Almost a Decade in the Making Our Fanless Intel i3-N305 2.5GbE Firewall Review

28

Intel Core i5-N305 Performance

Instead of going through the entire Linux-Bench test suite, we are going to show a few performance and power numbers here to give a general sense of performance. This also gives us the opportunity to test with Linux/ Ubuntu.

Intel Core I3 N305 Lscpu
Intel Core I3 N305 Lscpu

The new Intel Core i3-N305 is the first time we have increased core count in almost a decade on these lower-power Atom-derived E-core CPUs. While the higher-end embedded segment has seen higher core counts, the consumer platforms have stayed at 4 cores for a long time. This has finally changed.

Python Linux 4.4.2 Kernel Compile Benchmark

This is one of the most requested benchmarks for STH over the past few years. The task was simple, we have a standard configuration file, the Linux 4.4.2 kernel from kernel.org, and make the standard auto-generated configuration utilizing every thread in the system. We are expressing results in terms of compiles per hour to make the results easier to read:

CWWK Intel Core I3 N305 Fanless Linux Kernel Compile Benchmark
CWWK Intel Core I3 N305 Fanless Linux Kernel Compile Benchmark

With 8 cores, the performance of the Intel Core i3-N305 is very good. At first, we were wondering why the CPU was a “Core i3”. At the same time, by doubling the CPU cores to eight of the Alder Lake-N efficient cores (E-cores) we have something that is competing with Core i7 and Core i5 CPUs from 4-5 generations ago.

7-zip Compression Performance

7-zip is a widely used compression/ decompression program that works cross-platform. We started using the program during our early days with Windows testing. It is now part of Linux-Bench.

CWWK Intel Core I3 N305 Fanless 7zip Compression Benchmark
CWWK Intel Core I3 N305 Fanless 7zip Compression Benchmark

We have seen other CPUs that add cores but cannot utilize them due to TDP limitations. While we do not get a straight doubling of performance, we do get a very significant performance bump with the 8-core part.

OpenSSL Performance

OpenSSL is widely used to secure communications between servers. This is an important protocol in many server stacks. We first look at our sign tests:

CWWK Intel Core I3 N305 Fanless OpenSSL Sign Benchmark
CWWK Intel Core I3 N305 Fanless OpenSSL Sign Benchmark

Here are the verify results:

CWWK Intel Core I3 N305 Fanless OpenSSL Verify Benchmark
CWWK Intel Core I3 N305 Fanless OpenSSL Verify Benchmark

Again, the Intel Core i3-N305 is performing very well here as OpenSSL tends to scale well on newer E-cores.

Intel Core i3-N305 Geekbench 6 Results

On the Geekbench 6 side, we can see how these have evolved.

CWWK N305 Performance Compared To N100 N200 N6005
CWWK N305 Performance Compared To N100 N200 N6005

Our video editor Alex made this for the video, and it really shows what is going on. We got slightly better single-threaded performance with the N100 (although this is very similar.) We also get over 2x the single-threaded performance on the N305 than we got on the N6005 and around 3x the multi-threaded performance. The Intel N200 performs well here with higher power per core, but the N305 still offers significantly more performance.

OS Compatibility

The OS compatibility side has gotten much better. We saw the release of the pfSense CE 2.7 Released with Intel i226 Support and Other Enhancements. From a firewall perspective, one does not have to use OPNsense just to get Intel i226-V support now (but OPNsense still works as we showed quickly in the video.)

CWWK Intel Core I3 N305 Intel I226 V Recognized In PfSense 2.7 CE
CWWK Intel Core I3 N305 Intel I226 V Recognized In PfSense 2.7 CE

We also recently had the Proxmox VE 8.0 release and that also added better support for the E-cores in Alder Lake-N as well as newer drivers.

CWWK Intel Core I3 N305 In Proxmox VE 8
CWWK Intel Core I3 N305 In Proxmox VE 8

When we did the original fanless N100 review, it took a bit of work to get things going. Now, it is much easier. That is part of a normal hardware/ software lifecycle.

Next, let us get to power consumption.

28 COMMENTS

  1. I promise I’ve been reading. I’ve known for months what a TF slot is. However – WTF is “a recessed G button” ???

  2. @Slash Its what you hit to turn the hot unit on.

    Any hint of these ever coming with ECC? Time for a new few devices but that last bit just seems like it no longer is in play.

  3. This cpu looks to be an amazing powerhouse with a thermal envelope that is reasonable. I have been looking for something like this since the day of the old atoms. Hopefully it ends up in a pot of devices

  4. Looks like where Huawei failed (to conquer network of democratic countries), CWWK is set to continue (at least from the SOHO side). And STH plays nicely along. Yet, a ton of alternatives exists either made in Taiwan (or if this is too close to P.R.C. for you) then even in EU (do not follow domestic makers in USA hence can’t mention that).
    What a pity…

  5. Regarding SATA data connector on H-Board – is on mainboard output for SATA power? And if so, is only 5V for laptop hdd or is also 12V for 3.5″ drives? Thanks

  6. Have you tested these N series processors with more than 16GB of RAM? There are some options in AliExpress offered with up to 32GB but Intel says they only support up to 16GB

  7. KarlG,
    It’s one thing to point out / remind people that networking devices from the P.R.C. might be compromised. It’s far different to accuse Patrick and STH of being complicit on their own site.

  8. If I’m a government trying to get into networks I’m not going after the customers buying $300 devices. I’m going after the Lenovo customers. Dell and HPE’s are made in China as well.

    I don’t know KarelG if you’re not shouting Lenovo is unbuyable by anyone on every website I don’t get what that is all about either like HerbM.

  9. Hello, I would be very interested in the review of the CWWK M.2 Expansion Board 2.1. For me, the ideal configuration is 1x 2.5 Gbit ethernet or 1x SFP+, 2-4x SATA and M.2 Expansion Board 4x NVME.

  10. If the OEM (CWWK?) would offer a CoreBoot BIOS it would help alleviate some of these conspiracy type theories that everything is a target.

  11. Today?

    Protectli have had 2.5Gb ports for a while now. I run one. Tbf, it’s a celeron, but it has more than enough oomph.

  12. I have no reference for CPU power needed for firewalls, are units with this CPU good enough for a 2man household office with bunch of 1gigabit wan traffic and 2.5gbe lan traffic?

  13. @ saeris – This is far in excess of what you would need. My previous gen J4125 is more than adequate and the N100 that replaced it can run the FW and 5-6 small VMs alongside it and still not use more than 10% CPU unless you start using intrusion detection etc.

  14. Would you be able to test the CWWK M2 expansion board in a different mini pc like the beelink pro? I’m really curious if the board would fit in other systems, maybe one that is more actively cooled.

  15. I know I’m a broken record, but how nice it would be if Intel would include vPro Advanced on these chips so that we could get remote controle without having to get an PiKVM. An Aspeed implementation will use too much power (7-9w).

  16. Would you recommend this unit instead of the i5-1235U in the same chassis for a proxmox server running a firewall (PFsense), a media server (PLEX) and a few other apps (Lidarr, Readarr, Sonaar etc) – to be used as a Home server?

  17. HerbM and heinrik: yes, HPE and Dell makes their devices in China too. In comparison with Lenovo and CWWK, their devices are still designed in free countries. Besides this HPE offer some supply-chain danger mitigation tactics — Patrick already wrote about it IIRC year ago or so. Those were special HPE servers build in US IIRC. You both seems to be concern by govs’ infra and leaving consumer infra free to P.R.C. Unfrotnately if large attack happen and your whole country consume infrastracture is in the hand of you r enemy, then well, I can only pray for your gov’s infra build with reliable/trusted components but running over the same cables…
    E.g. when flood happen, nobody is safe and tiping point may be quite close.
    So I would be careful even with simple consumer devices.
    Heck, on some other side you may read about car battery volt-meter made in P.R.C. using Bluetooth and app on Android/iOS to report battery health. This device is perfect spy as it scans wifis around and call back to China with what it found. It’s possible due to app requiring excess permissions for its core business. And that’s just silly device for few bucks. No imagine P.R.C. made EVs, what the hell may go wrong here…
    So be careful.

  18. Could you link to ram that works with this board? Typically manufacturers have a supported ram list, but not even sure how to look this up for these boards.

  19. I’m sorry but any board with the buggy I-225 or I-226 chipset is instantly a blocker. Google the chipset issues if you want to find out more, but they have been trying to fix it for three years now.

  20. Am I the only one furious that these Alder Lake-N CPUs exist, and yet Synology chose ancient Intel and embedded AMD trash for their ’23 refreshes?

  21. Not that anyone cares..

    using an M.2 breakout Adaptor to PCIe 3.0 x4 one can hook up some nice SFP+ Cards..
    in my case an Intel X520-DA2 10 Gigabit 10GBe SFP+

    it wont probably cut the same as a
    https://www.servethehome.com/this-gowin-r86s-pro-is-an-everything-revolution-with-25gbe-and-2-5gbe/4/
    provided that the card uses PCIe 2.0 x8

    but still, it adds some dearly missing dual SFP+ connectivity, far superior and more common than 2.5 GbE connectivity..

    It is a great N305 system, superior to the
    https://www.servethehome.com/new-4x-2-5gbe-and-2x-10gbe-intel-core-firewall-and-virtualization-appliance/4/

  22. A few weird items that make me feel off in using these for a firewall:
    – FreeBSD 14.0 and VMWARE 8.0u2 both show the presence of, but difficulty connecting to the TPM 2.0 module. This is a serious red flag for hardware capable of manipulating or snooping on secure traffic keys, such as VPNs and browser SSL
    – Units shipping today still have BIOS containing the LogoFail vulnerability; the company has not published an update to fix this and other major BIOS and ME issues
    – When clicking the CWWK website’s support link, Norton blocks the link due to suspicious activity
    – CWWK neither has non-Chinese language manuals or support sites hosting BIOS and Firmware outside of China. This is a significant software supply chain concern, as the CCP and state-sponsored hacking groups have ongoing access to manipulate software (See Double Dragon, APT41, BARIUM, Axiom, Winnti, Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie, Blackfly, Brass Typhoon, … )

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.