AMD Ryzen 4x 2.5GbE Firewall Router for pfSense OPNsense Proxmox and Windows

10

AMD Ryzen 4x 2.5GbE Power Consumption

The system came with a 19V 90W Replacement AC Adapter. This unit had plenty of power to power our system, but these generally are, at best, of questionable quality.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V 90W Replacement AC Adapter
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V 90W Replacement AC Adapter

At idle, we saw 9.4-10.5W with the standard adapter. The maximum power consumption we saw was in the 62-65W range.

Since idle is such a big question, in the video, we also showed a SlimQ 150W GaN and DC charger adapter (Amazon affiliate link here) with the unit. Powering by USB-C, we saw idle in creep up 0.2-0.4W or so when measured at the wall. Using SlimQ’s DC output, we saw idle drop to the 8.6-8.8W range. We used this simply because it was around, but on the DC side, it showed decent power savings similar to what we see when we use different adapters with the fanless Jasper Lake firewalls.

Key Lessons Learned

There we certainly many key lessons learned with this unit. First off, adding a fan and getting a unit that could utilize the larger AMD Ryzen 7 5825U processor means we got a lot more performance. This is sold as a router/ firewall appliance, but most of our readers will severely underutilize a box like this for that task. Instead, this is the kind of system that can be a 4x 2.5GbE desktop, given its three display outputs, or a virtualized node, as we showed with Proxmox VE.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal M.2 Side View
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Internal M.2 Side View

It was hard to look past the fact that these units have some odd features. Some vendors advertise them with three NVMe SSD slots but this does not seem functional.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V SSD In Edge M.2
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V SSD In Edge M.2

Likewise, just getting two SSDs in this system was no simple feat.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 Board Out
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V H M.2 Board Out

Still, the unit performed well overall. We would, however, take a look at our single versus dual channel memory results as you think about configuring your system, as that delta was massive.

Final Words

Overall, this unit left us somewhat mixed on how to review it. The display outputs and raw CPU performance led us toward a more desktop-focused review. These units, however, are sold with 4x 2.5GbE ports as firewalls and routers.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Ports 4
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Ports 4

Power consumption at idle was OK for such a high-performance chip, but it felt too high for a 2.5GbE firewall-only device. Also, this unit may look like it is a passively cooled unit, but it surely has two fans. For a virtualization node, one can add two SSDs, but the storage performance we saw was not superior and was firmly “funky.” At the price point, it is certainly far from cheap but also not a very expensive unit.

AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Bottom Fan For RAM And SSD
AliExpress CW56 58 AMD Ryzen 7 5825U 4x I226 V Bottom Fan For RAM And SSD

In the end, this box felt like someone wanted to make a AMD Ryzen-based low-power virtualization node but then tried exposing a few desktop features and making it look like a router/ firewall. It almost feels like a box looking for a role. At the same time, we also recognize that this is how many of our readers use machines like this, so it felt like one we needed to review sooner rather than later.

10 COMMENTS

  1. This one looks like a bit of a missed opportunity. I assume that someone thought that preserving external similarity to the atom-based router boxes was important; but it’s not desperately obvious what the actual benefit is, while the drawbacks in terms of thermals, fans, deeply weird m.2 layout, etc. are all pretty blatant.

    Especially with either an intake or an exhaust on nearly every side this thing already requires more room than its size suggests, in the sense that if you tried to pack them side-by-side or stack them they’d likely complain; so a slightly larger enclosure would be no real sacrifice and allow a much nicer layout, ideally consolidation to a single larger fan, etc.

  2. I would guess the side facing port is for an eGPU adapter. Why bring a router and PC to the LAN party when you can do it all with one?

  3. What I miss from all of these mini-pc firewalls is a kvm option either serial like with the APU boards, or AMT iKVM which can be locked to a specific port (users less power than an full blown IPMI port) as I would not want it to be on the WAN port.

    Having 3 display options is not intersting for a firewall.

    Yes I know about the RPi KVM options but that is an additional 100-200€ on the price.

  4. @fuzzyfuzzyfungus: The difference between the 10 Watt TDP of an Atom and the 15 Watt TDP on a Tiger Lake or Ryzen 3 SoC doesn’t seem like much on paper. So like you I’ve felt let down, when truly passive variants failed to appear.

    But when you dig a little deeper and look at what companies like Akasa have to do to create a truly passive chassis for those chips, it becomes much more obvious that active cooling is a lot cheaper.

    These “15 Watt” parts not only support a 28Watt setting but will actually turbo to 50 Watts (Ryzen) or 64 Watts (Tiger Lake) with both presets. They can be told not to, but then you simply get the near Atom performance, not your money’s worth.

    I quite like the fans. Big slow moving fans are great to cover TDPs in this range without being noticeable: that’s typically passive enough for me. Yes, there is dust buildup over the years, but even I give my truly passive Atoms a spring cleaning.

    @Patrick: Geekbench runs every one of its sub-benchmarks only for a couple of seconds, so you’ll get max turbo clocks on pretty much all of them. At that point, there is no real difference for the 5800U between the 15 and 28Watt settings, because Geekbench just runs on pure turbo.

    RAM speed is even more essential for the iGPU, so using anything less than DDR4-3200 dual channel on these SoCs is crippling performance–unless it’s bored anyway.

    Chances are that as a mere firewall it is going to be that quite often, unless your Suricata ruleset is extensive and the users in your small office, appartment block or Internet café are near saturating those 2.5Gbit links.

    To me most of these small boxes are naturally micro-servers and that means running the firewall as a VM side-by-side with a few others for NextCloud, Plex, or some smart-home stuff. And there the ability to run a true DMZ on two ports (Internet + LAN switch), apps and storage on the two others has a box like this seem very attractive.

    There is a lot of connectivity to be had these days with adapters that have an M.2 cable on one end. E.g. I use it to connect a 10Gbit Aquantia NIC on a box that doesn’t have a proper PCIe x4 slot left over, but the eGPU sounds like another interesting option.

    Honestly, I’d be rather grateful for them to provide the option to utilize all the SoC’s built-in PCIe lanes instead of letting them go waste, simply because they don’t fit the design or have mainstream appeal.

    @Eric Olson: ECC support for the Barcelo 5825U is a *great* find, thank you! I got a 5825U based notebook for one of my sons, that obviously doesn’t have ECC LPDDR4 RAM soldered on: so far I had only seen 100MHz higher clock… Official support for 64GB RAM seems a paper-only change, but who knows… interestingly there are also 4 additional PCIe lanes on the Barcelo…

    All that has this little box appear in very different light and I can see myself itching to get my hands on one.

    But even more I’d probably like a mini-ITX variant of the board with the same SoC soldered on, some SATA ports for a set of HDDs and the ability to add a 10GBit NIC one way or another. That could replace a Xeon-D 1581 that’s starting to feel a little sluggish…

  5. Patric, mentioned in the video companion for this article that “TF” is often used to label “MicroSD” slots in China. I wager more is play than simpler licensing.

    While the difference between “MicroSD” and “TF” is minimal to me I wager it is a lot larger for people in the chinese market. Many of which I assume would only see these characters as symbols.

    “In this case, the TF slot is a MicroSD card slot without the vendor paying for licensing the MicroSD name.”

  6. Timing was lucky. I took delivery of one on the same day of this review. I went for the 5600U option. I’ve installed proxmox on an SSD 2.5 drive. My unit didn’t come with the second fan which is optional I believe. I’ve also put a small 256GB nvme drive. Just for testing I’ve inserted a microSD card and it shows fine in the OS with a lsblk.
    I’m installing opnsense on it as VM. Right now I need to see how to give the config file from the baremetal one to the VM.

  7. Hi,

    I purchased one of these because I previously bought one with a N5105 and it was overheating and my OPNSense PVE VM would lock up. It’s working well for me with Crucial RAM and Samsung SSD. I won’t mess with off brand memory/storage.

    Let me know if anyone knows how to update the BIOS. I hypothesis that the vendor ships a development BIOS. I’d prefer to run something that’s less complex.

    Good (bare bones w/ 5825U): https://www.aliexpress.com/item/3256804600750691.html

    Overheats (bare bones w/ N5105): https://www.aliexpress.com/item/3256804173757529.html

    Best,

    Joe

  8. @Eric Olson: according to Aliexpress product pages the platform doesn’t support ECC memory. Unfortunately. I would be happy to see it here too…

  9. I have a small fanless PC to run pfSense on. It doesn’t have as powerful a CPU as the ones that STH has been testing recently, but I decided to put a fan on it and see what happened.

    It’s one of those add-on cooling fans that’s USB-powered. It came with a small wall wart that I plugged in so that I’m not powering it off the power supply of the mini PC. I laid it on top of the mini PC. It has rubber bumpers so it won’t mar anything or move around due to vibration.

    I tried it with airflow blowing onto the top heatsink of the mini PC and also the opposite direction so that the fan is pulling up through the heatsink.

    Blowing down onto the heatsink worked much better in my case. The fan has reduced the reported temps by about 15 °C. It doesn’t run that hot without the fan, but I feel that the reduced operating temperature could be beneficial in terms of reliability and longevity over the long term. The question then is whether it’s cost-effective? The fan was about US$10. It came with a speed control and I have that turned almost all the way down. It’s been silent. (The fan claims to have dual ball-bearings, and I’ll see how well it holds up in use.) I haven’t measured the power draw of the fan yet, but from what I’ve read I’m thinking a Watt or two?

    Will the added cost of the fan and the power to run it pay for itself in added longevity for the device? I’m not sure. It provides a reassuring feeling to me though, and perhaps that’s worth the added cost. 🙂

    Everyone has to make the same decisions and calculations for themselves, especially when they have mini PCs with more powerful CPUs than mine (which is a J3170). The mini PC tested in this article obviously makes that decision for you by including a cooling fan.

    I assume that some or all of the CPUs used in these mini PCs will thermal-throttle, or at least not boost as much if they’re running hot? I wonder if that is an issue for most people?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.