hngopher.com

       [HN Gopher] Fanless Intel J4125 4x I225 Virtualized Firewall App...
       ___________________________________________________________________
        
       Fanless Intel J4125 4x I225 Virtualized Firewall Appliance Review
        
       Author : walterbell
       Score  : 37 points
       Date   : 2022-05-20 18:50 UTC (4 hours ago)
        
 (HTM) web link (www.servethehome.com)
 (TXT) w3m dump (www.servethehome.com)
        
       | Animats wrote:
       | _" Any of you that have the N6005 model and tried to use 32GB+, I
       | would be curious to know if your unit can successfully complete a
       | full pass of memtest86+. I have the N6005 Topton model and it
       | will recognize and boot with 2x16GB modules, but it will not
       | complete a pass of memtest86+."_
       | 
       | Uh oh.
       | 
       | Also, if you need that much memory in a firewall, its queues are
       | too big and you're adding substantial latency.
        
         | tenebrisalietum wrote:
         | Maybe I want to run `ntopng` and also caching nginx on it.
        
         | gigel82 wrote:
         | I have the N6005 variant but haven't tried with 32Gb, because
         | Intel specifically lists 16Gb as the maximum memory in the
         | processor specifications:
         | https://ark.intel.com/content/www/us/en/ark/products/212327/...
         | 
         | FWIW, I'm not using it as bare OS firewall. Instead, it's
         | running Debian with pfSense in a VM with 2 passthrough NICs
         | (though I'm considering replacing Debian with Proxmox).
        
         | toast0 wrote:
         | > Also, if you need that much memory in a firewall, its queues
         | are too big and you're adding substantial latency.
         | 
         | Maybe it's stateful and you've got a whole lot of connections?
         | Or in this case, they're planning to run VMs and things on the
         | box, so might need more ram for that.
        
         | dijit wrote:
         | These appliances can also be caching load balancers or caching
         | reverse proxies. Which can make very good use of ram.
        
         | [deleted]
        
       | Nextgrid wrote:
       | I have a very similar unit from Protectli running an OpenWrt x86
       | build. It's the best router/firewall I can think of for
       | home/small business.
       | 
       | It replaced an enterprise-grade Mikrotik router, which while no
       | doubt being more performant (it has hardware offload for
       | routing/firewall), was a pain to configure and certain scenarios
       | are almost impossible to implement (WAN failover where one of the
       | WAN interfaces is a PPPoE link) on it where as in OpenWrt they
       | work out of the box.
       | 
       | The lack of hardware offloading for firewall/routing doesn't seem
       | to be an issue in practice for gigabit links.
        
       | tedunangst wrote:
       | Intel really makes it hard to know where products fit in their
       | low end stack. J4125 sounds like something I'd find in a ten year
       | old netbook. Apparently it's semi modern though, and quite a bit
       | faster than the old wimpy atoms.
        
       | prova_modena wrote:
       | I like learning about the latest and greatest developments in
       | these compact, fanless router boxes. But, so many are only
       | available through seemingly random AliExpress sellers. Maybe this
       | is being overly cautious, but I would never trust my home and
       | small business networking duties to off-brand hardware like this.
       | I worry about poor QC, nonexistent customer support and
       | nonstandard/undocumented gotchas. This is not even considering
       | outright malicious behavior by one of these storefronts.
       | 
       | I've used Protectli and PC Engines boxes before, which have been
       | great. I'm definitely leaving some value/performance on the table
       | compared to the hardware described in this article. I also know
       | that Protectli hardware in particular is supposed to be identical
       | to some of the Aliexpress boxes, at a higher price. But at least
       | I have some assurance that the company behind the hardware has a
       | reputation at stake and will hopefully stand behind their
       | products.
        
       | tedunangst wrote:
       | > One major advantage of virtualizing the firewall in this way is
       | the ability to take snapshots. Not only do we get fast VM reboots
       | after a firmware upgrade,
       | 
       | I'm kinda skeptical, unless I'm missing something. How much time
       | does it take for a VM host to reboot and resume firewall guest vs
       | reboot firewall on metal?
        
         | InvaderFizz wrote:
         | I have a virtualized openwrt router for some VPN functions.
         | Full boot of the guest OS to routing traffic over the WireGuard
         | tunnel is under 10 seconds from the time I hit reboot.
         | 
         | Edit: I see you were referring to the host boot times plus the
         | VM boot times, which I am not and neither is the article.
        
           | tedunangst wrote:
           | What firmware are we updating that does not require a host
           | reboot?
        
       ___________________________________________________________________
       (page generated 2022-05-20 23:01 UTC)