To follow my steps you will need the following

• WatchGuard Core x550e incl. CF-Card (min 512mb)
• USB to serial adapter
• USB-card-reader for writing onto the compact-flash-card
• a pfsense image on your MacBook – see mirrors on pfsense.org

First you will download the pfsense image which is fitting best on your hardware. Since I am describing  this for a WatchGuard I would recommend

pfSense-2.0-RELEASE-512mb-i386-nanobsd

image. Just choose a mirror which is near your current location and download the file.

As the title of the post says – I will do all the next steps on a Mac OS X operating-system. In case you are using Microsoft Windows or Linux I would recommend that you search for detailed instructions in $SEARCHENGINE.

Now you will need to open your WatchGuard to get access to the compact-flash-card. In total you will need to remove 14 screws.
After removing the enclosure you will easily locate the CF-card on the right site of the box.
To remove the card you will need to void the warranty – yes this is ok because you will not have any warranty due the fact that the box is already EOL (speek end of life).

Connect the cf-card to your Mac with the help of a CF-card-reader and fire up a terminal. Get root access either by using

sudo su -

or perform all the next steps with the sudo “prefix”.

First we want to see which device is our CF-card. So we “ask” the diskutility.

diskutil list

And you should get an output similar to the following one.

root# diskutil list
/dev/disk0
 #: TYPE NAME SIZE IDENTIFIER
 0: GUID_partition_scheme *320.1 GB disk0
 1: EFI 209.7 MB disk0s1
 2: Apple_HFS Mac OS X 319.7 GB disk0s2
/dev/disk1
 #: TYPE NAME SIZE IDENTIFIER
 0: GUID_partition_scheme *512.5 MB disk1
 1: Apple_HFS Untitled 1 512.4 MB disk1s1
/dev/disk2
 #: TYPE NAME SIZE IDENTIFIER
 0: NO NAME *786.4 KB disk2

You should be able to identify your CF-card by checking the disk-size. Here it is /dev/disk1.
Next step is to make sure that the disk is not mounted.

diskutil umountdisk disk1

Now that we have unmounted the disk we can copy the pfsense image to the CF-card.

gzcat pfSense-2.0-RELEASE-512mb-i386-nanobsd.img.gz | dd of=/dev/disk1 bs=16

This command will decompress the pfsense image and copy it to the CF-card. Please be aware that this can take a long time. So please make sure that you have something to do while the card will be filled up with all the nice software. Expect up to two hours – yes this is a long time but I forgot to mesure the time needed.
After a while you should see some output like this:

332030208+0 records in
32030208+0 records out
512483328 bytes transferred in 2473.893463 secs (207157 bytes/sec

Oh wait – you have an idea how long it toke to copy all the stuff on this card? Great;)

Now just put the CF-card to the place it belongs – the Firebox (well it is not longer a Firebox but hey lets name it so) – connect the box via a serial connection to your Mac and open a serial terminal (in my last post I described how to manage this).
After firing up the box wait up to 90 secs and the check the nice output on the serial connection – does this feel great, looks cool hum? To be honest I like this moment – when a piece of metal comes “alive”.
Here is a snipped of the output you should see without doing anything besides looking at the terminal.

Root mount waiting for: usbus4 usbus3 usbus2
uhub2: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
Root mount waiting for: usbus4
Root mount waiting for: usbus4
Root mount waiting for: usbus4
uhub4: 8 ports with 8 removable, self powered
Trying to mount root from ufs:/dev/ufs/pfsense0
Configuring crash dumps...
Mounting filesystems...
Setting up embedded specific environment... done.

When the box asks you if you want to configure vlans I recommend to skip this for this moment since it ist must easier to do this on the web-interface later when the box is running and reachable via network.
Now connect your internet-cable to the port labeled with “0″ and your LAN-cable to “1″. Within the terminal enter sk0 for WAN and sk1 as the LAN interface.
After this steps you should be able to connect to the box via 192.168.1.1 in a web-browser.

The default user/password is admin/pfsense – after logging in the first time pfsense will present you a quick setup wizard which is ok so use it for the very first setup.

If everything went right you should now be online with your very one full featured router/firewall combo.

Hopefully this quick and dirty “how to” could help you a little bit. Maybe I will write something more about special things I do with my WatchGuard pfsense box.

• Install driver (Mac OS X PL2303 Driver)
• Connect USB to serial adapter to you MacBook
• Starting a screen session

Install driver

You will need a driver for your USB to serial adapter. The one I got is based on the PL2303 chip.
Some vendors provide a Mac driver but even then I found out that the one from the Mac OS X PL2303 driver project works best for me. Why? Well I am on Mac OS X Lion and after testing the driver from Aten I can say that I did not figure out how this should work. So I decided to go with the one I linked in the list above.
Please be aware that after you installed the driver your Mac will ask for a reboot – so it may be a good idea to save all the work before you start installing the driver.
Also please do not plug in you USB to serial adapter before you installed the driver. Yes I know nothing bad will happen so it didn’t to me at all, but you know Mr. Murphy and his law?

So just download the driver from the project website and install it. After the installation process has finished just reboot your Mac and …

Connect your USB to serial adaptor to your MAC

Yes that’s all for this step. No fancy stuff but I saw a lot of strange problems you would never think about.

Starting a screen session

You can of course use a special terminal software like zterm to connect to your serial device. But in this short “how-to” I would like to use the “Terminal”-App and the small but great program called “screen”.
So just fire up the “Terminal”-App – Applications –> Utilities –> Terminal. In this window just type

screen /dev/tty.usbserial 9600

and hit ENTER. You should now be connected to your (network-)device via a serial connection.