Watchguard



  • ebay, ebay, ebay.  I've tried looking around, unless you get Extremely lucky to find one in your local classifieds like I did when I found my first one, ebay it the place.

    Set up a saved search for "watchguard firebox" it will e-mail you every day with the new listings that have come up in the last 24 hours.

    Remember, the X500, X700, X1000 and X2500 are all the same hardware.



  • I don't get the pricing really. I spent 300 on a like new x700 - has original box, return policy, the box has no cosmetic damage, etc.

    That was yesterday. Today, I found a x1000 for 85 bucks, I jumped on it. Should of waited a day I guess. Oh well, maybe I can make a profit on the x1000 with pfsense loaded on it. Or, keep it as a second router ;).



  • I'd pay as little as possible.  The downside to the WG firewalls is the LiveSecurity service is expensive if you're paying out of pocket and WG seem to be getting increasingly restrictive about software loads being tied to active LiveSecurity agreements (ie, it's not enough to have the new software, if your LS isn't active it won't upgrade).

    I like the "core" series (19" rackmounts) themselves – I work for a reseller and have installed nearly a hundred of them in the past five years and have worked on them for at least 10 years.  The smaller boxes I like less; the web GUI is dog slow, especially with XTM, and throughput isn't great for what you get.



  • @mobocracy:

    I'd pay as little as possible.  The downside to the WG firewalls is the LiveSecurity service is expensive if you're paying out of pocket and WG seem to be getting increasingly restrictive about software loads being tied to active LiveSecurity agreements (ie, it's not enough to have the new software, if your LS isn't active it won't upgrade).

    I like the "core" series (19" rackmounts) themselves – I work for a reseller and have installed nearly a hundred of them in the past five years and have worked on them for at least 10 years.  The smaller boxes I like less; the web GUI is dog slow, especially with XTM, and throughput isn't great for what you get.

    Most of us don't care about the system itself, as we plan on installing pfsense on it.



  • The ebay sellers don't realize that the scrap they're selling is worthless with the WG sfotware installed.  Without the contracts and software to back it up with WG, they are less than useless as firewalls.  The sellers are either ignorant of this or trying to scam you.

    You should be paying for hardware only on these unless they are offering keys etc..  even if they are selling keys I'd think twice about it since there's a fairly involved process to transfer keys and WG could easily lock you out of the services if they don't get transferred right.  Also avoid key tansfers for discontinued equipment like the X Core/Peak series.

    That being said, the hardware as an engineered unit should technically cost more than an equivalent PC when you piece it together, but the glut in the market and their useless software make it trash to anybody other than people like us.  They're not going to be able to unload any of the X (CORE) series equipment for more than $75-$100 if the buyer is A) patient and B) familiar with the ebay grey market. –just watch EBAY for a few weeks, you'll see what I'm talking about.

    Also, I wouldn't buy unless they post a picture of the unit they're selling, not some stock picture.  They also should have a return policy and you should ask questions before you bid/buy, I usually ask if the waranty sticker is broken.  I would dislike receiving a unit without the crypto card or RAM or something like that, so be careful.

    Hope this helps!
    --James



  • James, thanks for the comment.  I just picked up a x500 with passwords for the OS.  My plan is to migrate my pfsense firewall VM to the watchguard x500.

    I going to tinker with it a little to see what can be done.  If I can maintance the orginal OS by using a different flash card I going to do that.  I am pretty excited about getting the unit.

    Since it will run PFSENSE, it should be able to handle m0n0wall, and possibly FREENAS with 6 interfaces.  It should be interesting to see what can be done with this little unit.

    RC



  • @fastcon68:

    James, thanks for the comment.  I just picked up a x500 with passwords for the OS.  My plan is to migrate my pfsense firewall VM to the watchguard x500.

    I going to tinker with it a little to see what can be done.  If I can maintance the orginal OS by using a different flash card I going to do that.  I am pretty excited about getting the unit.

    Since it will run PFSENSE, it should be able to handle m0n0wall, and possibly FREENAS with 6 interfaces.  It should be interesting to see what can be done with this little unit.

    RC

    This one perhaps? http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=200474005205



  • That was the unit I got off ebay.  It should get to me sometime this week.  Looking forward to it.
    RC



  • The first X700 I bought was from a local guy out of the classifieds, he didn't know the passwords, but I was able to reset the system configuration (There's a factory-reset partition on the original CF) and the password.  I connected up with some software I got from bit torrent, and sure enough, I could get the firewall rules to work (wish I'd done more testing to see the exact capabilities) but I couldn't get some of the licensed features to work.  Those licensed features like IPSEC etc were the main reason for the device, so I ditched the system and found PFsense..  I haven't looked back.



  • kind of a silly question…but all thing being equal (hardware and all) if you had to choose between PFsense and the stock configuration (set up the same way you would set up PFsense, stock meaning what ever software came from the manufacture of the firebox) which would you prefer? would you use the stock firebox software or would you use PFsense?



  • @jaime:

    kind of a silly question…but all thing being equal (hardware and all) if you had to choose between PFsense and the stock configuration (set up the same way you would set up PFsense, stock meaning what ever software came from the manufacture of the firebox) which would you prefer? would you use the stock firebox software or would you use PFsense?

    Well depends on how you want to look at it. If you want free, pfSense for sure. The Watchguard software isn't great, but if you are willing to pay for it's license for whatever features you want, it does provide UTM features which pfSense doesn't. I'd pick an open source UTM OS before Watchguard's any day though.



  • I'll throw in my two cents here too.  It really does depend on what you're using it for.  I'm using it for lab/home network/plaything, PFSense can't be beat for my purposes, and probably a lot of others too as I see a lot of people leaning towards nanobsd and small scale applications.

    I've heard a lot of people on these boards using it for business purposes.  Admitedly, I haven't seen either perform in a business setting, but I've seen SNORT running on linux platforms in business settings, and I've seen business orgs that wouldn't even entertain the idea of having opensource in their network.

    My personal opinion leans towards using the opensource projects and follow it up with an in-house development team for business applications, it sure beats being at the mercy of watchguard for updates, bug fixes, and vulnerability announcements.  Then again, I'm a technology purist that doesn't believe in turn-key solutions.  If you want it done right, you have to do it yourself.  A lot of comanies just can't fit that mentaility into their business model.

    If I were to go with a proprietary solutions, it has to gain my trust.  I haven't enough experience with watchguard software to know if it's worth my trust, but I have already evaluated other products critically that I'd go to first.



  • If you are going to be bidding on it, then it is defiantly something to watch. If you are doing the buy it now, the prices are around 300. What I don't understand is why there are sellers out there listing the prices 400 + to 700 all the way to a grand. I was happy with the 300, and I also had a paypal voucher which helped, works for me. I did not want to setup another system just to run a firewall, and I wanted something rackable, and I always liked these systems with pfsense on it. The 85 dollar buy it now x1000 was just a plus, if I can run a UTM on it even the better, again I do not want to build a system to do that either.



  • My Plan for this is to get my workstation back.  I am running VMWARE and PFSENSE.  I really want to get this up and running.  I have been using PFSENSE for serveral yars now and m0n0wall before that.  I perfer PFSESNE over m0n0wall due to being able to install packages and customize your firewall like you want and need it to be.

    I been reading the forum and kinda want to get a rough idea on what, I am in for doing the installation.  I like to keep the orginal flash if possible, so I can plan with the watchguard software.

    RC



  • @fastcon68:

    My Plan for this is to get my workstation back.  I am running VMWARE and PFSENSE.  I really want to get this up and running.  I have been using PFSENSE for serveral yars now and m0n0wall before that.  I perfer PFSESNE over m0n0wall due to being able to install packages and customize your firewall like you want and need it to be.

    I been reading the forum and kinda want to get a rough idea on what, I am in for doing the installation.  I like to keep the orginal flash if possible, so I can plan with the watchguard software.

    RC

    Embedded route:
    1. Get a new CF/Microdrive
    2. Copy the embedded pfSense image over to your CF
    3. Switch out the current CF drive with your new one
    4. Power on Firebox
    5. Connect to com with 9600/8/1/N
    6. Configure pfSense

    Full Install:
    1. Get some sort of new storage media and the correct cables (microdrive, laptop ide cable for a laptop drive, etc)
    2. Install pfSense with your new media on a different computer with a cd-rom drive and vga port.
    3. Select embedded kernal
    4. Remove Watchguard CF drive
    5. Connect new storage media
    6. If storage media is greater than ~8gb you will need to get a PCI video card and a correct PS/2 keyboard port to connect to the board, go into BIOS and put your drive in CHS mode, and set heads to 2.
    7. Power on Firebox
    8. Connect to com with 9600/8/1/N
    9. Configure pfSense



  • In some of my research there is a usb port in the front of the case behind the face plate.  Can I use that if there is a USB port?
    RC



  • The bigger X Peak gear, (x5000, x8000 etc..) have USB ports on them, I've been discussing them in another recent topic here on this board, they don't seem to take bootable drives however, but you probably can use them to collect logs and such, or even an ethernet adapter/WLAN adapter would work in there.



  • @fastcon68:

    In some of my research there is a usb port in the front of the case behind the face plate.  Can I use that if there is a USB port?
    RC

    If I remember correctly while working on my x500,x700,etc core watchguards they don't have the ports soldered on, but the solder points are there and the chips are on the board for USB to work. I'm out of town so I don't have any of mine nearby, but I believe that's the setup on the core gear.



  • It's up and running.  I just trying to find the magic combination to get the LCD working.  I loaded the LCD package on the nano image and it's not working.

    What have I missed,  I going to start migrating all my connections to it as soon as I get my lcd working.

    I use open vpn and ipsec with 256 meg of ram I know I am going to be limited.  What issues might I run into?  I have 4 tunnels and I only bring them up and down as I need to provide support.

    Any thoughts?
    RC


  • Netgate Administrator

    You can't use the LCD package, you have to install the watchguard specific driver. See the firebox LCD thread.

    Steve


Log in to reply