I’ve done this enough times to be confident that it works. There’s some great instructions written by Daniel Bernhardt which cover the topic pretty well. Here’s a few things I’ve found:
- Some Fireboxes come with pre-installed 512MB CF cards whereas most come with 256MB cards. If you’re unlucky enough to get a box with a 512MB card, you’ll need to purchase a 256MB card for flashing the BIOS. The 512MB card will not work for this purpose.
- When Daniel notes that the “Baud Rate is going to change” it’s a little unclear what should be done here. You should allow the Firebox to boot until you start seeing gibberish coming out of the serial port. At this point, connect to the firebox with a baud rate of 115200 and power cycle it. After this, you can change the BIOS settings.
- Use a fast compact flash card. I’ve had a lot of problems on pfSense 2.1 with slow CF cards. A 200x card works great. I used a Sandisk 4GB 30MB/s card. This has the side effect documented here but this is purely cosmetic and does not affect the running of the system.
- The firebox has a spare RAM slot. This will happily take an extra 512MB DDR2 PC2-4200 533MHz DIMM to give your router a bit of a memory boost. These DIMMs are going so cheap on eBay it’s silly not to.
- At time of writing, the LCD screen is supported natively by the LCDproc-dev package. To use, do the following:
- Install the LCDproc-dev package
- Go to services->LCDproc
- Tick “Enable LCDproc at startup”
- Select the “Watchguard Firebox with SDEC (x86 only)” driver
- Leave everything else as is
- Click Save
- Tick the “Screens” that you want to show on the screens tab
- Go to status->services and start the LCDProc service
- Use the up/down button on the firebox to turn on the back-light and move between “screens”
This firebox range has turned out to be fast and reliable on production networks.
Edit: As per Stephen’s comment below, here’s a definitive reference source for Pfsense on Watchguard Firebox devices.
Below are mirrors of the files hosted by Daniel, just in-case they’ve vanished. These are possibly out of date. Use the pfsense docs link above as the definitive source.