AMD Ryzen 4x 2.5GbE Firewall Router for pfSense OPNsense Proxmox and Windows

11

AMD Ryzen 4x 2.5GbE Internal Hardware Overview

The clamshell chassis has four screws on each side. Once those eight screws are removed with the side panels, one can open the chassis. Here we can see the bottom fan along with the bottom portion of the chassis.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Bottom Fan For RAM And SSD
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Bottom Fan For RAM And SSD

Here is a look at the CW56-58 motherboard without memory or storage installed.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal Unconfigured
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal Unconfigured

For memory, we get two SODIMM slots.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V SODIMM Slots And CW
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V SODIMM Slots And CW

Our unit came with a single Yue Tiger 16GB DDR4-3200 DIMM. This constrained performance considerably, as we will discuss in our performance section.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Yue Tiger 16GB
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Yue Tiger 16GB

Here is a look at the unit configured with the memory and storage as it looked when we opened the unit:

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal Configured
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal Configured

The SSD was a Ranxiana SSD, but it did not look anywhere near as exciting as the one we found in one of the New Fanless 4x 2.5GbE Intel N5105 i226-V firewalls we tested.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V M.2 SSD
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V M.2 SSD

One may have noticed that in the fully configured system, there was another M.2 slot. Here is another angle:

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 1
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 1

The second M.2 slot is powered by this “H” board (perhaps it is an “I”?)

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 Board
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 Board

Here is the extension board out of the chassis. This works at PCIe Gen3 speeds, but it is unlikely we will see this design with PCIe Gen5 motherboards in the future.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 Board Out
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 Board Out

Inside the unit, we can see the CPU heatsink/ fan unit on top of the motherboard, along with a block extending to the Intel i226-V NICs for cooling. We can also see the bottom components and fan. What may confuse some is that some of these units are marketed with three M.2 SSD slots. If you think you can spot the third on the left side of this photo, you are correct.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal M.2 Side View
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal M.2 Side View

This third slot extends out towards the edge of the case. It does not seem overly practical, but it is physically there. We tested this and showed in the video a WD Blue NVMe SSD working in this slot, albeit with no way to secure the drive.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V SSD In Edge M.2
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V SSD In Edge M.2

The CPU in our unit was an 8-core/16-thread AMD Ryzen 7 5825U. This is a very powerful processor for this class of system and is in another league of performance and power consumption from some of the lower-end firewalls we have reviewed previously based on Jasper Lake.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Side With Thermal Solution Contact With Heatsink 1
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Side With Thermal Solution Contact With Heatsink 1

One other area that we did a quick visual inspection non was the cooling. Here one can see the heatsink side of the chassis and also the gap between the motherboard and the heatsink.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal Exhaust Side View
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal Exhaust Side View

Our unit was staying under 81C max and the visual inspection seemed to indicate that at least this unit has its heatsink applied to the CPU, so we are going to say this was effective. Some of the older firewalls had gaps between the CPUs and the blocks that were attached to the metal chassis.

Next, let us get to performance as there was a lot to this one.

11 COMMENTS

  1. This one looks like a bit of a missed opportunity. I assume that someone thought that preserving external similarity to the atom-based router boxes was important; but it’s not desperately obvious what the actual benefit is, while the drawbacks in terms of thermals, fans, deeply weird m.2 layout, etc. are all pretty blatant.

    Especially with either an intake or an exhaust on nearly every side this thing already requires more room than its size suggests, in the sense that if you tried to pack them side-by-side or stack them they’d likely complain; so a slightly larger enclosure would be no real sacrifice and allow a much nicer layout, ideally consolidation to a single larger fan, etc.

  2. I would guess the side facing port is for an eGPU adapter. Why bring a router and PC to the LAN party when you can do it all with one?

  3. What I miss from all of these mini-pc firewalls is a kvm option either serial like with the APU boards, or AMT iKVM which can be locked to a specific port (users less power than an full blown IPMI port) as I would not want it to be on the WAN port.

    Having 3 display options is not intersting for a firewall.

    Yes I know about the RPi KVM options but that is an additional 100-200€ on the price.

  4. @fuzzyfuzzyfungus: The difference between the 10 Watt TDP of an Atom and the 15 Watt TDP on a Tiger Lake or Ryzen 3 SoC doesn’t seem like much on paper. So like you I’ve felt let down, when truly passive variants failed to appear.

    But when you dig a little deeper and look at what companies like Akasa have to do to create a truly passive chassis for those chips, it becomes much more obvious that active cooling is a lot cheaper.

    These “15 Watt” parts not only support a 28Watt setting but will actually turbo to 50 Watts (Ryzen) or 64 Watts (Tiger Lake) with both presets. They can be told not to, but then you simply get the near Atom performance, not your money’s worth.

    I quite like the fans. Big slow moving fans are great to cover TDPs in this range without being noticeable: that’s typically passive enough for me. Yes, there is dust buildup over the years, but even I give my truly passive Atoms a spring cleaning.

    @Patrick: Geekbench runs every one of its sub-benchmarks only for a couple of seconds, so you’ll get max turbo clocks on pretty much all of them. At that point, there is no real difference for the 5800U between the 15 and 28Watt settings, because Geekbench just runs on pure turbo.

    RAM speed is even more essential for the iGPU, so using anything less than DDR4-3200 dual channel on these SoCs is crippling performance–unless it’s bored anyway.

    Chances are that as a mere firewall it is going to be that quite often, unless your Suricata ruleset is extensive and the users in your small office, appartment block or Internet café are near saturating those 2.5Gbit links.

    To me most of these small boxes are naturally micro-servers and that means running the firewall as a VM side-by-side with a few others for NextCloud, Plex, or some smart-home stuff. And there the ability to run a true DMZ on two ports (Internet + LAN switch), apps and storage on the two others has a box like this seem very attractive.

    There is a lot of connectivity to be had these days with adapters that have an M.2 cable on one end. E.g. I use it to connect a 10Gbit Aquantia NIC on a box that doesn’t have a proper PCIe x4 slot left over, but the eGPU sounds like another interesting option.

    Honestly, I’d be rather grateful for them to provide the option to utilize all the SoC’s built-in PCIe lanes instead of letting them go waste, simply because they don’t fit the design or have mainstream appeal.

    @Eric Olson: ECC support for the Barcelo 5825U is a *great* find, thank you! I got a 5825U based notebook for one of my sons, that obviously doesn’t have ECC LPDDR4 RAM soldered on: so far I had only seen 100MHz higher clock… Official support for 64GB RAM seems a paper-only change, but who knows… interestingly there are also 4 additional PCIe lanes on the Barcelo…

    All that has this little box appear in very different light and I can see myself itching to get my hands on one.

    But even more I’d probably like a mini-ITX variant of the board with the same SoC soldered on, some SATA ports for a set of HDDs and the ability to add a 10GBit NIC one way or another. That could replace a Xeon-D 1581 that’s starting to feel a little sluggish…

  5. Patric, mentioned in the video companion for this article that “TF” is often used to label “MicroSD” slots in China. I wager more is play than simpler licensing.

    While the difference between “MicroSD” and “TF” is minimal to me I wager it is a lot larger for people in the chinese market. Many of which I assume would only see these characters as symbols.

    “In this case, the TF slot is a MicroSD card slot without the vendor paying for licensing the MicroSD name.”

  6. Timing was lucky. I took delivery of one on the same day of this review. I went for the 5600U option. I’ve installed proxmox on an SSD 2.5 drive. My unit didn’t come with the second fan which is optional I believe. I’ve also put a small 256GB nvme drive. Just for testing I’ve inserted a microSD card and it shows fine in the OS with a lsblk.
    I’m installing opnsense on it as VM. Right now I need to see how to give the config file from the baremetal one to the VM.

  7. Hi,

    I purchased one of these because I previously bought one with a N5105 and it was overheating and my OPNSense PVE VM would lock up. It’s working well for me with Crucial RAM and Samsung SSD. I won’t mess with off brand memory/storage.

    Let me know if anyone knows how to update the BIOS. I hypothesis that the vendor ships a development BIOS. I’d prefer to run something that’s less complex.

    Good (bare bones w/ 5825U): https://www.aliexpress.com/item/3256804600750691.html

    Overheats (bare bones w/ N5105): https://www.aliexpress.com/item/3256804173757529.html

    Best,

    Joe

  8. @Eric Olson: according to Aliexpress product pages the platform doesn’t support ECC memory. Unfortunately. I would be happy to see it here too…

  9. I have a small fanless PC to run pfSense on. It doesn’t have as powerful a CPU as the ones that STH has been testing recently, but I decided to put a fan on it and see what happened.

    It’s one of those add-on cooling fans that’s USB-powered. It came with a small wall wart that I plugged in so that I’m not powering it off the power supply of the mini PC. I laid it on top of the mini PC. It has rubber bumpers so it won’t mar anything or move around due to vibration.

    I tried it with airflow blowing onto the top heatsink of the mini PC and also the opposite direction so that the fan is pulling up through the heatsink.

    Blowing down onto the heatsink worked much better in my case. The fan has reduced the reported temps by about 15 °C. It doesn’t run that hot without the fan, but I feel that the reduced operating temperature could be beneficial in terms of reliability and longevity over the long term. The question then is whether it’s cost-effective? The fan was about US$10. It came with a speed control and I have that turned almost all the way down. It’s been silent. (The fan claims to have dual ball-bearings, and I’ll see how well it holds up in use.) I haven’t measured the power draw of the fan yet, but from what I’ve read I’m thinking a Watt or two?

    Will the added cost of the fan and the power to run it pay for itself in added longevity for the device? I’m not sure. It provides a reassuring feeling to me though, and perhaps that’s worth the added cost. 🙂

    Everyone has to make the same decisions and calculations for themselves, especially when they have mini PCs with more powerful CPUs than mine (which is a J3170). The mini PC tested in this article obviously makes that decision for you by including a cooling fan.

    I assume that some or all of the CPUs used in these mini PCs will thermal-throttle, or at least not boost as much if they’re running hot? I wonder if that is an issue for most people?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.