.com
UEFI is an acronym for Unified Extensible Firmware Interface. It is a specification that defines a new model for the interface between operating systems (OS) and platform firmware. It is a replacement for legacy BIOS. More information may be found on the UEFI Forum website at: https://uefi.org/
Recent updates to some OS software have introduced incompatibility between the default installation of the OS with some of the Vault hardware platforms. Setting the BIOS mode on the Vault to UEFI eliminates some of these issues. The article below will detail how to set the BIOS mode to UEFI.
Changing BIOS mode to UEFI
Verify that the Vault is powered down
Verify that the monitor is connected
Verify that the USB keyboard is connected
While powering up the Vault, press “DEL” key
Verify that the system boots into the BIOS
BIOS Main Screen
Select the “Advanced” tab
BIOS Advanced Tab
Select “CSM Configuration”
CSM Screen
Select “Boot option filter”
Boot Option Filter Menu
Verify the Boot option filter menu is displayed
Select “UEFI only”
Press Return(Enter)
Press “F4” to save and exit the BIOS
Power off the Vault
At this point UEFI mode is enabled. See the specific installation guide for the desired OS.
If you experience any issues, please feel free to reach out to: support@protectli.com.
coreboot is an open source project focused on the boot and BIOS process for initializing hardware (HW) and booting an operating system (OS). coreboot has roots in the Linux community and can be found on the internet at https://www.coreboot.org/.
coreboot describes itself as: “…an extended firmware platform that delivers a lightning fast and secure boot experience on modern computers and embedded systems.” It is an open source alternative to legacy BIOS options with the following properties:
Fast Boot – Minimal image, removes legacy bloat
Open Source – The source code is available and can be built without any cost or license
Secure – Common backdoors of legacy BIOS can be disabled or not even included in the build
Support for modern HW and Intel CPUs
The coreboot philosophy is to do the absolute bare minimum to discover and initialize hardware (HW), then pass the control to another program called a “payload”. The payload then takes care of user interfaces, drivers, policies, etc. Protectli has implemented coreboot with the SeaBIOS payload.
coreboot is available on the FW2B, FW4B and FW6 series Protectli platforms as an alternative to traditional BIOS.
coreboot has been tested on the FW2B, FW4B and FW6 series with the following OS:
FreeBSD 11.2
OPNsense 19.1
pfSense 2.4.4
Ubuntu 18.10
coreboot can be selected at the time of ordering. It can also be installed in the field. See instructions below for FW2B and FW4B. The FW6 installation is more involved and requires recompiling the default version of the “flashrom” utility. Contact Protectli directly for instructions for the FW6 series.
Boot Menu
When coreboot is installed and the system boots, it will first attempt to boot from the internal mSATA. If there is no bootable OS on the mSATA, it will then attempt to boot from any USB that it discovers. If it is desired to boot from a USB to rather than mSATA, the boot menu can be accessed by pressing the “F11” key when the splash screen is displayed then selecting the desired boot device.
Installation Instructions
Note: Flashing new firmware onto any hardware is potentially dangerous in that if the procedure is interrupted or otherwise not able to complete, your hardware may be rendered useless. Please proceed with caution only after fully understanding each step of the following instructions. If there are any questions, please contact Protectli support BEFORE proceeding.
Note: Coreboot utilizes Legacy BIOS. If the operating system was previously installed under UEFI BIOS, coreboot may no longer recognize that drive.
coreboot is installed using a program called ‘flashrom’ which is available for many linux distributions. Protectli validated the installation of coreboot using flashrom on Ubuntu 18.10 (see this link for guidance on installing Ubuntu on the Vault). While flashrom works under other operating systems, this has not been tested by Protectli. As such, we recommend using Ubuntu to upgrade your Vault to coreboot.
In the instructions below, “#” indicates a command line instruction in an Ubuntu Terminal window. “filename” refers to the actual name of the file.
If not using Ubuntu on the Vault, remove the existing mSATA and replace it with the dedicated mSATA for the coreboot installation process
Install Ubuntu desktop version on the Vault to the dedicated mSATA per the link above
Verify that Ubuntu desktop version is installed and reboot the system
Verify that Ubuntu boots up to the desktop version and the Firefox browser is installed, or install the browser of your choice
Browse to the appropriate coreboot “filename.rom” file and download it to the Ubuntu system. See the table below for links to the coreboot .rom files.
Open a terminal window in Ubuntu. (Applications->Terminal)
Verify the terminal opens and change directory to “Downloads” using the following command:
#cd Downloads
Verify the “filename.rom” file has been downloaded to the “Downloads” directory using the following command:
#ls -la
Download the appropriate SHA256 checksum file per the table below
Verify the “filename.rom.sha” file has been downloaded to the “Downloads” directory using the following command:
#ls -la
If the files are compressed, with a suffix of “.zip”, uncompress them with the following commands:
where -V indicates verbose and output-file is the name of an output file that is saved with the contents of the flashrom output
Reboot the system
Verify the system boots and displays the coreboot version string on the screen, then the splash screen
Verify the system boots up to Ubuntu desktop
If not using Ubuntu as the OS, power off the system and replace the dedicated Ubuntu mSATA with the mSATA for the desired OS
Reboot the system and verify that it boots to the desired OS
At this point coreboot should be installed. However, as always, feel free to contact us at: support@protectli.com.
Flash from Coreboot to Original(AMI) BIOS
In case you would like to go to back the OEM BIOS, the steps are relatively straightforward. Following the same procedure as flashing Coreboot. Be sure to use the correct BIOS for your Vault.
Using the same Ubuntu install as the instructions above;
The “Splash Screen” is the graphical image or logo that is briefly displayed at boot up of the system. The splash screen for the Vault can be customized to enhance the brand awareness of the product and/or solution. Protectli provides a Windows tool that can be used to change the BIOS and customize the splash screen.
Splash Screen File
The splash screen file is a “bitmap” file with an extension of “.bmp” in Windows. The bitmap file used for the splash screen must have maximum dimensions of 800 x 600 and be less than 1.4 MB. If there is already a logo file in “.jpg” or “.png” format, that file can be converted to a bitmap file using the Windows Paint program or other tools.
Verify the Desired Splash Screen File
On Windows, right click the desired file
Select Properties
Verify “Type of File” is BMP file
Select the Details tab
Verify the Dimensions are 800 x 600 or less
Verify the Size is 1.4 MB or less
Convert the Desired Splash Screen File
If the desired file is in JPG or PNG format, it can be converted to Bitmap using the Windows Paint program. This procedure is only necessary if the desired file is not already in Bitmap format.
On Windows, right click the desired file
Select Edit
Verify the Paint program starts and the graphical image is displayed
Select File->Save As->Save as type:
Verify the dropdown menu that contains these bitmap options is displayed
Monochrome Bitmap
16 Color Bitmap
24 Color Bitmap
24-bit Bitmap
Select the desired bitmap format
Note that the formats listed in the dropdown are in increasing order of quality and increasing order of size
Select Save
Right click on the newly created bitmap and verify that it is less than 1.4 MB
If greater than 1.4 MB, repeat this procedure with a lesser quality bitmap format
Download the BIOS
The BIOS folder for each specific model of the Vault is available at this link. Be very sure when downloading and installing the BIOS that it is the correct BIOS for the specific Vault. Installing incorrect BIOS may result in an inoperable system.
Download the BIOS zip file for the model of the Vault from the link above
Verify the BIOS zip file is downloaded
Unzip the file and verify the BIOS folder is downloaded
Download the BIOS Logo Tool
There are two BIOS logo tools. One is for the FW1, FW2, and FW4 models of the Vault. The other is for the FW6 models of the Vault. The FW1, FW2, and FW4 tool is at this link. The FW6 tool is at this link.
Download the BIOS logo tool zip file for the model of the Vault from the link above
Verify the proper BIOS logo tool zip file is downloaded
Unzip the BIOS logo tool
Use the BIOS Logo Tool to Change the Splash Screen
Double click on the BIOS Logo executable file
Verify the “Change Logo” application appears on the screen
Change Logo Application
Select the “Load Image” button
Load Image Button
Verify navigator window is displayed
Navigator Window
Verify/Select “Files of type:” All Files
Navigate to the BIOS folder
Select the .bin file
Select “Open”
.bin File
Verify the .bin file is displayed in the proper folder in the “Aptio Image” Box
Aptio Image Box
Select Browse Button
Browse to find Bitmap File
Verify the navigator window is displayed
Select files of type “BMP Files (*bmp)
Navigate to the desired bitmap file
Select the .bmp file
Select Open
Verify the desired bitmap file is displayed in the “Select BMP file” box
Select BMP File
Select the Replace Logo button
Replace Logo
Verify the “Save Image As” button is now not grayed out
Save Image As Button
Select the “Save Image As” button
Verify the navigator window is displayed
Navigate to the BIOS folder, this is where the new BIOS file will be placed
Manually enter the name of the original .bin file, note that it must be exactly the same name
BIN File
Select Save button
Verify the Success message is displayed in the lower left of the tool
Success Message
Create Bootable USB Drive and Install New BIOS
Now that the new bitmap file has been created, the BIOS folder must be transferred to a USB drive and then used to update the BIOS on the Vault. Follow the instructions at this link to create a bootable USB drive, transfer the new BIOS folder to the USB drive, and install the new BIOS on the Vault.
Verify the splash screen has the new logo or image during initial boot
Verify the system boots
At this point, the new splash screen should be installed on The Vault. However, if you experience any issues, please feel free to reach out to us at: support@protectli.com.
There are known security vulnerabilities with Intel processors that are named “Spectre” and “Meltdown”. These vulnerabilities are documented at this link. There is a Windows based tool that can analyze the the system to determine if it is vulnerable to Spectre or Meltdown. This document describes how to use that tool to assess the vulnerability of the Vault. Information regarding specific BIOS updates to the different Vault platforms can be found from links on the product pages.
Scroll down to Download Button and download InSpectre application from this link.
Verify that the file/application “InSpectre.exe” is downloaded to the Windows computer
Run InSpectre (double-click) and verify the application pops up
InSpectre & Meltdown Vulnerability Status – Not Protected
Verify that both Meltdown and Spectre vulnerabilites are protected.
If not, update the Vault to the appropriate BIOS that addresses the vulnerabilities. See the latest BIOS at this link.
Update BIOS on the Vault
Rerun the InSpectre application
Verify vulnerabilities are protected
InSpectre & Meltdown Vulnerability Status – Protected
At this point the Vault should be protected from the Spectre and Meltdown vulnerabilities. However, if there are any issues, feel free to reach out to us at:
As with all Protectli Vault hardware, the FW2B and FW4B series need only RAM (memory) and mSATA (storage) added in order to have a fully functional hardware system. In addition, an optional WiFi module can be installed as well. For more information on HW compatibility, see this link.
The FW2B and FW4B series hardware are slightly different, but the chassis form factor, general board layout, and placement of components is largely the same. The FW2B and FW4B vary mainly in the type of CPU they have and the number of network ports. For a full comparison among different models, please see this page.
The annotated photo below shows the location of the various sockets. The FW2B is pictured. Note that the memory socket is underneath the mSATA and WiFi sockets.
CPU
The FW2B series uses an Intel J3060 processor and the FW4B series uses an Intel J3160 processor. Both of these CPUs have built in suport for Intel’s AES-NI hardware encryption.
Memory
There is a single SODIMM socket for memory. Additional information on compatible memory modules can be found in the Hardware Compatibility page. The maximum supported memory size is 8GB of DDR3L (1.35V).
mSATA
The FW2B, and FW4B series come with a single mSATA socket. This socket is capable of holding any logical size mSATA.
WiFi
The WiFi module socket is a PCIe form factor socket. The FW2B can accommodate a standard PCIe WiFi module. The FW4B while PCIe in form factor, operates over USB channel communication, limiting functionality as compared to pure PCIe modules. Protectli sells a compatible WiFi module that is available here. Instructions for installation of the WiFi module can be found here. The FW2B can also accommodate the Protectli PCIe/USB WiFi module.
Port Connectivity
The ‘Front’ of the FW4B Vault is pictured above. The FW2 is different, as it only has 2 network ports (WAN and LAN) but an additional 4 USB 2.0 ports.
Power should be supplied by the included power supply, which is rated for 12V at 3.3A.
The Power LED, which lights up green when power is applied, indicates that the Vault has power applied. It does not indicate the status for the operating system
The Drive Activity LED will blink, according to mSATA drive activity. Usually, the user will see the most activity as the unit is booting, or if the unit is under heavy load. For most operating systems, this indicator will not be on and only blink occasionally under most conditions.
The Network ports are each independenly connected to the CPU via a PCIe connection. A table that shows port numbering can be found below.
Vault Model
Port 6
Port 5
Port 4
Port 3
Port 2
Port 1
FW1x
-
-
OPT2
OPT1
LAN
WAN
FW2x
-
-
-
-
LAN
WAN
FW4x
-
-
OPT2
OPT1
LAN
WAN
FW6x
OPT4
OPT3
OPT2
OPT1
LAN
WAN
FreeBSD (pfSense) Labeling (in software)
em5
em4
em3
em2
em1
em0
Windows 10 (in software)
Ethernet 5
Ethernet 4
Ethernet 3
Ethernet 2
Ethernet
Ethernet 1
Data Sheets
The FW2B data sheet can be found at this link. The FW4B data sheet can be found at this link.
The FW1, FW2, FW4A and FW6 Vaults may be affected by this vulnerability. The FW2B and FW4B are not affected. Protectli understands the urgency of this issue and we are working with our partners to generate BIOS updates to address the issue. We will post the updated BIOS and/or timelines for updated BIOS on this page shortly.
BIOS
BIOS is the abbreviation for Basic Input Output System. It is a small program that is stored on non-volatile memory that is used to initialize the system hardware during the boot process. BIOS is installed on every system when it ships, but occasionally there are upgrades to the BIOS to address various issues. This page has a table with all of the current versions of BIOS for the Vault. BIOS can be downloaded from this table by clicking on the “Download Link” entry and used to upgrade the BIOS on the Vault.
The currently installed BIOS version can be found on the main BIOS page, as seen in the example screenshot below (circled in red):
BIOS Main Tab
See this link for instructions on how to install BIOS on the Vault.
New Logo, Enable UEFI and Legacy, Boot Order UEFI before Legacy
August 1, 2019
Notes
Some older versions of FW1 and FW2 Vaults do not automatically update the new Boot Order with version BTL4A012. If this occurs, follow the steps below to set the Boot Order:
Power off the unit
Reboot the unit and hit the DEL key to enter BIOS
Select the Boot Tab
Select “F3” to Load Optimized Defaults
Verify the proper Boot order of 1) UEFI mSATA 2) UEFI USB 3) Legacy mSATA 4) Legacy USB
This article will explain how to create a bootable FreeDOS USB drive and prepare the drive with the appropriate BIOS update files for installation on a Protectli Vault. FreeDOS is a free DOS application that is compatible with Intel based computers, such as the Vault. The Vault uses FreeDOS to install BIOS updates to the Vault.
For creating a bootable USB with Windows, Protectli recommends a tool called Rufus. The home page for Rufus is https://rufus.akeo.ie. The Windows system requirements are listed on the Rufus homepage.
Create Bootable FreeDOS USB – Windows
Download the Rufus tool from the home page to a Windows computer
Verify an executable file with a name of rufus-2.17 or similar is downloaded (the version you download may have a higher version number than this example)
Note that rufus is an executable and does not need to be installed.
Select the Rufus application that was downloaded and verify that the main menu pops up (example screenshot below)
Verify that “FreeDOS” is the default selection
Rufus Main Menu
Insert a USB drive into a USB port on the PC
Verify that Rufus recognizes the USB drive
Rufus Detects USB Drive
Select Start
Verify the warning appears and select Ok
Rufus Warning Message
Verify the FreeDOS is created on the USB, application status is “READY” and the green bar is complete
Rufus Ready Message
Download BIOS and Copy BIOS Folder to FreeDOS USB
*** Important ***
Note that the folder, file, and version names in this article are used as an example. The actual folder, file, and version names will vary depending on the model of Vault and the version of BIOS.
Download the BIOS folder to the Windows machine from the Protectli BIOS Version page at this link
The BIOS folder will be a compressed “zip” file. If compressed, uncompress the zip file
Go to “This PC” on the Windows machine and select the USB drive
Select USB Drive on This PC
Drag/copy the BIOS folder to the USB drive
If prompted, check the box to copy all current items to the USB Drive
Copy Prompt
Verify folder copied to the USB Drive
BIOS Folder in USB Drive
Safely remove the USB drive from the Windows computer
Update BIOS on the Vault
Note: Freedos will not boot in UEFI BIOS. To successfully complete this procedure make sure the BIOS is set to Legacy. We have a guide covering this here. Using the same steps but switch to “Legacy Only”.
Insert the USB drive into the Vault
Hit the “F11” key repeatedly during boot
Verify the Vault boots to the boot selection menu
Select the USB and verify the Vault boots to the DOS prompt
Type “dir” to see the contents of the USB drive
In this example the folder “4A171114” should appear
Type “cd 4A171114” to change directory to the BIOS folder
Type “update.bat”
Verify that the BIOS installation completes
Verify BIOS ID on the Vault
Reboot the Vault
Hit the “DEL” key repeatedly during boot
Verify the Vault boots to the main BIOS window
Verify the BIOS ID is the correct version
BIOS ID
At this point the new BIOS should be installed. However, if there are any issues, feel free to reach out to us at:
With Solid State Drives (SSD) and fanless cooling, the Vault has been extremely stable over the years. However, as with all computers, occasionally the Vault may have various issues.
The most common issues that occur are due to faulty mSATA, faulty DRAM, or need for CMOS reset on the FW1, FW2 and FW4A series.
This article will help the user diagnose and repair the majority of the problems that do occur.
Accessing components
In order to access the components, disconnect power, turn the unit upside down and remove the 4 screws on the bottom plate. The photos below show the internal sockets of the Vault when the bottom plate is removed.
FW1, FW2, FW4A
FW2B, FW4B
FW6
DRAM troubleshooting instructions
Some issues are due to faulty DRAM or system memory.
In order to verify memory, follow these steps:
Remove the bottom plate of the Vault and identify the components per the instructions above.
Verify memory is properly installed. There should be a noticeable “click” when the DRAM is properly inserted into the socket.
Verify the memory for the FW1, FW2, FW2B, FW4A, FW4B series is DDR3L where the “L” is for “low voltage” of 1.35V. DDR3 requires 1.5V and is not compatible with the Vault.
If there are still issues, run a cycle of Memtest. Instructions can be found at this link.
If there are still issues, replace the DRAM with known good DRAM.
If there are still issues, it is likely the DRAM is not the issue.
mSATA troubleshooting instructions
Some issues are due to faulty mSATA or system solid state drive (SSD).
In order to verify mSATA, follow these steps:
Remove the bottom plate of the Vault and identify the components per the instructions above.
There are 2 PCI sockets in the Vault. One is for mSATA and the other is for the WiFi module. See the photos above for the proper mSATA socket. Verify the mSATA is installed in the proper socket and screwed down.
If the mSATA is properly installed and there are still issues, replace it with a known good mSATA.
If there are still issues, then likely the mSATA is not the fault.
CMOS reset instructions
The Vault’s CMOS is a small amount of battery backed memory that contains basic system information for the BIOS. Occassionally the CMOS on the FW1, FW2 and FW4A series units can get into a state where it needs to be reset.
Examine the Vault for any obvious external damage that may have occurred during shipping, installation, or while in service.
Verify that all of the ports, connectors, and power button are properly positioned in the chassis.
Loose components or screws
Shake the Vault
Verify there are no sounds to indicate a loose screw or other loose component
If it sounds like a loose item, open the vault and verify the issue.
Basic troubleshooting
See photos below for the Vault interfaces
FW1, FW4 Front View
FW1, FW4 Back View
FW6 Front View
FW6 Back View
Plug one end of the power cable into a live AC power outlet and the other end into the DC power adapter.
Verify both connections are secure.
Verify the LED on the DC power adapter is illuminated.
Connect one end of a video cable to either the VGA connector or to the HDMI connector depending upon the model of the Vault. Connect the other end to the appropriate connection of a video monitor.
Verify the connections are secure.
Note that most video monitors have multiple interfaces such as VGA, HDMI and DVI.
Verify the video monitor is configured to use the correct interface for the Vault or that the video monitor can auto select the correct interface.
Connect a keyboard and mouse to the USB ports on the Vault.
Verify both connections are secure.
Plug the DC power cable into the power jack of the vault
Verify the blue LED on the power button is illuminated.
Verify that the green LED on the front panel is illuminated.
Issues
No Video
Monitor the video screen and verify that the system boots up.
If no video is displayed, it may be due to a “barebone” unit. In other words, there is no DRAM or mSATA installed in the device when it ships from the factory. The FWX001, FW2B, FW4X-0, and FW6X-0 series are all barebone units and require installation of at least DRAM before any video can be displayed.
Verify a working VGA/HDMI cable
If available, try another monitor to check possible compatibility issues
If still no video
Remove the power plug from the Vault
Open the vault per the instructions above and verify that DRAM is properly installed in the system
If DRAM is properly in place,
Follow the CMOS reset instructions above
After CMOS reset, power on the device and verify it displays video and boots correctly
If the system boots correctly, this indicates CMOS reset was required to resolve the issue
If there is still no video
Follow the DRAM troubleshooting instructions above
After DRAM troubleshooting, power on the device and verify it displays video and boots correctly
If the system boots correctly, this indicates replacing faulty DRAM was required to resolve the issue
If there is still no video
Remove the mSATA and verify the system boots up to the BIOS menu
If the system boots correctly, this indicates faulty mSATA that should be replaced
Verify that mSATA is properly installed per the instructions above
If mSATA is properly in place,
Follow the CMOS reset instructions above
After CMOS reset, power on the device and verify it displays video and boots correctly.
If the system boots correctly, this indicates CMOS reset was required to resolve the issue.
If the system still boots directly to BIOS
Follow the mSATA troubleshooting instructions above.
If the system boots correctly, this indicates faulty mSATA that should be replaced.
If the system still boots directly to BIOS, contact Protectli support at: support@protectli.com
No Operating System (OS) found
If the device boots and the following message or similar is displayed on the screen:
“Reboot and Select proper Boot device or Insert boot Media in selected Boot device and press a key”
it means that the device has booted correctly, recognized the mSATA as a bootable device, and there is no OS installed on the mSATA.
Protectli does not install a default OS onto the Vault so this is expected initial behavior.
Install an OS onto the Vault. There are instructions for many of the most popular open source firewalls, routers, network applications, Linux and Windows software packages on the Protectli Knowledge Base at this link.
Verify the installation completes successfully.
OS Installation Issues
Problems installing an OS are typically related to the specific OS image and/or the method used to create the installation image.
Specific instructions for many popular OS can be found on the Protectli Knowledge Base page at this link.
Verify that AMD 64 bit image type is selected, if image type selection is required, depending on the OS.
Verify that a VGA or COM/Serial port image is selected, if required, depending on the OS.
Follow the instructions on the Protectli Knowledge Base page at this link to create a bootable USB drive.
Can’t install OS via COM/Serial port
If an OS cannot be installed via the COM port:
Verify the COM port session has been configured correctly. See this link
Verify the image used for OS installation supports the COM port. Some OS installations require a specific image to use the COM port.
If the COM port session has been configured correctly and the correct image is used for OS installation and there are still issues, follow the instructions above for “No Video”.
Vault Crashes or Reboots
If the Vault “crashes” or peforms erratically during boot up, installation, or while in service,
Follow the mSATA troubleshooting instructions above.
If issues continue, follow the DRAM troubleshooting instructions above
If issues continue, follow the CMOS reset instructions above
If issues continue, it may be due to a corrupt OS. If possible with the OS, save the configuration file. Reinstall the OS.
If issues continue, it is most likely a software OS problem. Common issues are typically posted to the support sites or forums for the specific OS.
Here are some of the support sites for the most common OS:
If an OS is installed and appears to operate correctly, but there is no network connectivity for one or more Ethernet ports, follow these instructions:
For all Ethernet ports:
Verify the Ethernet cable is properly connected between the Vault and a switch/router.
Verify the Green connectivity LED for the port is constantly illuminated.
Verify the Yellow activity LED is blinking
WAN port:
The default IP address on the WAN port for almost all OS is to get an IP address from a DHCP server.
Verify the connected switch/router/network is configured as a DHCP server to provide an IP address to the Vault.
Verify the OS that is installed recognizes a proper IP address on the WAN port.
An address of 169.254.10.1 or 169.254.XX.YY indicates that the IP address was generated automatically by the Vault because it was unable to get an IP address from a DHCP server.
LAN port:
Depending on the OS, the LAN port may get a default static IP address. As an example, pfSense® CE sets a static IP address to 192.168.2.1 and enables it as a DHCP server. FreeBSD automatically names the LAN port “em1” and sets a static IP address to 192.168.2.1 and enables it as a DHCP server.
Verify the OS that is installed recognizes a proper IP address on the LAN port.
OPT1-OPT3 ports:
Depending on the OS, the OPT ports are typically not configured as a default. Sometimes they can be configured during installation, but not always.
Verify the OS that is installed recognizes the OPT ports.
Verify the OS can configure the OPT ports for the proper IP configuration, static, DHCP, IPv4/IPv6, etc.
For all Ethernet ports, verify there are proper firewall rules in place to allow and or deny the desired traffic through the specified port.
More details for configuration of various OS that are compatible with the Vault can be found on the Protectli Knowledge Base page at this link.
Vault seems to be hot
Depending on the load and system activity, the external temperature of the Vault will vary. The Vault uses Intel devices that can monitor the temperature of the CPU, other components and the system. Many OS have the ability to display the temperature data in the dashboard or via other utilities. If running pfSense we have an article here which covers temperatures and a table showing max safe temps.
If the Vault seems hot,
Verify the temperature via the OS dashboard or other utility. CPU core temperatures in the 60’s C are not unusual for heavy load.
For the FW1, FW2, FW4A series, verify that the ventilation slots on the side of the unit are not blocked.
Verify adequate ventilation around the Vault
Verify the ambient temperature where the Vault is installed. Operating temperature is from 0 C to 50 C.
We expect that this troubleshooting guide has the information to resolve most common issues that occur with the Vault. However, if there are still unresolved issues, feel free to reach out to us at:
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy
