Watchguard Firebox 700



  • has any one change the OS to pSense on an old watchguard Firebox 700 I have 2 collecting dust and I would like to configure at least one with pSense firewall, I have tried all kind of hardware firewall and of course not exceeding the $ 400.00 US cost, I know you probably saying I am cheap but for the usage I think is worthy. My network consist of 8 windows users (XP pro and Win 7 Pro) as workststations and 3 windows servers (1 Win 2008 Standard 64bits) (2 Win 2003 Standard 64bits) one win 2003 server for MS-SQL use only, 1 win 2003 for file sharing and 1 win 2008 for IIS Intranet hosting as of now I have the netgear 308g 1gigabit firewall which replaced not long ago a Cisco Linksys 400.

    PS: the Watchguard Firebox 700 is not the Firebox X700 it just the plain Firebox 700 I just wanted to clarify that.

    Any Help will be appreciated.
    Thanks


  • Netgate Administrator

    PfSense will run on it, it's x86 hardware, but it's at the bottom end of what's useful.
    You will need to upgrade the ram to an absolute minimum of 128MB, 256MB is far better. I believe that box had 64 as standard. The watchguard OS is stored in on board flash but it's very small (8MB) so you'll need to add a boot drive of some sort.
    You might consider m0n0wall as a better fit for that platform.
    https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#Firebox_II_and_III

    Steve



  • @netstair:

    PS: the Watchguard Firebox 700 is not the Firebox X700 it just the plain Firebox 700 I just wanted to clarify that.

    As Steve pointed out, these boxes are somewhat on the low end of the spectrum, but are definitely workable. Basically, they perform just fine for basic firewall, routing, IPv6 tunelling, and even lightweight OpenVPN* servers in the context of your average home bandwidth. I have had a Firebox III running in "production" for what seems like an insane uptime of well over a year.

    I happen to run the open source Vyatta distribution, but I see no reason why pfSense would not work. The box was also popular for a while with the DD-WRT folks, but the thread there seems to have been archived.

    Basically, you need to upgrade the RAM. Then you need a flat laptop IDE cable and an IDE to CompactFlash adapter. Then you can image whatever you want on a CF card. Also, you might need to go into the BIOS and update the drive geometry. That requires an old VGA card and a keyboard adapter for motherboard. Fortunately, this explains it well:

    http://www.dd-wrt.com/wiki/index.php/Watchguard_Firebox_II

    When it comes to the front panel, some guy wrote code for it  ;). Can't beat the light show these boxes offer.

    https://github.com/fmertz/fbled

    If the box has been in use for a long time, expect the fan to be on the noisy side. Also, some of the boxes have USB on the motherboard, but no cutout in the enclosure. You can cut an opening yourself. USB 1, though, and probably not entirely problem-free. From memory, the interrupt handling is shared with another device. The serial port works fine. One last thing: the box needs to be looked at as a PC, so if you want to connect to it directly with an (older) PC, you might need a cross over Ethernet cable, unless your PC has auto sensing.

    • The box has a built-in crypto chip. It is pretty old but somewhat supported. I played around in Linux for a bit, and it seemed to accelerate crypto functions quite a bit. In addition, even if it does not really accelerate anything, it is still work the CPU does not have to do. Not entirely straightforward to setup in Linux, partly because the code available for the chip is geared towards BSD, which might make pfSense a better choice after all.

    Good luck, keep us posted.



  • The WG III series has some problematic hardware. The NICs don't report their MACs properly with the FreeBSD driver, and the disk controller is quirky. I used to run m0n0 1.2x off the onboard flash, but it required replacing the kernel with a patched version to avoid it hanging on boot. When I tested it years ago with FBSD 7.x and early 8 builds, the box would still hang when it was identifying the onboard flash. Some people have reported success with recent versions of nano and newer builds generate bogus MACs when the driver can't get them. An old PC is not as nice looking or quiet, but would involve much less frustration.



  • Is there a business or someone that I can hire to apply the pSense and upgrade my Watchguard 700 make it workable and ready to be used.

    Thanks


  • Netgate Administrator

    Unless you have the parts already it's not going to economical to do that.
    You can pick up a much newer, faster and easier to convert firebox for peanuts on Ebay.

    Steve



  • Here is something I ran across just now:

    http://www.ebay.com/itm/pfSense-2-1-Release-DIY-Watchguard-Firebox-R6264S-Conversion-Kit-X500-X700-X1000-/221283494669?pt=US_Firewall_VPN_Devices&hash=item3385862b0d

    pfSense 2.1 Release DIY Watchguard Firebox R6264S Conversion Kit X500,X700,X1000

    Not really sure if it's worth it since better off with newer WatchGuard hardware with less hassle.


Log in to reply