Lanner FW-7551
-
I recently started playing with pfSense as an alternative to the Cisco ASA firewalls I have become very tired of using in various business/research installations, etc I maintain. So I decided I'd pick myself up some hardware to play with pfSense at home to see if it's a viable alternative to what I normally purchase for use in production.
After doing a lot of searching around for various hardware, I decided I wanted something that offered the latest Rangely Atom chips. These chips are designed for server/network processing, support virtualization (VT-X), AES-NI, and even sport QuickAssist crypto accelerators, all with a low power footprint. Unfortunately, finding small, production-level hardware with support for these chips is a little sparse right now.
Enter the Lanner FW-7551: a purpose-built Rangely box with 6 gigabit NICs - perfect for a pfSense install.
Full Specs: http://www.lannerinc.com/products/x86-network-appliances/desktop/fw-7551
Highlights:
-
Atom "Rangely" C2358 CPU (1.7 GHz Dual Core: http://ark.intel.com/products/77978/Intel-Atom-Processor-C2358-1M-Cache-1_70-GHz)
-
Support for up to 8GB (1 DIMM) of ECC DDR3 RAM
-
2x Intel i210AT Gigabit NIC
-
4x Marvell 88E1543 Gigabit NIC
-
1x CF Socket
-
1x SATA3 Port
-
2x USB 2.0
I've spun up the pfSense 2.2 Alpha images on the system, and it seems to cook along quite nicely. All 6 ethernet ports are recognized (recognized as igb0 to igb5), the CF slot works fine, serial console is accessible, etc. I currently only have it running in a fairly basic single-WAN, single-LAN default-NAT/firewall, but that much seems to work well. I'll be expanding it to a more complex setup soon.
I also tried the pfSense 2.1.1-prerelease image last week, but ran into issues booting to the CF card after the initial USB-based install. The live USB boot image seemed to work fine (again, all 6 ports recognized, etc), but installing to the CF card and rebooting led to a blank console screen after the boot loader ran. It's possible this is just a console issue, as I didn't really dive in to see if the web interface was still working or not. I may try some more 2.1.1 testing depending on how stable the 2.2 Alpha ends up being for my home needs and/or how long it takes to reach a 2.2 beta/release.
The system ran me ~$350 direct from Lanner (the only way I think you can purchase one of these) and it took a few weeks of lead time to get it here from China, but overall the purchasing was pretty painless. An 8GB ECC RAM DIMM added ~$100, and the 32GB CF card was another $35. Lanner also offers an 2.5" SSD/HDD mounting kit, which I have on order. I'll probably look to switch from the CF card to an old 128GB SSD when that arrives. In total, I would expect to have a pretty slick, full pfSense system for ~$500 (plus the extra $100 I kicked in for pfSense Gold membership and access to the 2.1+ book).
The main downside to the unit thus far is the fan. It is very loud. Fine for a server room, but lousy for a home setup. Fortunately, it's a standard 40mm fan mount, and I've already replaced it with a much quieter fan with no significant ill effect on system temperature (these are Atom chips, so they run pretty cool). Unfortunately, something happened in the process of me replacing the fan (no idea what), and now the fan runs anytime the system is plugged in, even when it's powered off. Not really a big deal since the unit is pretty much always on anyway, but mildly worrisome from a hardware reliability standpoint.
I just thought I'd post this to let others know that I've gotten pfSense to run on this box without too much pain. I plan to do a more thorough write up and review at some point once I have the unit vetted out a bit more. I also hope to buy a few more of these to use at various production sites once 2.2 stabilizes (or once I get 2.1.1 to work correctly on the unit). Also, I have no idea if pfSense is taking advantage of the AES-NI instructions for anything at this time, but hopefully those will become useful for VPN acceleration in the near future. It would also be cool to see support for the QuickAssist accelerator at some point, but I guess we'll see.
I'll shoot to follow up as I gain more time with the system.
In the meantime, enjoy some pictures:
-
-
Looks good. Does that model have bypass ports? Looks like there may be a riser card option too, looking at the card edge connector next to the LEDs.
-
Looks good. Does that model have bypass ports? Looks like there may be a riser card option too, looking at the card edge connector next to the LEDs.
Yep, but they're optional. The model I got (FW-7551A-V0.3) has two pairs of bypass ports on the four Marvell ports. There is a slightly cheaper B model that lacks the bypass option. I don't think I'm likely to use them in my home install, but I figured they'd nice to have. You can set them in the BIOS for various failover modes, or disable them altogether.
The goldfingers by the LEDS are labeled "PCIE1" on the mobo, but I'm not sure what kind of adapter you'd need to use them. It's not really discussed in the Lanner literature. But yes, it appears there is some form of PCIE support if you really wanted it.
-
Can you get a power consumption figure when it is running? Even just when idling along. I am always interested in equipment that takes 12V DC in on an external connector. It is an option to run directly from battery for offices that have solar/battery installations.
-
Can you get a power consumption figure when it is running? Even just when idling along. I am always interested in equipment that takes 12V DC in on an external connector. It is an option to run directly from battery for offices that have solar/battery installations.
Using the quieter fan (likely lower power than the original loud fan) and running more or less at idle (e.g. the power/traffic load associated with posting this post) I'm seeing about 14 Watts between the wall and the 12V power brick on my P3 Kill-A-Watt. The 12V power adapter supplied with the unit is rated up to 3 Amps output, so a theoretical 36W max. I don't have a DC clamp meter or another good way of measuring the DC load on the 12V side of the power adapter short of hacking up a power cord and using my multimeter inline, but it's got to be 14 Watts or fewer, at least at idle.
When I get around to benchmarking, etc, I'll try to track power numbers under full load as well.
-
Interesting that the Marvell NICs are using the igb driver.
Why were you installing to the CF card from USB rather than writing a Nano image to it directly?
Steve
-
Interesting that the Marvell NICs are using the igb driver.
Why were you installing to the CF card from USB rather than writing a Nano image to it directly?
Steve
I'm pretty sure this is the same hardware as the SuperMicro boards; it's got i354 NICs with a Marvell PHY.
-
That would explain it.
Steve
-
Why were you installing to the CF card from USB rather than writing a Nano image to it directly?
A few reasons:
1. Since I wanted to test out the hardware to see if various pfSense versions would even work, the live USB-based install was simplest.
2. The CF card I'm using is perfectly capable of handling read/write cycles like a regular hard disk over any reasonable lifetime.
3. I wasn't sure if there were any differences in the nanoBSD versions beyond using ramdisk for logging, etc and the hardware I'm using is closer to a full blown x64 server than an embedded device, so I thought I'd stick with the standard version.
4. I plan to switch to using an SSD once the mounting kit arrives, so this setup is easier to dd from the CF card to the SSD should I decided to do that instead of a full reinstall.
5. There aren't any 32GB nanobsd images, and I didn't want to mess with having to expand partitions, etc. -
Interesting that the Marvell NICs are using the igb driver.
I had the same thought.
I'm pretty sure this is the same hardware as the SuperMicro boards; it's got i354 NICs with a Marvell PHY.
I can try to interrogate the NICs a little more when I have time, but something along those lines was my assumption as well.
-
should have been better if theres an msata slot…is 350 including shipment?
-
should have been better if theres an msata slot…is 350 including shipment?
Maybe, but it has a standard SATA slot, and 2.5" SATA drives are easier to come by.
It was $340 + ~$15 shipping.
-
These Lanner boxes look like they be what ive been looking for.
asalyer i'm wondering what made you choose the FW-7551 over the FW-7525 as they appear to have the same CPU (however it doesn't look like all the features are exposed) and is fanless -
asalyer i'm wondering what made you choose the FW-7571 over the FW-7525 as they appear to have the same CPU (however it doesn't look like all the features are exposed) and is fanless
These are all brand new. I don't think the FW-7525 was available when I made this purchase a month+ ago. At least I didn't see it. But you are correct that it does look similar. And the fanless design would be a nice touch for q quiter system (saving you the trouble of modding the fan like I've had to do).
-
These are all brand new. I don't think the FW-7525 was available when I made this purchase a month+ ago. At least I didn't see it. But you are correct that it does look similar. And the fanless design would be a nice touch for q quiter system (saving you the trouble of modding the fan like I've had to do).
might have to get prices on all of these models. how did you place your order? i dont see anywhere on their website to do this.
looks like the FW7571 uses the 4-core cpu and the FW7573 uses the 8 core both appear to have the PCI-E slot exposed aswell for anyone that needs it. its good to see one manufacturer having a full rage like this.
assuming the FW7573 is a C2758 cpu i wonder how it would compare to supermicro or the box sold by pfsense -
assuming the FW7573 is a C2758 cpu i wonder how it would compare to supermicro or the box sold by pfsense
Because it's not sold by us, it's definitely incomparable.
1 - Ours is fully-tested hardware that will be comprehensively tested on every future release for the lifetime of the hardware, so you can upgrade with confidence. Also points to a hardware-specific image for upgrade purposes, so you get the best tweaks available for a specific hardware platform.
2 - Ours includes support, comes pre-installed, and you can buy it on our website right now and it'll ship same or next business day depending on order timing. With Lanner, you're going to be jumping through hoops with a sales person trying to buy a box. Then you get it, have to install it yourself, assign the NICsI'm sure it's a cheaper box in the immediate purchase cost, but:
- what's your time worth?
- what's that lowered risk of breaking your network worth?
- what's the potential for increased performance, or at least the assurance of ongoing settings appropriate to maximum performance with that piece of hardware, worth?
To a home user, maybe not so much. If you're doing anything remotely serious, it's easy to put numbers on it where paying more is ultimately cheaper (unless you consider your time worth $0, and put a $0 cost on downtime).
-
@cmb:
Because it's not sold by us, it's definitely incomparable.
1 - Ours is fully-tested hardware that will be comprehensively tested on every future release for the lifetime of the hardware, so you can upgrade with confidence. Also points to a hardware-specific image for upgrade purposes, so you get the best tweaks available for a specific hardware platform.
2 - Ours includes support, comes pre-installed, and you can buy it on our website right now and it'll ship same or next business day depending on order timing. With Lanner, you're going to be jumping through hoops with a sales person trying to buy a box. Then you get it, have to install it yourself, assign the NICsI'm sure it's a cheaper box in the immediate purchase cost, but:
- what's your time worth?
- what's that lowered risk of breaking your network worth?
- what's the potential for increased performance, or at least the assurance of ongoing settings appropriate to maximum performance with that piece of hardware, worth?
To a home user, maybe not so much. If you're doing anything remotely serious, it's easy to put numbers on it where paying more is ultimately cheaper (unless you consider your time worth $0, and put a $0 cost on downtime).
for all these reasons and just to support the pfsense project i would much rather buy direct from pfsense/ESF (the form factor looks ideal for me as well) but i can't justify an 8 core system for a firewall at home. If a 2 core box with intel NICs was offered by pfsense/ESF for a reasonable price I would be ordering it straight away.
The T40E2 looks like step backwards for me as im currently using a microserver N40L.
-
@cmb:
assuming the FW7573 is a C2758 cpu i wonder how it would compare to supermicro or the box sold by pfsense
2 - Ours includes support, comes pre-installed, and you can buy it on our website right now and it'll ship same or next business day depending on order timing. With Lanner, you're going to be jumping through hoops with a sales person trying to buy a box. Then you get it, have to install it yourself, assign the NICs
For what it's worth, I've never had any issues ordering from Lanner, though their shipping is sometimes a bit slow because they rarely have everything I want in stock. Where they fall short compared to you guys, to your points, is on post-sales support.
I'd have bought from you guys if you had hardware that would have met my needs. Instead I'll just have to stick with my support agreement. Consider this a request to build out the list of supported platforms, both for home and for business uses.
-
might have to get prices on all of these models. how did you place your order? i dont see anywhere on their website to do this.
You just need to email the Lanner sales address and work directly with a sales person via either email or phone. It was fairly painless, but it does require interacting directly with another human, and tehre lead time is often a few weeks. ;-)
For future reference, I'd be interested to see prices on the other units as well, so if you get them, can you repost them here?
You can generally buy the units bare bones (as I did) and then add your own RAM, SSD, etc, or Lanner can ship the unit with the extras pre-installed for additional cost.
-
@cmb:
Because it's not sold by us, it's definitely incomparable.
1 - Ours is fully-tested hardware that will be comprehensively tested on every future release for the lifetime of the hardware, so you can upgrade with confidence. Also points to a hardware-specific image for upgrade purposes, so you get the best tweaks available for a specific hardware platform.
2 - Ours includes support, comes pre-installed, and you can buy it on our website right now and it'll ship same or next business day depending on order timing. With Lanner, you're going to be jumping through hoops with a sales person trying to buy a box. Then you get it, have to install it yourself, assign the NICsI'm sure it's a cheaper box in the immediate purchase cost, but:
- what's your time worth?
- what's that lowered risk of breaking your network worth?
- what's the potential for increased performance, or at least the assurance of ongoing settings appropriate to maximum performance with that piece of hardware, worth?
To a home user, maybe not so much. If you're doing anything remotely serious, it's easy to put numbers on it where paying more is ultimately cheaper (unless you consider your time worth $0, and put a $0 cost on downtime).
I potentially would have bough directly from pfsense/ESF, but I wanted a Rangeley Atom box for future proofing (and to support non-pfsense uses down the road if need be, the VT-X support, etc makes it a good general purpose microserver if I get to a place where I no longer need it as a firewall). If ESF sold a Rangeley box with 5 to 6 gigabit Ethernet ports in the $400 to $600 range, I probably would have gone for that. But the current ESF/pfsense hardware selections don't really seem all that state of the art or future proofed (e.g. virtualization support, AES-NI, Intel NICs, etc), at least in terms of desktop, non-rack mount hardware.
