This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HOWTO: UTM9 home on a Watchguard XTM5 Series

I got my hands on a Watchguard XTM505 as they're now EOL and decided that I liked UTM more than pfSense (DPI included for one) so did some research on how I could install it.  Noticed that there was some interest online but either no-one had done it, or had but hadn't shared the experience, so I've put together this guide in case anyone else wants to do it.  It's nice to share.  I have to say, it's quite an elegant solution once it's all said and done.

Ironically, I had to install pfSense to flash the BIOS but otherwise was a pretty straightforward install.

So onwards as follows;

Pre Reqs:

  • 1GB or bigger CF card (I used a SD>CF adapter as I only had SD cards)
  • Upgraded RAM to 4GB (Might get away with less)
  • Upgraded CPU (I used an Intel E5700, £3 on eBay!)
  • SATA HDD/SSD (I used an Intel SSD I had lying around. Will probably replace it with a 60GB KinDian SSD from Amazon as they're only £15 and get pretty decent reviews)
  • Console cable (115200,8,N,1)

Note that I initially installed this on the standard hardware (1GB RAM) and a 60GB 5400rpm HDD but found it to be quite laggy. 1GB definitely isn't enough and I wan't sure the HDD was good enough to keep up once all the protections were enabled. I'm not going to use the web cache feature so I think SSD is the way to go.

Useful links for technical reference: 

First install pfSense!

https://alpha-labs.net/2017/08/pfsense-on-watchguard/

Follow up to the “Watchguard Configuration” section as we only need to get to the point that the BIOS has been re-flashed with an unlocked version.  Make sure you remove the CMOS battery and unplug for about 30 seconds after confirming that the BIOS update hasn’t created a nice red brick.

Summary of commands to update the BIOS;

Boot pfSense then select option 8 for a shell.

pkg install flashrom

rehash

fetch https://misc.alpha-labs.net/pfsense/xtm5_83.rom

flashrom -p internal -r backup.rom

flashrom -p internal -w xtm5_83.rom

To install UTM9:

  • You need VGA output as the UTM installer outputs gibberish to the console. I used a breadboard to junction the Green, hsync, vsync and ground pins on J9 to a VGA cable. Feel free to wire up all 3 colours. but you don’t really need them.
  • Attach a USB keyboard
  • Power on and go in to the BIOS and disable always boot from CF. Also tweak as required.
  • Use Rufus to flash the UTM ISO to a bootable SD/CF (Tried using Etcher on my Mac but it didn't boot)
  • Put the card in the XTM and boot to the UTM start screen
  • Press ALT F2 to get a shell
  • Find the drive containing the ISO image
    • dmesg | grep sd (or sda…sdb…etc) (Will probably be sda)
  • Mount the drive into /install [mount /dev/sda1 /install] (or whichever drive “sd” number you got from the previous step)
    • Verify that the correct drive is mounted by typing [ls /install/install] It should show "install.tar" among other things
  • ALT F1 back to the installer and install as normal
  • Enjoy your new Watchguard UTM Appliance!

The only thing that irks me is the BIOS image puts “pfSense v1.8” on the LCD and I don’t know how to change it. :(

Also, the XTM5 has a Cavium 1605 SSL/IPsec accelerator card but I don't know if UTM9 supports it. Anyone know?

VGA Port connection (The VGA pins are relative to looking at the male connector end, not the solder side. 1 is top left)

J9 Header Pin

VGA Connector Pin

1 - R

NC

2 - R GND

NC

3 - G

2

4 - G GND

7

5 - B

NC

6 - B GND

NC

7 - HSYNC

13

8 - KEY

NC

9 - VSYNC

14

10 - GND

5

11 - DD_DATA

NC

12 - DD_CLK

NC

Hope this helps! :)

D



This thread was automatically locked due to age.