KingNovy Firewall Appliance as a substitute for KingNovy
I have already reported here about my efforts to have a replacement for my firewall mini PC just in case, because you don’t want to have to reconfigure everything or be without internet for the almost 3 weeks that such a delivery takes.
Introduction
The last attempt failed because after every backup on my backup server the first LAN port was dead, so to speak, although everything else continued to work. My search for a replacement became a little more difficult because some of the mini PCs offered by Amazon either had even slower processors or still wanted to be operated with DDR4. But I still had a 32 GB DDR5 bar and some of them said they supported up to 16 GB with DDR5. I didn’t want to risk that.
But I did find one, albeit a device that only had 5 2.5 GBit Intel V226. That wasn’t so bad because I created a bridge on the KingNovy on OPNSense. The Draytek modem is connected to this with one connection, so I was able to do without one connection here.
Equipment
The really solid housings are really made of one piece for all devices and the only differences are the network connections and how many USB or HDMI connections there are. So this device also has a lot in common and the supplier offers it not only barebone but also with 32 GB, so there was no need to worry about the maximum RAM size here.
On the back we have, as mentioned, 5x 2.5 GBit LAN with Intel V226, 2x HDMI and the power connection. Characteristic of all housings of this type are the long fins on the top of the housing, which are intended to ensure cooling even without ventilation.
On the front there are 4x USB 2.0 connections next to the on/off switch. This is very practical if you want to connect a keyboard and, depending on the operating system, a mouse. The Ventoy Stick with the operating system to be installed also benefits from being connected via USB 2.0 only. Then there is a display port, a slot for TF or SD cards and a USB-C connection. The differences in detail come in the interior. Here is a view of the opened case.
Here is the slot for the one SO-DIMM bar and, unlike my old KingNovy, connections for 2 NVMe drives. There are also connections for 2 SATA drives. Unfortunately, only 1 cable was included. But there would be no room for 2 SATA SSDs inside the case. One is mounted on the base plate, which are interchangeable by the way.
Memory Test
After I had problems with a defective memory bar before, I quickly ran a memory test.
But it ran without any problems. And here the purchase of the Azorpa monitor proved to be the right decision because you could set something up quickly.
Device assignments
As with the other device, here too we had to look at how the system assigns the devices.
And here it was slightly different again. First the Intel LAN connections and as the last device the NVMe SSD. Of course I had to take that into account, especially since the first Ethernet connection is passed directly to the OPNSense firewall as a PCI device. This can be done via a corresponding adjustment in /etc/pve/qemu-server/100.conf. The different order of the Ethernet connections can be mapped in /etc/network/interfaces.
After these small modifications, the new device could be started and it ran (almost without) problems.
Intel N100 CPU
While the first device I have is operated with an Intel N5105, this device is powered by an Intel N100. With a sysbench test I was able to determine that the N100 is almost twice as fast as the Intel N5105. The other values for FileIO and access to a MariaDB database don’t change much.
The Intel N100 is still faster than an i5-10400 with 6 cores and 12 threads from my Asrock Deskmini H470.
Still a small problem
After the first few starts, I was always surprised that the CPU load was very quickly at 75% and more, despite the fact that nothing special was actually running that could have explained this immense load. It took a while and a few attempts (trial and error) to narrow down that the culprit was OPNSense and in particular the Crowdsec plugin. If I deactivate the plugin, everything is fine.
I hope there will be an update here soon.
Conclusion
I have now found the firewall, and I will keep the device with the N5105 CPU as a backup system or use it for network experiments. Despite the faster CPU, the new device consumes around 13-14 W of power, but it is equipped with all LAN ports and that is a good value too me
ciao tuxoche
