WatchGuard Firebox X500 – pfSense Hack

Overview

I’ve been using pfSense for a few years but almost always on a dedicated PC or a virtual machine. For a while now I’ve been toying with the idea of getting pfSense running on an actual firewall box. The advantage of running it on an actual firewall is twofold, size and power draw. Plus, it’s common hardware, easier to develop.

I picked up this WatchGuard Firebox X500 Core from Kijiji. Price was great and best of all the guy was about 5 minutes away from me.

As soon as I got home I wasted no time taking it apart. Removing the final screw behind the Void Warranty sticker was quite satisfying.

The interior guts of the firewall. Ugh. Disgusting filthy inside, must have been running in some crappy closet.

Some good blasts of air and it looks much better. Now to analyze the components. The WatchGuard Firefox is essentially just an x86 PC. The motherboard implements Intel 815 Chipset.
It comes with an Intel Pentium III based Celeron M 310 1.2Ghz as its processor. There’s a possibility of upgrading this CPU to a faster processor like the SL8BA,SL8BG Pentium M 1.7Ghz or SL6N5 LV version of Pentium M 1.7Ghz. The firewall comes with 6 10/100Mbit Ethernet Ports. These ports are driven by on-board Realtek chips. Even though one of the ports is designated as WAN, in pfSense any port or combination of ports can be used for WAN functionality.

The Firebox also comes with 256MB of PC-133 Non-Ecc Memory. The chipset supports up to 512MB so I asked around and a buddy of mine happened to have a few 512MB sticks.

Had to break another seal, another proof of voided warranty.

10 thoughts on “WatchGuard Firebox X500 – pfSense Hack

    • Just read your article, superb, i’ve got an x500 but it is refusing to boot up, there is just one line of black squares on the LCD screen and the onboard speaker is making a long buzzing sound, just wondering what it could be? I have replaced the RAM module but still no luck.

  1. Nice articles on the Watchguard boxes. I’ve used pfSense for years, but I’m new to the WG platform. I have a question regarding CPUs on the x-core boxes…According to the pfSense forums:

    The board supports a wide range of socket 370 processors. The fastest being the Pentium 3 at 1.4GHz, SL5XL or SL6BY for example.

    Did you ever try upgrading the CPU on the x500 or confirm whether it will accept any of the processors you mention in the article?

    • No. I ended up not spending too much time on the x500. Was not too impressed with the Realtek NICs and its performance. Ended up donating the box to a family member running ZeroShell as it was the most stable option.

  2. It seems that after switching to pfsense on a firebox, my download has declined to 7 mbit/sec.
    Unfurtunately I’m a pfSense novice, and I cannot figure out how to test the speed between two interfaces.
    I have my NAS (eth1) hooked up to the lan and NAS (eth2) to the DMZ on the firebox, this beeing on two different subnets (192.168.1.x and 192.168.2.x). Still it all traffic is routed to eth1 on the NAS, even if I connect on 192.168.2.x from the lan.

    Is there an easy way to acces ip’s on the DMZ from the LAN?

  3. I have an x700, which is supposed to be the same motherboard as the x500. I keep seeing people suggest the x750e BIOS for the flash, but the 750e hardware is completely different hardware and chipset.

    Which BIOS did you use? Did you actually flash it, or did you just reset the BIOS? Did your BIOS flash include porting BIOS / video through serial or just the CF limitation removal?

Leave a Reply