Watchguard Firebox M400 is going out of support in June 2023, so there might be an influx of these devices into the secondary market. In our opinion, this device is perfect for OPNsense nano...
The M400 is a very straightforward x64 device (we believe it is actually made by Lanner, probably one of their FW-7xxx products). Out of the box, the device we snagged had the following:
- Processor: Intel Celeron G1820
- RAM: 4 GB
- Storage: 4 GB CF card
- Networking: 8 x Intel i210 (6 x RJ-45 + 2 x SFP)
We were unable to access BIOS, but we didn't try all that hard. Our plan was to just replace the CF card with stock firmware with a CF card with OPNsense nano. And that plan worked perfectly. OPNsense started without a problem, recognized all eight ports, and otherwise behaved as expected. (Incidentally, the only management interface on this device is the serial console, operating at 115200 bps.)
To improve the device's performance in VPN applications, we replaced the stock processor with Intel Core i3-4330.
And then, there was the Arm LED... :) With stock firmware, it lights up red at boot, but eventually switches to green. With OPNsense, it remains red. So we had to hunt down and press into service a utility developed by a Netgate developer some time in 2020 specifically to manage the potentially errant hardware on Watchguard devices. Here's how it goes.
Log in to the router over SSH or console. Change to /root if you're not there already:
cd /rootDownload the WGXepc64 utility:
fetch https://github.com/stephenw10/WGXepc/raw/master/WGXepc64Make it executable:
chmod +x WGXepc64Go to the startup script location:
cd /usr/local/etc/rc.syshook.d/startOpen a script file for editing (we called ours 99-greenlight to tell OPNsense to run it last, after 95-beep):
vi ./99-greenlightPut these lines into the file:
/root/WGXepc64 -l green
/root/WGXepc64 -f 20The first line switches the Arm LED to green. The second line sets the default fan speed to 20 (or any hexadecimal number between 00 and FF you put in; the default, set in BIOS, is 3C).
Save and exit. Then, make the script executable:
chmod +x ./99-greenlightReboot to verify everything's working. After the bootup completes with a beep, the Arm LED should turn from red to green and fan speed should drop from the default 3C to 20.
And a note on the family
The M400 has a bigger sibling, the M500, which, we suspect, should be about as easy to wrangle as the M400 has been. There are also junior siblings, M200 and M300, but despite the similarity of looks, they are not x86, but rather Freescale, so they cannot run OPNsense.
