Where there’s smoke…
As you folks have read I am using a WatchGuard XTM 5 Series as hardware firewall with pfsense. After running this in production for quite a while now I come to the conclusion that I can really, really recommend this setup. It is rock solid and working like a charm. This does not need to fear any commercial high end (and high cost) appliances out there.
Quick disclaimer: This howto is intended for the seasoned SysAdmin. There is no hand holding on installing pfsense or how to install or remove hardware. You’ll only get the pointers in this howto. I doubt beginners will buy and maintain hardware firewalls. Also this will void your warranty. But since the XTM5 are legacy production anyway you probably are not covered by any warranties anways.
Not only does this run pfsense without major modifications, it also is highly mod-able with lots of goodness. The default configuration of the XTM5 are as follows:
- Celeron 440 2GHz CPU
- 1GB of Ram
- 1x 100Mbit Port
- 6x 1gb Port
- Onboard CF Card Slot
By default the XTM boots from its internal CF Card that you could use to flash pfsense on it. But we do not want amateur level Firewall, we want a real trusted one. But before we get into modding the XTM, let me share some word of advice regarding what Model you want to get your hands on. You want a XTM 5 Series, period. The Series 5 comes in several models itself: