I’ve done this enough times to be confident that it works. There’s some great instructions written by Daniel Bernhardt which cover the topic pretty well. Here’s a few things I’ve found:
- Some Fireboxes come with pre-installed 512MB CF cards whereas most come with 256MB cards. If you’re unlucky enough to get a box with a 512MB card, you’ll need to purchase a 256MB card for flashing the BIOS. The 512MB card will not work for this purpose.
- When Daniel notes that the “Baud Rate is going to change” it’s a little unclear what should be done here. You should allow the Firebox to boot until you start seeing gibberish coming out of the serial port. At this point, connect to the firebox with a baud rate of 115200 and power cycle it. After this, you can change the BIOS settings.
- Use a fast compact flash card. I’ve had a lot of problems on pfSense 2.1 with slow CF cards. A 200x card works great. I used a Sandisk 4GB 30MB/s card. This has the side effect documented here but this is purely cosmetic and does not affect the running of the system.
- The firebox has a spare RAM slot. This will happily take an extra 512MB DDR2 PC2-4200 533MHz DIMM to give your router a bit of a memory boost. These DIMMs are going so cheap on eBay it’s silly not to.
- At time of writing, the LCD screen is supported natively by the LCDproc-dev package. To use, do the following:
- Install the LCDproc-dev package
- Go to services->LCDproc
- Tick “Enable LCDproc at startup”
- Select the “Watchguard Firebox with SDEC (x86 only)” driver
- Leave everything else as is
- Click Save
- Tick the “Screens” that you want to show on the screens tab
- Go to status->services and start the LCDProc service
- Use the up/down button on the firebox to turn on the back-light and move between “screens”
This firebox range has turned out to be fast and reliable on production networks.
Edit: As per Stephen’s comment below, here’s a definitive reference source for Pfsense on Watchguard Firebox devices.
Below are mirrors of the files hosted by Daniel, just in-case they’ve vanished. These are possibly out of date. Use the pfsense docs link above as the definitive source.
The image for flashing the BIOS
The BIOS
WGXepc
MD5 sums of all the above
From Twitter: still have my one going strong modded with WiFi. Going to replace it with a Asus darkknight running toast man tomato soonish
From Twitter: @imduffy15 is it the e (gigabit) series? My 10/100 gave up the ghost recently. Think it’s just the hdd but an upgrade sounded good :p
From Twitter: Nope still on the x500.
From Twitter: @imduffy15 I just bought this tiny wireless AP in Tokyo, does 5 SSIDs with VLANs, and 100 other things i have not found yet. $18
From Twitter: @allanjude @imduffy15 That’s cool 😀 I got multiple SSIDs with 802.1Q tagging working on DD-WRT but it was a balls. $18 is a bargain!
From Twitter: @allanjude Happen to have the make/model of that? Wouldn’t mind wasting $18+Postage to see if its decent.
From Twitter: @imduffy15 @allanjude I’d buy one 😀
From Twitter: @imduffy15 Planex Comm. MZK-RP150N
From Twitter: @allanjude @imduffy15 thanks 🙂
Hey Phil. Good to see another firebox converted. 🙂
Those files you have mirrored are now out of date.
Newer versions have some new features, though not much but better to have the most recent anyway.
I am compiling (not finished yet) what I hope will be the definitive source of info here:
http://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
Feel free to share anything I’ve missed in the linked thread:
http://forum.pfsense.org/index.php/topic,59821.0.html
Steve
Great, thanks. I’ve updated the above.
Also you should be able to use a 512MB CF card if it came in the box. Some 512MB cards will boot, it depends on the presented disk geometry, and one that came in the box presumably would. I’ve not tried it though since none of my boxes had 512MB cards.
The bios image came from a 16MB card so any card between 16 and 256MB should work.
Steve
The 512MB that came with the 3rd box I’ve flashed didn’t boot. It got initial post beep but not the 3 beeps to signify freedos boot. I used a 256MB card that came out of one of the first 2 boxes I flashed without trouble. I assumed the 512MB would boot if it came with the firebox – there could have been corruption in my writing of the image to the card.
Ah, interesting. I guess maybe the Linux bootloader that Watchguard uses is more forgiving. I’ll stick to advising <512MB then.
Steve
Great 🙂 I’ve also added info on the LCD screen above. I notice this isn’t yet documented on the docs page. Works a treat – nice work on that 🙂
You can also use a SATA harddrive if you have a caddy.
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Booting_from_HD_3
Hi Phil,
Having a couple of issues making progress and wondering if you can shed any light?
I’m connecting to my X1000 using XP and Putty. Using a self wired Full handshake null modem cable.
1) Connected to 9600 and ran DOS commands to flash bios – ALL OK
2) Connected to 19200 and got gibberish after 3 beeps from firebox. – seems ok and inline with your writeup above.
3) connected to 115200 and get 3 beeps and nothing from putty
4) tried reconnecting as 9600 and I get a DOS prompt similar to point 1 here.
Not sure what on earth is going on?
Thanks in advance and Best Regards,
Adam.
Hi Adam,
Did you find a resolution to this? I have the exact same issue!
Hi Adam,
Did you ever find a solution to this?
I have the exact same problem.
Look forward to hearing from you!
Thanks,
Ryan