pfsense on watchguard

Where there’s smoke…

As you folks have read I am using a WatchGuard XTM 5 Series as hardware firewall with pfsense. After running this in production for quite a while now I come to the conclusion that I can really, really recommend this setup. It is rock solid and working like a charm. This does not need to fear any commercial high end (and high cost) appliances out there.

Quick disclaimer: This howto is intended for the seasoned SysAdmin. There is no hand holding on installing pfsense or how to install or remove hardware. You’ll only get the pointers in this howto. I doubt beginners will buy and maintain hardware firewalls. Also this will void your warranty. But since the XTM5 are legacy production anyway you probably are not covered by any warranties anways.

Not only does this run pfsense without major modifications, it also is highly mod-able with lots of goodness. The default configuration of the XTM5 are as follows:

  • Celeron 440 2GHz CPU
  • 1GB of Ram
  • 1x 100Mbit Port
  • 6x 1gb Port
  • Onboard CF Card Slot

…There’s fire

By default the XTM boots from its internal CF Card that you could use to flash pfsense on it. But we do not want amateur level Firewall, we want a real trusted one. But before we get into modding the XTM, let me share some word of advice regarding what Model you want to get your hands on. You want a XTM 5 Series, period. The Series 5 comes in several models itself:

Read More

Fedora 23 and fwbuilder

Fedora & Fwbuilder

For both work and private entertainment I have been using fwbuilder, a graphical clicky-clicky firewall configuration tool that totally rocks when you have a shitload of servers to manage. Added a new trusted ip? net? *click*, done. And by deploying the rules with puppet it’s a breeze and almost fun.

As only of recently I began using Fedora (both vanilla and kde spin) as my workstation OS, and so far I like it. Before that I have been using Ubuntu 12.04 LTS since it came out. But it was aged and the upgrade kind of failed (ati, *cough*).

So back on my new and shiny Fedora Station I typed the magic words:

~ $ sudo dnf install fwbuilder
Last metadata expiration check: 2:05:43 ago on Tue May 3 13:21:44 2016.
No package fwbuilder available.
Error: Unable to find a match.

Yikes! Fwbuilder is not in the main repo. I googled and it turns out fwbuilder was removed back in Fedora 21, running 23 any hope of using a 21’ish rpm is gone. Tarball of binaries? No. Nothing.

rpmfind et all does not yield any sort of result. So we need to get our handy dirty.
Read More