WatchGuard XTM 5 – Full Repurpose Guide (BIOS Unlock + OPN/pfSense Working)
-
I recently picked up a WatchGuard XTM 5 for a homelab firewall project and figured it would be a quick job — swap storage, install OPNsense, done.
That wasn’t the case.
The biggest issue with these boxes is the locked BIOS and some very outdated defaults, which cause all sorts of problems when trying to use modern storage.
What I actually did (full repurpose)
- Replaced the CF card with an SSD
- Upgraded RAM
- Installed OPNsense
Problems I hit
- Would not boot with SATA connected
- OPNsense installs completed but wouldn’t boot
- BIOS locked (no AHCI / limited boot options)
Root cause
The BIOS is locked down and forces legacy behaviour that doesn’t play nicely with modern drives.
What fixed it
- Backed up BIOS (twice, verified)
- Flashed unlocked BIOS
- Switched SATA to AHCI
- Reinstalled OPNsense using MBR
- Fixed boot/root mount manually
After that it worked properly.
Result
- Boots cleanly from SSD
- AHCI enabled
- OPNsense runs and updates fine
- Fully usable as a homelab firewall
Full Guides
I ended up documenting everything properly as I went:
BIOS unlock + flashing process (with working ROM):
https://kr0311.com/projects/watchguard-xtm5-bios-unlock-guide/Full repurpose + OPNsense setup write-up:
https://kr0311.com/projects/repurposed-watchguard-xtm-5/
Notes
- Do NOT skip BIOS backup/verification steps
- Flashing incorrectly can brick the device
- These boxes behave much better with MBR than GPT
- Boot device naming can cause confusion
If anyone else is working with these and gets stuck, happy to help
-
Hi, links seems to be dead.
Could you check them?
Thanks. -
@mpissarello Hi, Apologies im in the middle of migrate my homelab over to Unifi switches after my HP switch died so site is currently offline, i have attached the file here for the time being xtm5_83.zip
-
@KR0311 Hi, thank you for the rom file.
When you can, without rushing, please also restore the guides.
Thank you in advance. -
@mpissarello Hi, The site and guides have now been restored and accessible via the links above, Thanks
-
@KR0311 Just at a complete lost to why you would post this here? I can see unlocking the bios etc... But really that other distro?? wtf??
-
@johnpoz
Not really sure what the issue is with posting it here to be honest.The whole point of the project was to repurpose older hardware that’s effectively end-of-life. These WatchGuard units don’t receive modern updates anymore, and the locked-down BIOS + outdated defaults make them pretty limited in their stock form.
Running OPNsense on them brings them back to life as fully functional, up-to-date firewalls for lab or even light production use. That’s kind of the spirit of homelabbing—learning, experimenting, and getting more value out of hardware that would otherwise be e-waste.
If it’s not your use case, that’s fair enough—but for people looking to reuse this gear, it’s a pretty practical option
-
@KR0311 you understand this is pfsense board, not that other one you posted..
Be liking heading over to the MS boards and posting how to install linux, or on the ubuntu boards on how to install fedora..
-
@johnpoz
Ahh yeah, fair point on the forum focusI posted it here mainly because it’s the same class of hardware people often use with pfSense as well, and the main challenges (locked BIOS, SATA/AHCI issues, boot quirks) apply regardless of which BSD-based firewall OS you end up running.
Figured it might still be useful to anyone trying to repurpose these units in general—even if they go the pfSense route instead.
If it’s better suited elsewhere though, happy to move it
-
@KR0311 I don't have an issue, but would be more suited if you showed how to install pfsense, or used it as your example ;) You are in the the correct section I would think - and pretty sure others here could be interested in using such hardware.. Just found it ballsy to use that as your example - hahahah
-
@johnpoz
Haha yeah that’s fair
To be honest I went with OPNsense mainly out of habit, but the process itself should translate pretty closely to pfSense as well given it’s the same underlying quirks with the hardware.
If there’s interest, I could spin up a pfSense install on it as well and document that side
-
@KR0311 said in WatchGuard XTM 5 – Full Repurpose Guide (BIOS Unlock + OPNsense Working):
I could spin up a pfSense install on it as well and document that side
I would think that would a better example for use here sure.. I do know there been posts about how to install pfsense on different types of hardware, the watchguard devices I am pretty sure I have seen discussed before.
When you do that - post it over on their forums ;) hahah
edit: quick search does show threads related to the xtm 5 for sure
https://forum.netgate.com/search?term=WatchGuard%20XTM%205&in=titles
-
Mmm, I assume pfSense also runs fine there. It does for me.
-
@stephenw10 said in WatchGuard XTM 5 – Full Repurpose Guide (BIOS Unlock + OPNsense Working):
Mmm, I assume pfSense also runs fine there. It does for me.
As does mine..
