RFC: Wiki documentation for purpose-built x86-based firewall devices

Hello, my name is Takimata, and I am addicted to x86 firewalls.

A bit of backstory: Yesterday I received a Sophos XG86W firewall and of course immediately went on to iron OpenWrt on the thing. This is now my fourth repurposed x86-based business-grade firewall, devices originally designed with a business/enterprise target to run highly specific vendor OSes, coming in rackmount or rack-mountable form factor. Devices sold by WireWatchguard, Gateprotect, Rohde&Schwarz, Sophos, Barracuda, Palo Alto and a few other companies, oftentimes (but not always) rebranded generic platforms by Lanner and other OEMs.

With my new Sophos buddy I struggled for a moment because the process was not quite identical to what I was used to with my other three. It wasn't exactly difficult in the end, but different enough to make me think about documenting the differences in the wiki. Followed immediately by the thought: How would one actually go about doing that?

These things seem evident to me:

  • some devices have particularities that warrant documentation; different internal storage (SATA, MMC, CF), different chipsets; in my case I struggled with the MMC installation process and the vendor-branded (if ultimately generic) wifi card took some time, both of which issues were ultimately easily solved but would have been a minute instead of an hour if they had been documented

  • due to the sheer number of devices and variations it is not sensible to have individual techdata entries for every single device (although we already have a few in the database)

  • for the same reason it is not sensible to have individual device pages for every device

What I'm thinking is: One wiki page for all of those devices, documenting the generic installation, generic issues and solutions, and then going into specifics for the models that require it. The page is supposed to be distinctly different from the generic "OpenWrt on X86" page, targeted at actual purpose-built firewall devices (although some things will obviously eventually overlap). Repurposed generic X86 hardware (thin clients, PCs, laptops) would be out of the scope of that page, too.

I would also imagine such documentation will become increasingly relevant; With line speeds slowly but surely exceeding the capabilities of "plastic routers" this class of devices will become (or already is) an increasingly popular solution, as evidenced by some recent forum threads.

This is a request for comments, and I would really like to have everyone's thought on this topic.

4 Likes

I was thinking something similar after I acquired a F12 Barracuda and installed OpenWrt on it (rather easily) with ultimate purpose to replace the RPi4B as home router as take advantage of its aes cpu instructions.

2 Likes

Good idea, got a couple of those myself, and would chip in.

2 Likes