"
Hi. I thought it may be useful for someone else to hear about my experience with installing OPNsense 22.1.2 onto an old WatchGuard T70. This device has a 1.6GHz Intel Celeron N3160 CPU, 2GB RAM (I know on the small side and it cannot be upgraded) and 16GB mSATA SSD. It has 8 x 1GB ports. However please note only ports 0, 1 and 2 work with OPNsense - Ports 3-7 from what I have read are proprietary switch ports. There is a way to get them working as a basic switch and you can read about it from the links provided below.
I used the following from the pfSense forum as a base to know it was possible / get started. It's a good resource for anyone interested giving it a try: https://forum.netgate.com/topic/151470/watchguard-firebox-t70
Parts required to get this to work
- WatchGuard T70 and power supply
- Very small Torx screw driver to remove screws from case - I believe it is a T6. The one I used was a T6H
- Cisco console cable
- If you don't have a serial port in your computer, a USB to serial adapter
- SATA disk with power - used temporarily for installation purposes
- mSATA to USB or Optionally a larger blank mSATA drive
The steps I took were:
- Downloading the OPNsense image file: https://opnsense.org/download/ Select AMD64 and Serial as the image type
- Extract the img image file from zip
- Get a copy of HDD Raw Copy. You can get the portable or installable copy from here: https://hddguru.com/software/HDD-Raw-Copy-Tool/
- Use HDD Raw copy to copy the img file onto a the temporary SATA disk. I used a SATA SSD
- Remove case from T70 and remove the mSATA SSD. Connect mSATA to PC. Took a backup via HDD Raw Copy. Wiped the drive (without wiping the disk, the WatchGuard will try to boot from this disk first)
- Install mSATA back into WatchGuard
- Connect temporary SATA disk with OPNSense image to SATA port. Connect power to SATA disk (I used spare PC power supply)
- Connect console cable to console port on T70 and fire up Putty or other terminal emulator. Set serial port to be: BPS=115200,Data Bits=8,Parity=none,stop bits=1, flow control (none)
- Power on WatchGuard. You should see the BIOS / boot process happen in terminal emulator. OPNsense runs in live CD boot mode by default. To install to the mSATA disk login to OPNsense with username: installer and password: opnsense
- Follow the prompts and it will install to the mSATA
- Once complete. Power down the T70 and remove the temporary SATA disk
- Power on the T70 and it should boot from the mSATA as a fully installed instance
- You can now connect ethernet port of computer to port 0 in device to configure via browser on address: https://192.168.1.1 Default username: root Password: opnsense
You can reconfigure the interface order to match the labelling on the WatchGuard by going to Interfaces - Assignments. I have LAN set to be interface igb1 and WAN on igb0
I have upgraded the firmware to the recently released 22.7 from the web interface.
So far performance has been great. I don't have a very complicated setup. Internet is an odd 100Mb/5Mb FTTP with PPPoE. I get over full speed in speed tests ` ~103/6Mbps. I have basic IDS enabled in monitoring mode, 2 VLAN's and WireGuard VPN configured. The CPU has not been stressed . I have seen the RAM go into the 1.5GB range whilst testing. However, whilst writing this the uptime is around 3 days and RAM is sitting at a low 34% (651/1913MB)
I used the following from the pfSense forum as a base to know it was possible / get started. It's a good resource for anyone interested giving it a try: https://forum.netgate.com/topic/151470/watchguard-firebox-t70
Parts required to get this to work
- WatchGuard T70 and power supply
- Very small Torx screw driver to remove screws from case - I believe it is a T6. The one I used was a T6H
- Cisco console cable
- If you don't have a serial port in your computer, a USB to serial adapter
- SATA disk with power - used temporarily for installation purposes
- mSATA to USB or Optionally a larger blank mSATA drive
The steps I took were:
- Downloading the OPNsense image file: https://opnsense.org/download/ Select AMD64 and Serial as the image type
- Extract the img image file from zip
- Get a copy of HDD Raw Copy. You can get the portable or installable copy from here: https://hddguru.com/software/HDD-Raw-Copy-Tool/
- Use HDD Raw copy to copy the img file onto a the temporary SATA disk. I used a SATA SSD
- Remove case from T70 and remove the mSATA SSD. Connect mSATA to PC. Took a backup via HDD Raw Copy. Wiped the drive (without wiping the disk, the WatchGuard will try to boot from this disk first)
- Install mSATA back into WatchGuard
- Connect temporary SATA disk with OPNSense image to SATA port. Connect power to SATA disk (I used spare PC power supply)
- Connect console cable to console port on T70 and fire up Putty or other terminal emulator. Set serial port to be: BPS=115200,Data Bits=8,Parity=none,stop bits=1, flow control (none)
- Power on WatchGuard. You should see the BIOS / boot process happen in terminal emulator. OPNsense runs in live CD boot mode by default. To install to the mSATA disk login to OPNsense with username: installer and password: opnsense
- Follow the prompts and it will install to the mSATA
- Once complete. Power down the T70 and remove the temporary SATA disk
- Power on the T70 and it should boot from the mSATA as a fully installed instance
- You can now connect ethernet port of computer to port 0 in device to configure via browser on address: https://192.168.1.1 Default username: root Password: opnsense
You can reconfigure the interface order to match the labelling on the WatchGuard by going to Interfaces - Assignments. I have LAN set to be interface igb1 and WAN on igb0
I have upgraded the firmware to the recently released 22.7 from the web interface.
So far performance has been great. I don't have a very complicated setup. Internet is an odd 100Mb/5Mb FTTP with PPPoE. I get over full speed in speed tests ` ~103/6Mbps. I have basic IDS enabled in monitoring mode, 2 VLAN's and WireGuard VPN configured. The CPU has not been stressed . I have seen the RAM go into the 1.5GB range whilst testing. However, whilst writing this the uptime is around 3 days and RAM is sitting at a low 34% (651/1913MB)
