A new firewall from AliExpress

I recently bought a new firewall appliance from AliExpress, i figured id write a short review of the unit as a few people on reddit have asked how it is.

Firstly, here is a link to the product im talking about ALIEXPRESS

 

The specs for this device are as follows:

  • Intel Atom D525 Dual Core Four Threads 1.8Ghz
  • Intel PCI-E 1000M 6*82583v NIC
  • Support NB Memory SO-DIMM DDR3 204Pin  (Maximum 4G DDR3) More on this later....
  • Support 1*MINI-PCIE+1*CF Card+1* 44 PIN IDE+ 1* SATA


The device itself feels very solid and very well built. It came well packaged and reasonably quick (considering it did come direct from china!) via fedex. My first bit of advice for anyone wanting to buy one is to factor in the (uk) customs cost. It did cost me an additional £15 to get it through customs. No biggy really though.

Here are a could of pic's i took with my phone after the initial unboxing. They are a pretty high-res so click on them if you want a larger view.

FRONT


2015-09-07 12.55.21

REAR


2015-09-07 12.55.30

INSIDE


2015-09-07 12.55.44

 

These photos are taken before i had started installing memory etc into the device.

The power draw for this box is around 60W. It is a lot lot quieter than my old Firebox x750e.

All the front panel is already wired up ready to go, as it the VGA port on the back. The only thing i havn't tested yet is the console port, which appears to be a cisco style port. When i find one of my rollover cables ill give it a test, though i imagine there wont be an issue with it.

Inside the box, i received the following:

  • The unit itself
  • A british kettle lead
  • Rack Ears
  • Additional screws for the rack ears.


I bought the barebones version, which, once i received the unit, regretted. There are several incorrect statements on their advert, these are:

  • Apparently, the barebones variant only supports 2GB of RAM. This was confirmed with the seller (ill post a screenshot of my conversation with the seller)
  • The unit does not come with SSD chassis unless you explicitly ask for it (This may have been my mistake for not understanding everything in the page)


Here is a little part of the conversation i had with the seller in regards to the RAM. Start from the bottom.

aliexpresschat

So it seems this device was never tested with 4GB as the advert suggests (unless it has since been modified) Either way, i cut my loses and chalked it up as a lesson learnt.

 

That is the initial details about the device, now onto how it actually runs.

I have mine runninig pfSense 2.2.4-RELEASE (amd64). I have not had one issue or blip in service caused by this device. In fact in over a month, the only time the device had power cycled was as a result of a power cut (trying to convince the wife i need a UPS!). It seems to have been rock solid.

I have it running with 2GB of RAM (swapped the new 4GB stick i bought for it with a 2GB stick from the wifes MBP) and also a 120GB Sandisk SSD. As i bought the barebones version and did not request the SSD Chassis, i had to get creative with my electrical tape and taaped the SSD to the top cover. I did have 2 issue's when installing the SSD, those were:

  • I could have done with buying a shorter SATA cable, wth one of the ends being at a right angle.
  • There is not SATA power port, only 2 4-pin headers on the motherboard. I just used a molex to SATA power adapter to get around this.
  • Space inside is limited. I had to get creative with the routing of cables to ensure i didnt block any airflow.


Luckily, i did not block any airflow. Here are the current stats for the firewall from pfSense.

THERMAL's

firewall-thermal

LOAD ETC

firewall-load

CURRENT INTERFACES

firewall-interfaces

The additional packages i have running on this is just ntop-ng.

To install pfSense on this, i moved the SSD into my NUC and installed it there first. The reason i did it that way was only because i had been having issues caused by the RAM, so wanted to have an OS already installed on the disk to eliminate that as a possible cause to my troubles.

 

All in all, there are few things i would have done differently when buying the unit, but i had been incredibly happy with it since i got it up and running. I didnt really know what to expect when buying kit like this directly from china. Id say i would certainly do it again though now that i know where i went wrong.

I have yet to test the max throughput this device can handle, though their advert suggests 250Mbps. Ill test it when i get chance and update this post. Though i will say i see full throughput both ways on my 80/20 FTTC service.

Finally, here is the little fella in its place.

Excuse the piss poor cable management.

2015-10-15 12.30.19

 

Any questions, ask away in the comments.

Using FreeIPA to authenticate OpenVPN users on pfSense

I have been fiddling with multiple different authentication methods to centralise the authentication across all my devices and services. ...… Continue reading

Zen Internet, IPv6 and pfsense

Published on February 19, 2017

Basic Telegraf, InfluxDB and Grafana setup

Published on January 26, 2017