KingNovy has introduced a small fanless firewall appliance powered by an Intel Celeron J4125 Gemini Lake Refresh processor, equipped with six 2.5GbE ports through Intel i225-V Rev 3 Ethernet controllers, and selling for as low as $230 for the barebone model.
The system supports up to 32GB RAM, mSATA and 2.5-inch SATA storage, features HDMI output and four USB 3.0/2.0 ports, plus an RJ45 console port, and is said to work with pfSense 2.5.x, OPNsense 22.1, OpenWrt, ROS7, ESXI, Proxmox, CentOS, and more.
Specifications:
- SoC – Intel Celeron J4125 quad-core Gemini Lake Refresh processor @ 2.0 / 2.7 GHz (Turbo) / 2.4 GHz (Turbo all cores) with Intel UHD Graphics 600 @ 250/750 MHz; 10W TDP
- System Memory – Dual-channel Memory DDR4 (2400MHz) supporting up to 32GB RAM in total
- Storage – 1x mSATA socket, 2.5-inch SATA bay for SSD or HDD
- Video Output – HDMI 2.0 up to 4K (4096×2160) @ 60 Hz
- Connectivity
- 6x 2.5GbE RJ45 ports via Intel i225-V Rev 3.0 controllers
- mPCIe socket + SIM slot for WiFi, 3G or 4G LTE module
- 2x antenna openings
- 6x 2.5GbE RJ45 ports via Intel i225-V Rev 3.0 controllers
- USB – 4x USB 3.0 ports (specs says 2x USB 3.0 + 2x USB 2.0 ports, photo description show 4x USB 3.0 ports)
- Serial – RJ45 RS232 console port
- Misc – Power button, reset pinhole, HDD and Power LEDs, watchdog timer, auto power on, RTC, PXE boot, Wake-on-LAN, etc…
- Power Supply – 12V DC power jack
- Dimensions – 155 x 124 x 53 mm (Aluminum alloy enclosure)
- Weight – TBD
The firewall appliance ships with a power adapter, a power cord, a SATA cable, and a screws bag. The company also offers optional accessories with a $10 WiFi module, a $50 3G module, and a $70 4G LTE module, I’d assume with antennas.
If the design looks familiar, it’s because we wrote about a similar Tiger Lake appliance with 6x Gigabit Ethernet ports last January, from a company named HUNSN, but considering the enclosure and software support description is virtually the same, it must be an OEM model sold by several companies. It also used to be possible to make a similar system with ODROID-H2+ SBC and the H2 Net Card, but Hardkernel discontinued the device.
I was first made aware of the compact firewall appliance on Amazon US where the barebone model is sold for about $240 (after $35 discount), but while looking for additional information, I also managed to find it on Aliexpress for about $230. The seller recommends purchasing it with RAM and storage options since that way pfSense will be preinstalled for free. He/she even issues a warning to those who plan to do it themselves:
DO NOT buy Barebone Mini PC (“No Ram No Storage” bundle)If you are NOT IT hardware technician. PC demands professional skill to assemble and debug. Barebone bundle had best to use Samsung, Skyhynix etc ORIGINAL brand ram and storage. We are afraid to see you suffer a bad shopping experience and DO NOT compensate for buyer’s man-made damage and faulty.
If you’d prefer having a faster processor, and four 2.5GbE ports are enough, the company is also selling a Jasper Lake firewall appliance starting at $213.92 with a Celeron N5095 SoC on Aliexpress.
Via FanlessTech
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
there are cheaper alternative – same cpu, just 4×2.5gbps ports https://fave.co/3w219xn
https://www.aliexpress.com/item/1005004247163816.html
Not the same, limited to 1x SODIMM slot on this one.
Looks interesting, but I’ve never heard of Kingnovy before. How’s their track-record when it comes to BIOS-updates?
I very much doubt that’s the actual manufacturer.
These things seem to be sold under a dozen different brands.
https://www.servethehome.com/topton-intel-j4125-4x-i225-fanless-virtualized-firewall-appliance-review-pfsense-opnsense-proxmox-ve/
That’s what I thought as well, but I figured I might just ask here, too. I don’t think I’d want to buy some random mini-PC with no word on whether it’ll ever receive any BIOS-updates.
This is one of the reasons i stick to thin client with a PCIe slot such as HP t620+, t740 etc combined with Intel i350 4 port NIC or similar.
I remember that a long time ago many of these emerging devices were found under the brand “qotom” or something looking like this, so much that I supposed it was the real manufacturer. I haven’t rechecked if it’s still present though. And it’s very possible that many others have jumped into the bandwagon anyway.
Btw, there are N6005 based ones going for $260-$270 which IMHO is more attractive.
Yes, the link to the Jasper Lake models includes N5105 and N6005 models as well.
But are these types of appliances usually limited by the processor? I’m asking because I don’t know.
Used to be, not sure it’s a big issue any more. Servethehome is running two VM’s on the one they tested in the link above and it seems to be running fine in their tests.
All of these CPUs have AES support now as well, which takes a ton of load off of the CPU cores.
I guess it really comes down to what it’ll be used for in the end.
Such devices used to be at a time many of them used to have realtek chips with basically no stateless offloading support (no IP checksum on VLAN, no TCP checksum, etc). With an i225 that even supports SG that shouldn’t be an issue at all.
I ordered the bare-bones N6005 cpu model a couple weeks ago…not shipping yet…
Looking to use as a pfSense box…👍
These J4125 and 5005 models are probably good enough for people who want a basic router and FW but the processor will quickly show it’s limits when a lot of gigabit routing is taking place alongside IDS services and VPN traffic.
To be honest, not many are using any IDS services. VPN doesn’t require much CPU power when the router is just routing packages. Most users turn on VPN from GNOME’s NetworkManager GUI. Handling VLAN and VPN isn’t even a properly documented scenario in pfSense or OpenWRT documentation. Pretty imaginary stuff.
For example the first reply here demonstrates that home users don’t necessarily need IDS:
https://www.reddit.com/r/HomeNetworking/comments/gvmk6n/is_ipsids_really_necessary_for_a_relatively/
AI want a version with at least one sfp+
Wow! This is about the same price as the 2 port Protectli Vault FW2B with a dual core J3060 Celeron and 1gig ports I bought last year to run PfSense. They look very similar too.
Yes, it should come from the same manufacturer. But since Protecli appears to be in Europe you get a proper guarantee and returns should be easier (provided you are based in the EU too).