Overview

A WatchGuard® Firebox® M370 firewall was purchased with the intention of repurposing the firewall for production use, even if only the standard feature installation. At the time, the Firebox® M370 series firewall was considered current; and, as of the date of this website, remains supported. Based on what was shared by the second-hand retailer, the device was not activated, and required activation with WatchGuard®. However, that's where the issues began. The device purchased was originally paired with another Firebox® M370 firewall as a high-availability configuration. What this meant was - both firewalls, not one - were required for activation. As we had acquired only one firewall (and not both), activation was not possible, as WatchGuard® was unable to provide any support whatsoever. Thus, the search for an alternative solution.

Recently, it was discovered that several models, both current and long-ended, are supported by both pfsense® and opnsense®. Depending on the architecture, specifically the system processor used, would determine if it would require minor, or significant, customized configurations for the use of a non-Fireware® operating system. Further research indicated that the M370 series was a strong candidate for "OS reassignment".

As of v25.1, based on our research and analysis, we discovered that installation of the opnsense® v25 firewall operating system was not only possible, but could be seamlessly performed with minimal issues. Our decision for using opnsense® was based on the principle of free and open source software for both personal and commercial use. pfsense® once knew this, but is quickly moving more towards a commercial (as opposed to free, open source) model. This has upset the open source development community. Our organization still strongly believes in the availability of free and open source software for any use, and is committed to`both encouraging as well as supporting this philosophy.

Hardware Specification

By default, the firewall's base architecture consists of a minimum of 4 GB of RAM memory and 16 GB of an mSATA SSD drive.

The equipment above can be upgraded to 8 GB of RAM memory; larger capacity mSATA SSD cards may be substituted from the original 16 GB card. For this project, we used a 64 GB capacity mSATA SSD card made by 'Transcend' (same one used by WatchGuard®). These drives are reasonably priced starting as low as $20 and going upwards to $100-120 for nominal capacities. They may found at many popular online stores such as Amazon or eBay.

Useful Tools - SSD Drive Adapter

   

The mSATA to USB adapter is manufacturered by 'ELUTENG', and costs around $20-25 per unit. It may be found at many popular online stores such as Amazon or eBay.

   

The adapter DOES NOT include an enclosure. If you want an adapter with an enclosure, the (estimated) cost will double to around $40-45 per unit.

Useful Tools - Small Screwdriver

   

A small Phillips screwdriver is need for the mSATA SSD card.

Useful Tools - Small Clamp

   

[OPTIONAL] Not required; but, if you have difficulties working with very small parts, using a clamp to hold onto the screw while tightening it can be helpful.

WatchGuard Firebox M370 Firewall

Front 1


Front view of the firewall.

Front 2


Leftmost RJ-45 connector is serial main console, 2 USB ports, followed by 8 RJ-45 ports; PORT 0 is typically for WAN, and PORT 1 through PORT 7 for LAN.

Top 1

   

Use the small Phillips screwdriver to remove the following screws:

  • 3 (or 4) screws for the LEFT ear;
  • 1 screw for the LEFT side;
  • 3 (or 4) screws for the RIGHT ear;
  • 1 screw for the RIGHT side; and,
  • 2 screws for the REAR side

Top 2

Once all of the screws are removed, and both ears have been removed, the top cover, which bluntly slides over a slightly notched metal shelf extended from the front of the chassis, can be removed by pushing the top cover backward. Using the tip of a non-Phillips blade screwdriver at the front bezel, gently nudge the gapped portion where the top cover meets the top portion of the chassis backward towards the back of the chassis.

The top cover should nudge slightly.

Once there's a slight gap, gently pull from the rear of the chassis cabinet backward towards you.

Top 3

Once successfully pulled off - congratulations - you now have access to the internals of the firewall...!!!

Motherboard Version

The model and version of the motherboard should be clearly and plainly visible.

Storage

Storage is made by 'Transcend'. It is a 64 GB capacity mSATA SSD card.

Memory



The RAM memory is made by 'Transcend'.

Remove Card

Remove the mSATA card from the motherboard, then install onto the USB adapter. This is where opnsense® will be installed.

Install Card

Computer Used


The computer used to install opnsense® is a Hewlett-Packard ProDesk 600 G1 Mini. With 4 to 8 GB of RAM, a fairly fast processor, and no drive, these units usually sell for approximately $30-40.

Installation



Ensure that there are no internal drives. The USB adapter containing the mSATA SSD card is the destination, and the USB flash drive is the source as installed in one of the front USB ports.

Startup

   

Select the USB flash drive (not the mSATA SSD USB adapter).

 

   

During the startup, the familiar startup splash page should be visible.

Verify Drivelight is ON

The drive light indicator should illuminate indicating that the operating system recognizes the mSATA SSD USB adapter.

Login to Install

   

Login with the user ID 'installer', and password 'opnsense'.

Select UFS Filesystem

   

To install opnsense® onto the mSATA SSD card, select "UFS GPT/UEFI Hybrid" - NOT "ZFS GPT/UEFI"; this installation will only work with "UFS" as the selected filesystem type.

The process should begin indicating its progress. Estimated time to complete initial stage of cloning is approximately 2 minutes.

Select the Destination Drive



Select the mSATA SSD card identified as "ASMT 2115 0"; accept default swap partition size, and press "YES".

Cloning ISO and Installation


The cloning process will begin, taking several minutes to copy the ISO image from the USB drive onto the mSATA SSD drive.

Set 'root' Password and Reboot



Select the first option, and set the 'root' password. Once done, the menu will popup again, to which select the second option, and the system will reboot.

Rebooting




You are given a chance to abort the reboot in case you might've forgotten something, and can easily press ; otherwise, allow the reboot to continue. Once done, you should see the familiar login screen again. Login as 'root'.

Checking Serial Ports

Enter the 'Shell' by selecting Option #8.


Ensure that ALL SEVEN (7) serial ports are active.

Manually Set Your IP Address



Manually set the IP of your connecting device to the same subnet as the opnsense® device. For this example, the IP address used was '192.168.1.10'. Once set, confirm that you can access the opnsense® device via ICMP 'ping'.

CONGRATULATIONS!!!

YOU'VE DONE IT!!!

Initial Web Access



The Firefox browser was used for accessing the opnsense® device; use whatever you feel comfortable using. The TLS certification will appear as invalid; adjust accordingly, and accept the risk warning presented to you from the browser.


And...VOILA!!! You NOW have access to your opnsense® device via web UI on your very own WatchGuard M370.

Login using the 'root' password that you had set previously during installation, and now begin your installation. If, for any reason, something were to fail, simply repeat the entire process over again; the amount of time consumed should take roughly 30-45 minutes. And...if there are no errors, configure your opnsense® firewall as to how you see fit based on instructions provided by opnsense®.