+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Internet Related/Filtering/Firewall Thread, building pFsense on an old Watchguard Firebox. ( Lets see if I can do it) in Technical; Background. With relation to this thread http://www.edugeek.net/forums/wired-...-3-switch.html And a tip off from "cpjitservices" I built a Virtual machine to test ...
  1. #1

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150

    building pFsense on an old Watchguard Firebox. ( Lets see if I can do it)

    Background.

    With relation to this thread
    Using Smoothwall Express With a Cisco Layer 3 Switch?

    And a tip off from "cpjitservices"

    I built a Virtual machine to test captive portal for our BYOD project.

    That worked realy well, however whilst stumbling round the net i came across reference to using pFsense on a Watchguard Firebox....

    Fortunatly we had 2 X5500e-Peak and an SSL500 (which is more or less the same platform with different software). These were redundant and taking up space in a pile of stuff behind my desk, so finding a decent use for them was a bonus.

    So I am going to try the build and documnet my success/failure for you.

    There is quite a lot of info on the subject
    http://forum.pfsense.org/index.php/topic,20095.0.html
    http://forum.pfsense.org/index.php/topic,25011.0.html
    Firebox X500 hardware

    and two guides that I am referencing.
    Installing pfSense on a Watchguard Firebox X
    PracticalKungFu.net >How to install pfsense 2.0 on a Watchguard x750e Core

    Various WG Fireboxes can be picked up and some for under 100 so they can hopefully make cracking reclaimed firewall.

    Rob
    Last edited by twin--turbo; 20th November 2012 at 09:32 AM.

  2. #2

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    The Firebox is just a Intel Processor based PC board (Custom) the WG boots of a 256MB CF card, so the crux of it is changing the software to pFsense. 1st stumbling block that people have found is that the Firebox Bios is setup so that only a 256MB card will boot and the new image is bigger. So you have to get into the bios ( enabling serial console ) and change some settings.

    After taking the case appart (X5500) (photo to follow) I found the CF card that holds the system. On this platform it was hidden under a hardwar VPN expansion card.

    I then but this in a PCMCIA -> CF adapter and slotted it in an Ubuntu laptop.

    Unlike other guides I decided to try and back up the CF Card first. ( we will see if this works later! ) using the dd command

    dd if /dev/sdb of=/home/administrator/pfwork/firebox256.img

    (obviously the device needs to be the correct one! /dev/xxxx)



    It reported 257MB copied so that sounds reasonable.

  3. #3

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    and then wrote out the new image which has freedos and the program to update the bios.

    dd if=FreeDOSBios.img of=/dev/sdb

    which returened 8.2MB Copied

    So far so good.

    Before continuing I decided to put the image of PFSense on the BIG CF card that would run the new OS, this was so I can swap to an older laptop with Serial ( I could have done it on just one laptop but prefered using "dd" to move the images arround.

    So I downloaded an unpacked the latest ( Well it's Dec 2011) 2.0.1 4GB NanoBSD image for i386.. http://pfsense.mirrors.ovh.net/pfsen...nanobsd.img.gz

    Unpacked it and transfered it to the 4GB card. ( well I will do in 55 mins when the download finishes! )

  4. Thanks to twin--turbo from:

    cpjitservices (20th November 2012)

  5. #4
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    Excellent... I've been looking forward to this thread!

    This is one thing I've never tied, I've only ever had pfsense running on a PC based machine or a VM.

    Once you have got pfsense up & running on the WG will you be using it / testing it as a UTM device ?

    I've often wondered whether pfsense would make the ultimate solution as a UTM but never had the chance or time to test it.

    Looking forward to photo's and some more of your findings.

    Thanks @twin--turbo

    PS - If you get chance look on the internet for pfsense home router... you can make some routers actually run pfsense - some of those routers do go on ebay now and again for 30 quid or so, Ideal for those of you with a Cable Internet connection. Usually pfsense works on home routers based on the ALIX hardware. Right now I cant find the link but it's out there somewhere.
    http://linitx.com/product/12647?gcli...FaTKtAod2jcAag
    Last edited by cpjitservices; 20th November 2012 at 10:14 AM.

  6. #5

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    So instead of waiting arround I put the 256MB card back in the WG and powered on with my Windows laptop, serial cable salvaged from a random box, and a putty session on 9600 baud.

    Yay "Freedos" ( Picture later )

    and now it 's time to flash the BIOS, the files are already on the image so no need to put them there.

    AWDFLASH is used to flash the BIOS
    AWDFLASH command line switches

    with the recomended command of
    awdflash.exe X750EB2.BIN /py /sn /cc /e

    but I am goign to attempt to back up the original so my command will be
    awdflash.exe X750EB2.BIN OLDBIOS.BIN /sy /py /sn /cc /e

    Here goes... Afterwards we will hopefully have bios on the terminal line..

  7. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,801
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    I might give this a go! I have a couple of old Watchguards in the corner!

  8. #7

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,776
    Thank Post
    764
    Thanked 541 Times in 424 Posts
    Rep Power
    259
    I built pfsense onto an old appliance - had no problems building it, spent nearly a week trying to configure the bloody thing and eventually gave up and did the routing job I wanted it for with our HP switches...

  9. #8

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Phew.....

    Tried a few of the various bios flashes and had no joy, found out I needed 115200 baud but that still seemed to be spitting junk out.

    Removed and reseated the serial cable and it popped up.

    I was on file X750EB5 ( thought I had bricked the box when it did not work... )

    So I am now in the serial BIOS ( press tab to get in rather than DEL )...

    Got to go and sort a Phone for someone now though............................................ .................

  10. #9
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,421
    Thank Post
    508
    Thanked 282 Times in 258 Posts
    Rep Power
    81
    Hmmmmmm Phone or pfsense.... know which on I'd rather be sorting... owell we have to do these things lol.

    Glad yo got it sorted regarding getting into the BIOS, you've got further than what I would of ... I'm afraid I'd of given in with defeat.

  11. #10

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    LOL... Phone only took 20 mins, had to patch through fromanother old building, setup the vlan and patch from one end of the server room to the other.... Job Jobed..

    the image i downloaded came as a .gz (gzip) which we use gunzip to unzip.. (I renamed it for ease of use to pf.img.gz)

    gunzip pf.img.gz

    and then write it out to my 4gb CF with

    dd if=pf.img of=/dev/sdb

    going to take a few mins to do that

    dd

  12. #11

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    I am not stuck....

    the small image did 8.2MB in 16 seconds.. (Roughly 2secons a MB)

    so by my reconing 4GB ( 4024 at 2MB/s = 8048 Seconds = 134 Minuets 2hrs 14m ) ...

    Coffee on the boil.

    Rob

  13. #12

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    7744 Seconds

    Rob

  14. #13

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Balls...

    (forgot the last paramater of the image transfer... See you agai in 7700 seconds.

    dd if=pf.img of=/dev/sdb bs=16k

  15. Thanks to twin--turbo from:

    cpjitservices (20th November 2012)

  16. #14

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Ahhhhhrg..

    Well after re-imaging the 4GB i found I still could not boot.

    It was only this mornign that I realised that i had downloaded the VGA image which does not work on a serial line!!

    It's now booted....

    Rob

  17. #15

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    on the serial console i set up the lan and wan addresses and then tried to determine which socket I was connected to as the naming was a little different ( not 1 - 8 0r 0- 7 )

    at first I had trouble as I was tryign to ping the wan interface which is default firewalled.

    then I tried the lan interface and eventualy found and connected to the web console.

    I determined that the 8 interfaces on this box,

    pfsense = watchguard front
    msk0 = interface 0
    msk1 = interface 1
    msk2 = interface 2
    msk3 = interface 3
    sk0 = interface 4
    sk1 = interface 5
    sk2 = interface 6
    sk3 = interface 7





    whilst in the bios I also set the terminal speed to 9600 as that is what pfSense outputs. It makes the memory test on boot very slow but you can 'esc' past it.



    So that's it.

    Basicaly installing pFsense on an old Watchguard is not difficult and works.


    I guess I should now do a quick "Captive Portal" Guide...

  18. Thanks to twin--turbo from:

    cpjitservices (21st November 2012)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [Website] See if you can't come up with something funny on the t-shirt
    By mattx in forum Jokes/Interweb Things
    Replies: 3
    Last Post: 19th February 2010, 07:10 PM
  2. Let's see if we can nail these slimeballs...
    By tech_guy in forum General Chat
    Replies: 0
    Last Post: 9th May 2008, 03:43 PM
  3. Can you run the KS3 Test server stuff on an XP machine?
    By RoyG in forum ICT KS3 SATS Tests
    Replies: 6
    Last Post: 19th April 2007, 12:44 AM
  4. Replies: 28
    Last Post: 20th November 2006, 03:44 PM
  5. Changing port vLANs on an HP ProCurve switch
    By MrDylan in forum Hardware
    Replies: 6
    Last Post: 9th March 2006, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •