{"id":116,"date":"2026-04-04T22:23:55","date_gmt":"2026-04-04T22:23:55","guid":{"rendered":"https:\/\/kr0311.com\/projects\/?p=116"},"modified":"2026-04-06T14:34:35","modified_gmt":"2026-04-06T14:34:35","slug":"repurposed-watchguard-xtm-5","status":"publish","type":"post","link":"https:\/\/kr0311.com\/projects\/repurposed-watchguard-xtm-5\/","title":{"rendered":"Repurposed a WatchGuard XTM 5 into an OPNsense Firewall"},"content":{"rendered":"<p><strong>Repurposed a WatchGuard XTM 5<\/strong> into an OPNsense firewall \u2014 this project started as a simple idea and quickly turned into a full rebuild.<\/p>\n<p>The plan sounded straightforward enough: take an old <strong>WatchGuard XTM 5 Series<\/strong>, upgrade it a bit, install <strong>OPNsense<\/strong> on an SSD, and turn it into a proper rack-mounted firewall for the homelab.<\/p>\n<p>What actually happened was a lot less graceful.<\/p>\n<p>There was BIOS nonsense. Storage nonsense. Boot nonsense. And more than one moment where the whole thing looked like it was going to remain an expensive red paperweight.<\/p>\n<p>But in the end, it worked.<\/p>\n<p>And not in a \u201ctechnically boots if you threaten it\u201d kind of way either.<\/p>\n<p>It now runs <strong>OPNsense from SSD<\/strong>, boots properly, updates properly, and has taken its place in the rack as a fully repurposed firewall.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/final_rack-scaled.jpg\" alt=\"Repurposed WatchGuard XTM running OPNsense firewall in the rack\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        Final result: the WatchGuard XTM 5 Series repurposed and mounted back in the rack.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83d\udce6 Starting Point<\/h2>\n<p>The hardware itself was a <strong>WatchGuard XTM 5 Series<\/strong> firewall.<\/p>\n<p>Out of the box, it was still very much a WatchGuard appliance rather than a flexible little firewall box ready for a second life.<\/p>\n<p>It came with:<\/p>\n<ul>\n<li>WatchGuard firmware<\/li>\n<li>A tiny <strong>1GB Compact Flash card<\/strong> as storage<\/li>\n<li>Locked-down BIOS settings<\/li>\n<li>Limited RAM<\/li>\n<li>No SSD installed<\/li>\n<\/ul>\n<p>So this was never going to be an \u201cupgrade OPNsense\u201d job.<\/p>\n<p>This was a full repurpose job from the ground up.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/starting-scaled.jpg\" alt=\"Repurpose WatchGuard XTM starting point before teardown and upgrades\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        The WatchGuard XTM 5 Series before teardown and upgrade.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83d\udd27 Opening It Up<\/h2>\n<p>First step: get the lid off and see what we were actually working with.<\/p>\n<p>Inside, things looked promising enough:<\/p>\n<ul>\n<li>The <strong>CF card<\/strong> was acting as the main storage device<\/li>\n<li>The RAM was accessible and upgradeable<\/li>\n<li>There was a <strong>SATA connection<\/strong> available<\/li>\n<\/ul>\n<p>That last part mattered a lot, because without SATA this would have gone from \u201cinteresting project\u201d to \u201cnice red metal ornament\u201d very quickly.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/whats_inside-scaled.jpg\" alt=\"Inside the repurposed WatchGuard XTM showing motherboard and internal components\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        Inside the WatchGuard: compact, locked down, but workable.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83e\udde0 RAM Upgrade<\/h2>\n<p>Before worrying about storage, the RAM got upgraded.<\/p>\n<p>The new memory went in, the system booted, and everything was detected straight away.<\/p>\n<p>For a brief moment, this project felt suspiciously easy.<\/p>\n<p>That did not last.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/new_ram_installed-scaled.jpg\" alt=\"WatchGuard XTM RAM upgrade installed during OPNsense repurpose\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        New RAM installed and recognised without drama for once.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83d\udcbe Adding the SSD<\/h2>\n<p>Next step was replacing the CF-based storage with something actually usable.<\/p>\n<p>The SSD was installed and connected via SATA.<\/p>\n<p>Physically, everything looked fine.<\/p>\n<p>Booting, however, had other ideas.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/ssd_fitted-scaled.jpg\" alt=\"SSD fitted inside WatchGuard XTM for OPNsense install\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        SSD fitted and connected, ready to replace the old CF-based setup.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83d\udca5 First Major Problem<\/h2>\n<p>With the SSD connected, the system refused to boot properly.<\/p>\n<p>Without SATA connected: fine.<\/p>\n<p>With SATA connected: chaos.<\/p>\n<p>Multiple drives were tested. Same result every time.<\/p>\n<p>At that point, it became pretty obvious the issue was not the SSD itself.<\/p>\n<p>Something deeper was wrong.<\/p>\n<hr \/>\n<h2>\u2699\ufe0f BIOS Investigation<\/h2>\n<p>Diving into the BIOS revealed the real problem.<\/p>\n<p>Most of the settings that actually mattered were locked down, including storage configuration and boot behaviour.<\/p>\n<p>The system was effectively stuck in an outdated mode that did not play nicely with modern drives.<\/p>\n<p>That explained a lot.<\/p>\n<p>Unfortunately, \u201cunderstanding the problem\u201d and \u201chaving a working firewall\u201d are not the same thing.<\/p>\n<hr \/>\n<h2>\ud83d\udd25 Flashing an Unlocked BIOS<\/h2>\n<p>This was the turning point.<\/p>\n<p>The BIOS was backed up and replaced with an unlocked version, which finally gave access to the settings that WatchGuard had locked away.<\/p>\n<p>Once that was done, SATA mode could be changed to <strong>AHCI<\/strong>.<\/p>\n<p>Immediately, behaviour improved.<\/p>\n<p>The system could now boot with the SSD attached.<\/p>\n<p>Which was a massive milestone, because up until that point it had mostly been acting like the whole upgrade was a personal insult.<\/p>\n<hr \/>\n<h2>\ud83d\udcbf Installing OPNsense<\/h2>\n<p>With SATA finally working properly, OPNsense was installed onto the SSD.<\/p>\n<p>The install completed successfully\u2026<\/p>\n<p>But the system still did not boot cleanly.<\/p>\n<p>Because of course it didn\u2019t.<\/p>\n<p>At this stage the project had fully committed to the bit.<\/p>\n<hr \/>\n<h2>\ud83d\udee0\ufe0f Fixing the Install Properly<\/h2>\n<p>The initial install used a layout that this hardware clearly did not like.<\/p>\n<p>So it was scrapped and redone properly:<\/p>\n<ul>\n<li>Extended install<\/li>\n<li>Manual setup<\/li>\n<li>MBR partitioning instead of GPT<\/li>\n<\/ul>\n<p>This aligned much better with the older hardware.<\/p>\n<p>Sometimes old kit just wants old rules, and fighting that usually ends in wasted hours and unnecessary swearing.<\/p>\n<hr \/>\n<h2>\ud83d\udd29 Final Boot Fix<\/h2>\n<p>One last issue remained: boot device selection and root mount behaviour.<\/p>\n<p>The system needed the correct root mount defined manually so it would stop getting confused about where it was meant to be booting from.<\/p>\n<p>Once that was sorted, the CF card could be removed entirely.<\/p>\n<p>From that point on, it booted cleanly from SSD.<\/p>\n<p>Which finally made this feel like a real repurpose job instead of a long argument with outdated firmware.<\/p>\n<hr \/>\n<h2>\u2705 OPNsense Running<\/h2>\n<p>After all of that, the system was finally running properly.<\/p>\n<p>OPNsense installed. Stable. Updating. Booting correctly.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/opnsense_running-scaled.jpg\" alt=\"WatchGuard XTM OPNsense setup running successfully during testing\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        OPNsense running successfully after the storage and BIOS battle was finally won.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83d\udd0c Final Configuration &amp; Connections<\/h2>\n<p>With the system stable, it was time to wire everything back into the rack and get the network side configured properly.<\/p>\n<p>This is where it stopped being a bench project and started becoming part of the actual setup.<\/p>\n<div style=\"margin: 30px 0\">\n    <img decoding=\"async\" src=\"https:\/\/kr0311.com\/projects\/wp-content\/uploads\/2026\/04\/configure_connections-scaled.jpg\" alt=\"Repurposed WatchGuard XTM OPNsense firewall being configured and connected\" style=\"width: 400px;max-width: 100%;height: auto;margin: 0 auto;border-radius: 12px\"><\/p>\n<p style=\"text-align: center;font-size: 0.9em;opacity: 0.7;margin-top: 8px\">\n        Final configuration and connection testing before it went back into the rack.\n    <\/p>\n<\/div>\n<hr \/>\n<h2>\ud83e\udde0 What Actually Caused the Trouble<\/h2>\n<p>In the end, the biggest problem was not the SSD.<\/p>\n<p>It was not OPNsense either.<\/p>\n<p>It was the locked-down BIOS and the outdated assumptions baked into the original configuration.<\/p>\n<p>That was the thing causing the storage issues, the weird boot behaviour, and the general feeling that the whole device resented being modernised.<\/p>\n<hr \/>\n<h2>\ud83d\udcda Lessons Learned from Repurposing a WatchGuard XTM for OPNsense<\/h2>\n<ul>\n<li>Locked BIOS settings can cause far more trouble than faulty hardware<\/li>\n<li>SATA configuration matters a lot more than you think<\/li>\n<li>Older hardware does not always like modern install defaults<\/li>\n<li>MBR still has its place<\/li>\n<li>Boot device naming can and will mess with you<\/li>\n<\/ul>\n<p>This was one of those projects where every layer of the problem had another layer underneath it.<\/p>\n<p>Very educational. Mildly irritating. Weirdly satisfying by the end.<\/p>\n<hr \/>\n<h2>\ud83c\udfc1 Final Thoughts<\/h2>\n<p>What started as a simple upgrade turned into a full rebuild.<\/p>\n<p>But the result is a properly functioning, SSD-based OPNsense firewall running on hardware that would otherwise probably have carried on collecting dust or pretending the early 2000s never ended.<\/p>\n<p>And honestly, that makes the whole thing worth it.<\/p>\n<p>Sometimes the best upgrades are not upgrades at all.<\/p>\n<p>Sometimes they are full-blown second lives.<\/p>\n<p>If you want to explore more projects like this, have a look through my <a href=\"https:\/\/kr0311.com\/projects\/\">KR0311 projects archive<\/a>.<\/p>\n<p>OPNsense itself is available from the <a href=\"https:\/\/opnsense.org\/\" target=\"_blank\" rel=\"nofollow noopener\">official OPNsense website<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Repurposed a WatchGuard XTM 5 into an OPNsense firewall with SSD upgrades, BIOS fixes, and a full rebuild. What started simple turned into a full homelab transformation.<\/p>\n","protected":false},"author":1,"featured_media":159,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[69,65,73,72,10,70,71,66,64,74,68,67,63],"class_list":["post-116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-builds-projects","tag-bios-mod","tag-firewall","tag-firewall-build","tag-hardware-repurpose","tag-homelab","tag-homelab-firewall","tag-network-firewall","tag-networking","tag-opnsense","tag-opnsense-install","tag-rackmount","tag-ssd-upgrade","tag-watchguard-xtm-5"],"_links":{"self":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/comments?post=116"}],"version-history":[{"count":5,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/116\/revisions"}],"predecessor-version":[{"id":160,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/posts\/116\/revisions\/160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/media\/159"}],"wp:attachment":[{"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/media?parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/categories?post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kr0311.com\/projects\/wp-json\/wp\/v2\/tags?post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}