Installing pfSense on Watchguard x750e

This is a quick run down on how to install pfsense 2.4 on a watchguard x750e.

The watchguard x750e firwall appliance is great candidate to install pfsense on. It comes equipped with 8 x 1Gbps ports. It has upgradable memory and an upgradable compact flash card. It is possible to install a HDD in this unit, but requires the use of proprietary adadpter.

Equipment Required

  • watchGuard X-core-e Firebox (x550e / x750e / x1250e)
  • A Compact Flash card reader/writer
  • A null modem Cable
  • A large CF card. 4GB is sufficient, though i could only find an 8GB card which worked fine.
  • A USB to Serial adapter


 

Lets Begin

Quick test


First, id recommend testing the box works in its standard state. So, power it up, give it a few mintues to boot. Through the boot process it will conduct a memory test, wait until that completes and gives you "Memory test Passed". After a few minutes it will complete its boot up, you will know its complete when the display starts showing the uptime. You can now power the machine off.

 

Opening up you watchguard Firebox


This should just be a case of unscrewing the screws holding the lid on. There are 6 screws on each side, 3 at the front and 3 at the back. There are also 2 high on the back. You should then be able to slide and lift the lid off.

Back up your original image


I find its always worth keeping a back up of anything like this, in its original state. Remove the CF card from the Firebox and plug it into your CF reader. Ensure the card isnt mounted.

If you check in your syslog, it should tell you what device the CF card is. Once you know, run the following

jon@laptop:~$ sudo dd if=/dev/sdX of=/home/jon/watchguard-backup.img bs=1M


 

This will create an image of the current installed operating system and dump it into an img file  in my "home".

 

Flashing and booting freeDOS


We need to use freeDOS to rewrite the bios. The reason for this is to enable console redirection so we can actually setup our pfsense machine when its installed.

Download THIS file. Its the freeDOS image we will be using.

Id recommend using the original card that came with the  watchguard Firebox for this as they can be quite picky about cards.

Extract the freeDOS image you just downloaded, then dd it over to CF card.

jon@laptop:~$ sudo dd if=/home/jon/Downloads/FreeDOSBios2.img of=/dev/sdX bs=1M


Once that is complete, id probably suggest throwing a few "syncs" in there to make sure anything in buffer has been written to the card

jon@laptop:~$ sync

jon@laptop:~$ sync


You could probably get away with doing it the once, but i like to do it a couple of times jsut to be sure.

Now you can remove the CF card and put it back into your Firebox. You are almost ready to boot it back up.

Connect your null modem cable to your watchguard Firebox and usb to serial adapter and plug it into your computer. Im using Debian 8 on my laptop, so ill use "screen" as my client, but if your on windows just use putty.

The command i used was

(its a zero,by the way)

jon@laptop:~$ sudo screen /dev/ttyUSB0


Now thats ready to go, power up the watchguard Firebox.  Once freeDOS has fully booted, it will beep 3 times.  Now we need to run a few commands to flash the pre-made Bios.

> cd bios

> biosid

This should give you some information, like the following. Its recommended if yours differ's, DO NOT continue, its possible you have a hardware / software revision that isnt supported.

BIOS DATE  : 12/21/2005
CHIPSET ID : Alviso
BIOS ID  : 6A79GAKAC-00
BIOS TYPE  : Phoenix Technologies, Ltd.
OEM INFO  : **** BIOS Ver.ETAC0017 (2005/12/21> ****



Now we need to make a back of your original bios. Just in case.

> awdflash /pn /sy backup1.bin /e

Now we are ready for the flashing of the modified bios.

> awdflash x750eb7.bin /py /sn /cc /e

Once this is complete you will get the flashing prompt back. DO NOT do anything until you have that flashing prompt back. If you arent sure, just leave it 10-15 minutes.

Once we are back at the flashing prompt you can power down the Firebox and install your pfSense card.

Setup your pfSense CF card


To setup your pfSense card, you need to dd over the image to your new 4GB+ CF card.

Download the pfSense embedded image. I chose the 4GB image as i was using a large card, make sure you select the image for serial console output. NOT VGA.

Now we just dd over the image to out new card

jon@laptop:~$ sudo dd if=pfSense-2.2.4-RELEASE-4g-i386-nanobsd.img of=/dev/sdX bs=1M


This may take a few minutes. I think mine took about 20 minutes.

Once thats complete, throw a couple of "syncs" at it again, just to make sure anything in buffer has been written.

jon@laptop:~$ sync

jon@laptop:~$ sync


Again, one will probably do, but a couple dont do any harm.

Boot into pfSense


Now all that is left to do is to boot into pfSense.

Insert your newly flash card into your Firebox. You also need to change the settings in your terminal program. I used the following

jon@laptop:~$ sudo screen /dev/ttyUSB0 115200


(again, thats USB-ZERO-)

Now power up the firebox.

You should see the machine booting up like a normal PC, itll go through POST and mem test, then eventually boot into pfSense.

You can know go about installing and configuring pfSense as you normally would.

Using FreeIPA to authenticate OpenVPN users on pfSense

I have been fiddling with multiple different authentication methods to centralise the authentication across all my devices and services. ...… Continue reading

Zen Internet, IPv6 and pfsense

Published on February 19, 2017

Basic Telegraf, InfluxDB and Grafana setup

Published on January 26, 2017