Skip to content

pfSense on Watchguard Firebox x750e project

February 10, 2015

Something I’ve been meaning to do for a while is build a firewall appliance. I’ve kept looking over the pfSense and M0n0wall sites and thinking it would be a good thing to learn from. As I might have mentioned previously, my networking knowledge is generally not as good as it might be, and while I have no ambition to try and become a CCIE, it would be useful to have some extra tools in the box. Virtualisation has meant that the role of the server guy has now expanded to include networking and storage, whereas this knowledge would previously have been silo’d into specific teams. The real deep knowledge still lives with the dedicated teams of course, but I just think I need more than I needed before.

So, a week or so ago, I took the plunge and won a Watchguard Firebox x750e on eBay. In the end, it was about £70 delivered. In a previous job many years ago, we bought one of these new and it wasn’t the most intuitive to set up. The licensing for the various features also seemed incredibly expensive on top of the original purchase price. But it’s red and has an LCD status panel, and in geek world, that’s very cool. Even the missus commented it looked nice 🙂 I’d missed a few before because of carelessness and a lack of enthusiasm but I got a really good one in the end, rack ears included, and the box really is as new. No scratches or marks from previous use, and the fans are clean. Might never have been used. I wanted the x750e as it seemed to offer a good compromise of being cheap to buy, offered most (?) of the available features of pfSense and has the 8 network ports. I’m going to run it on a 4GB CF card for now (another cheap eBay purchase) but I can add a proper hard drive or SSD perhaps in the future. All good.

Having got the component parts together, I brought it in to work yesterday to ‘work on it during lunch’ 😉 I needed a CF card reader to blitz some images on to the CF cards but I knew someone would have one. First hurdle. Having borrowed it, I found my HP zBook 15 with Windows 8.1 wouldn’t see the reader properly. I have one at home somewhere but god knows where. So a colleague helped me out. I’d read that I needed a 256MB CF card initially to write the BIOS flash image to, and most of them come with a 256MB card initially. Mine didn’t, a bright, shiny  512MB card staring at me. No worries, borrowed a 256MB Cisco card off a colleague. He wrote the image to the card and it was time to get it on to the box. The aim of the BIOS flash is to enable BIOS is to enable console access to the BIOS so that a few tweaks can be made in there to have it see the larger card. Worth mentioning here that apparently, M0n0wall will install to the standard, much smaller CF card without any BIOS shenanigans, so if this makes you nervous, bear that in mind. I keep a USB to Serial cable in my bag in case it’s needed for datacentre work, I connect to the kit with internet access and share my desktop for the network guys to do their stuff. I tried this using COM4 (discovered by opening Device Manager and looking under ‘Ports (COM and LPT )’) and the recommended Putty settings. This brought up a console session but no flashing cursor. Several cables later from various people, I found one that was correct. This was a harder task than it should have been, there are lots of cables that have right connector, female to female 9-pin to 9-pin, but they can have the pins wired up differently. You can read lots about this and it got very technical. At last, someone handed me one that worked, a black Maplins item for the record, and now I could connect straight away. I knew the image on the card was good as I was getting the 3 beeps on boot, indicating it had booted to a prompt. I ran the BIOS flash to B6 and went in to set the BIOS settings as advised. This is where it went a bit wobbly. pfSense is a community based project and as such, information appears buried deep in forum posts and slightly convoluted ‘official’ documentation. I was told later on the forum that B6 is old now and 8.1 is the newer version, with useful modifications. I was also using the latest image, v2.2, and why not use the latest version 🙂 The combination of these two tripped me up. I left it yesterday afternoon at the point where I had inserted the 4GB card with the v2.2 image written to it, but it was not booting. I just had endless retries of ‘ata0: DMA limited to UDMA33, controller found non-ATA66 cable’. I would would retry 3 times, exhausting it’s retries and then starting to try again. I mentioned this on the forum and it’s a simple-ish fix, a few tweaks to a couple of config files and all should be good.

https://forum.pfsense.org/index.php?topic=20095.msg480824#msg480824 for the v2.2 booting situation, and :

https://sites.google.com/site/pfsensefirebox/home/XEBIOS_81.BIN for the later BIOS.

I’ll report back when I step through this and have it up and running.

All in all, a fun little project that should teach me a thing or two. Not as easy as I thought it would be, although the forum is very good with very fast (and patient) answers to my newbie questions. There a re a few further tweaks and tricks to get things like the LCD display and indicator lights working properly, something that an impatient chap like me would like to see baked into the image, but then this is free, and is the nature of community-based projects. It’s not beyond me, and will be all the more satisfying when I’m done.

If you’re thinking of attempting the same, have a good read around, there’s a lot of information about this out there, so much in fact that it can be tricky to find exactly what you’re looking for.

Start at : https://pfsense.org/ and register on the forum. You will have questions to ask 🙂

Another useful resource is this page : http://practicalkungfu.net/2012/02/20/how-to-install-pfsense-2-0-on-a-watchguard-x750e-core/ It might not actually work out as simply as this but it’s a great step-through of the required steps, and something I kept referring back to.

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: