Since there was broadband internet (here in Germany most-likely ADSL) I used some kind of router to connect all my devices in my home network with the internet.
But after a short period of time using the so called router from my ISP I decided to run a server as a router. The main reason was, that I became interested in the whole networking thing.
But since I always use the server also as storage I always wanted to have this box not directly connected to the internet. And as a lucky guy as I am I got the chance to get my hands on a used WatchGuard Firebox X550e.Since this box is already EOL I decided not to go with the WachGuard OS – which is not that bad at all – but install pfsense (http://pfsense.org) on it. And here is the way I did it.
To follow my steps you will need the following
- WatchGuard Core x550e incl. CF-Card (min 512mb)
- USB to serial adapter
- USB-card-reader for writing onto the compact-flash-card
- a pfsense image on your MacBook – see mirrors on pfsense.org
First you will download the pfsense image which is fitting best on your hardware. Since I am describing this for a WatchGuard I would recommend
pfSense-2.0-RELEASE-512mb-i386-nanobsd
image. Just choose a mirror which is near your current location and download the file.
As the title of the post says – I will do all the next steps on a Mac OS X operating-system. In case you are using Microsoft Windows or Linux I would recommend that you search for detailed instructions in $SEARCHENGINE.
Now you will need to open your WatchGuard to get access to the compact-flash-card. In total you will need to remove 14 screws.
After removing the enclosure you will easily locate the CF-card on the right site of the box.
To remove the card you will need to void the warranty – yes this is ok because you will not have any warranty due the fact that the box is already EOL (speek end of life).
Connect the cf-card to your Mac with the help of a CF-card-reader and fire up a terminal. Get root access either by using
sudo su -
or perform all the next steps with the sudo “prefix”.
First we want to see which device is our CF-card. So we “ask” the diskutility.
diskutil list
And you should get an output similar to the following one.
root# diskutil list /dev/disk0 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *320.1 GB disk0 1: EFI 209.7 MB disk0s1 2: Apple_HFS Mac OS X 319.7 GB disk0s2 /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *512.5 MB disk1 1: Apple_HFS Untitled 1 512.4 MB disk1s1 /dev/disk2 #: TYPE NAME SIZE IDENTIFIER 0: NO NAME *786.4 KB disk2
You should be able to identify your CF-card by checking the disk-size. Here it is /dev/disk1.
Next step is to make sure that the disk is not mounted.
diskutil umountdisk disk1
Now that we have unmounted the disk we can copy the pfsense image to the CF-card.
gzcat pfSense-2.0-RELEASE-512mb-i386-nanobsd.img.gz | dd of=/dev/disk1 bs=16
This command will decompress the pfsense image and copy it to the CF-card. Please be aware that this can take a long time. So please make sure that you have something to do while the card will be filled up with all the nice software. Expect up to two hours – yes this is a long time but I forgot to mesure the time needed.
After a while you should see some output like this:
332030208+0 records in 32030208+0 records out 512483328 bytes transferred in 2473.893463 secs (207157 bytes/sec
Oh wait – you have an idea how long it toke to copy all the stuff on this card? Great;)
Now just put the CF-card to the place it belongs – the Firebox (well it is not longer a Firebox but hey lets name it so) – connect the box via a serial connection to your Mac and open a serial terminal (in my last post I described how to manage this).
After firing up the box wait up to 90 secs and the check the nice output on the serial connection – does this feel great, looks cool hum? To be honest I like this moment – when a piece of metal comes “alive”.
Here is a snipped of the output you should see without doing anything besides looking at the terminal.
Root mount waiting for: usbus4 usbus3 usbus2 uhub2: 2 ports with 2 removable, self powered uhub3: 2 ports with 2 removable, self powered Root mount waiting for: usbus4 Root mount waiting for: usbus4 Root mount waiting for: usbus4 uhub4: 8 ports with 8 removable, self powered Trying to mount root from ufs:/dev/ufs/pfsense0 Configuring crash dumps... Mounting filesystems... Setting up embedded specific environment... done.
When the box asks you if you want to configure vlans I recommend to skip this for this moment since it ist must easier to do this on the web-interface later when the box is running and reachable via network.
Now connect your internet-cable to the port labeled with “0″ and your LAN-cable to “1″. Within the terminal enter sk0 for WAN and sk1 as the LAN interface.
After this steps you should be able to connect to the box via 192.168.1.1 in a web-browser.
The default user/password is admin/pfsense – after logging in the first time pfsense will present you a quick setup wizard which is ok so use it for the very first setup.
If everything went right you should now be online with your very one full featured router/firewall combo.
Hopefully this quick and dirty “how to” could help you a little bit. Maybe I will write something more about special things I do with my WatchGuard pfsense box.