Welcome to the Silver Peak Unity Edgeconnect EC-XS (FWA-ASP1012)! A network appliance originally designed for SD-WAN applications, with 6 LAN ports and really good specs for a router.
OEM is Advantech. The FWA-ASP1012 is a OEM network appliance offered by Advantech, based around the Intel Atom C3xxx (Denverton) SoC, however, the "off the shelf" version differs slightly from this version customized for Silver Peak, chiefly, the rear panel ports are configured very differently, despite sharing the same model number!
Front
Back
Left side (the vents on my unit did not come blocked from the inside, like this picture suggests)
Right side (Images courtesy of NIST)
Confusingly, Silver Peak used to sell an older version of this EC-XS appliance based on a Lanner FW-7551 appliance. This guide does not apply to that model. You can tell the difference as the older Lanner version has 3 LEDs on the front (Advantech has 2) and the rear has all ports on a single line (the Advantech has the console port on a RJ45/USB combo).
Lanner version (Images courtesy of Aruba)
Price seems to be all over the place for the newer Advantech boxes, seems like there are not many around? I got mine for $68 on Ebay in September 2024. There is also an Aruba branded version out there, which I suppose must be newer than the Silver Peak units. The Aruba units should always be the Advantech model.
===
Hardware:
Motherboard top side (Image by author)
* CPU: Intel Atom C3558 (4 cores, 2.2 GHz)
* RAM: 16 GB (2x8 GB DIMMs, upgradeable) DDR4-2400 unregistered ECC
* Motherboard: NAMB-SP1012MB
* Storage: 120 GB M.2 SATA SSD, 8 GB eMMC on board
* 6 Gigabit LAN ports, 2 (
* Internal M.2 slot (SATA3 #1 and PCIe Gen3 x2)
* Internal SATA3 (#0) port (but nowhere to mount a disk)
* 2 USB 3.0 ports
* Cisco-style RJ45 serial console port
* 12 V, 5 A power supply
Soft power off works, but the case remains hot, even while in this state...
It has 2 Sunon EF40101B-1Q070-S99 40 mm fans, with what seems to be a standard PC 4-pin pinout. They are noisy at full speed, but the UEFI keeps them at a low enough speed that I can't notice them over the noisy ambience (I'd wager 50-60 dBA) at my lab. They are 12 V fans rated at 1.11 W each.
The M.2 slot supports both SATA and NVMe devices (at PCIe x2). This slot is connected to PCIe root port #3. You can use a M.2 SATA drive while using the other SATA port simultaneously, they are independent of each other.
====
Software:
UEFI has console redirection enabled by default on the RJ45 serial port. Default setting is 9600 baud, 8n1.
Default firmware seems to be some kind of Linux based and is loaded onto the SSD, I haven't explored at all beyond testing if the default credentials of admin/admin worked. The eMMC on my unit was formatted and there was something in there, but wasn't a bootable OS. I have imaged both drives and can provide them, if anyone is interested.
This device has a hardcoded setup password. Fortunately, it was easy to find, even if it took me an entire day to figure it out.
First you must obtain a dump of the UEFI flash, using a SPI programmer, for instance. It's socketed, which makes things easier. Unfortunately Advantech does not publish firmware updates online... and since this appliance is customized, we can't rely on updates for the off the shelf version, anyhow.
You can then open this dump with a tool such as UEFITool NE.
Under the partition with GUID
Extract the "PE32 image section", which should be an EFI executable. You can then search inside this binary file for Unicode strings, one of which will be an odd one out, amongst all the others, as it's not related to UEFI terminology:
Once inside, the UEFI setup has a few interesting options available:
It is possible to disable the watchdog timer here, as one of the available settings. This ability is probably useful for people wanting to run BSD on this hardware.
There is also an UEFI shell built-in. The firmware is capable of booting both legacy and UEFI software, plus, PXE is available, and it can boot in UEFI mode from the network, however, PXE is only available on the two I210 interfaces (labeled as
NVMe booting is supported. There is no UEFI option to list or configure NVMe devices (like most motherboards have) but they will show up in the boot order, can be selected as boot devices, etc.
OEM is Advantech. The FWA-ASP1012 is a OEM network appliance offered by Advantech, based around the Intel Atom C3xxx (Denverton) SoC, however, the "off the shelf" version differs slightly from this version customized for Silver Peak, chiefly, the rear panel ports are configured very differently, despite sharing the same model number!
Front
Back
Left side (the vents on my unit did not come blocked from the inside, like this picture suggests)
Right side (Images courtesy of NIST)
Confusingly, Silver Peak used to sell an older version of this EC-XS appliance based on a Lanner FW-7551 appliance. This guide does not apply to that model. You can tell the difference as the older Lanner version has 3 LEDs on the front (Advantech has 2) and the rear has all ports on a single line (the Advantech has the console port on a RJ45/USB combo).
Lanner version (Images courtesy of Aruba)
Price seems to be all over the place for the newer Advantech boxes, seems like there are not many around? I got mine for $68 on Ebay in September 2024. There is also an Aruba branded version out there, which I suppose must be newer than the Silver Peak units. The Aruba units should always be the Advantech model.
===
Hardware:
Motherboard top side (Image by author)
* CPU: Intel Atom C3558 (4 cores, 2.2 GHz)
* RAM: 16 GB (2x8 GB DIMMs, upgradeable) DDR4-2400 unregistered ECC
* Motherboard: NAMB-SP1012MB
* Storage: 120 GB M.2 SATA SSD, 8 GB eMMC on board
* 6 Gigabit LAN ports, 2 (
mgmt0/1) are Intel I210 and 4 (lan0/1 and wan0/1) Intel X553 (integrated into the C3558). The last 4 ports have a relay-based "bypass" feature* Internal M.2 slot (SATA3 #1 and PCIe Gen3 x2)
* Internal SATA3 (#0) port (but nowhere to mount a disk)
* 2 USB 3.0 ports
* Cisco-style RJ45 serial console port
* 12 V, 5 A power supply
Soft power off works, but the case remains hot, even while in this state...
It has 2 Sunon EF40101B-1Q070-S99 40 mm fans, with what seems to be a standard PC 4-pin pinout. They are noisy at full speed, but the UEFI keeps them at a low enough speed that I can't notice them over the noisy ambience (I'd wager 50-60 dBA) at my lab. They are 12 V fans rated at 1.11 W each.
The M.2 slot supports both SATA and NVMe devices (at PCIe x2). This slot is connected to PCIe root port #3. You can use a M.2 SATA drive while using the other SATA port simultaneously, they are independent of each other.
====
Software:
UEFI has console redirection enabled by default on the RJ45 serial port. Default setting is 9600 baud, 8n1.
Default firmware seems to be some kind of Linux based and is loaded onto the SSD, I haven't explored at all beyond testing if the default credentials of admin/admin worked. The eMMC on my unit was formatted and there was something in there, but wasn't a bootable OS. I have imaged both drives and can provide them, if anyone is interested.
This device has a hardcoded setup password. Fortunately, it was easy to find, even if it took me an entire day to figure it out.
First you must obtain a dump of the UEFI flash, using a SPI programmer, for instance. It's socketed, which makes things easier. Unfortunately Advantech does not publish firmware updates online... and since this appliance is customized, we can't rely on updates for the off the shelf version, anyhow.
You can then open this dump with a tool such as UEFITool NE.
Under the partition with GUID
8C8CE578-8A3D-4F1C-9935-896185C32DD3 there is a binary called "AMITSE" with GUID B1DA0ADF-4F77-4070-A88E-BFFE1C60529A, which seems to be responsible for handling the "text setup environment" used by this system.Extract the "PE32 image section", which should be an EFI executable. You can then search inside this binary file for Unicode strings, one of which will be an odd one out, amongst all the others, as it's not related to UEFI terminology:
Kilimanjaro1. At least for my unit with UEFI version 1.08, this happened to be the setup password.Once inside, the UEFI setup has a few interesting options available:
It is possible to disable the watchdog timer here, as one of the available settings. This ability is probably useful for people wanting to run BSD on this hardware.
There is also an UEFI shell built-in. The firmware is capable of booting both legacy and UEFI software, plus, PXE is available, and it can boot in UEFI mode from the network, however, PXE is only available on the two I210 interfaces (labeled as
mgmt0/1).NVMe booting is supported. There is no UEFI option to list or configure NVMe devices (like most motherboards have) but they will show up in the boot order, can be selected as boot devices, etc.
