Netgate FW-7541D rack mount system - mini review
-
I just discovered the Netgate FW-7541D rack mount system the other day. It looked great for a number of reasons:
- it's a pfSense certified system… hopefully my buying one supports some of the pfSense developers
- pfSense is pre-loaded (embedded version)
- small footprint, low power
- it is an affordable rack mount system at $618
- has some cool features like a screw-in power supply plug, apparently 3G support as well with an optional card?
- Netgate sponsors BSDCan in Ottawa. That's a great conference that I've been to.
- it exactly met my minimum hw requirements which were: GigE, 2Gb RAM, low power Intel Atom CPU, and support for a SATA disk.
This is intended for a small business that has a requirement for Snort today and maybe Squid in the future, in addition to standard pfSense features. Being new to pfSense but not FreeBSD, I was interested in the recommended hardware vendors and especially recommended single board computers. From what I read, most of these small systems don't have enough power or memory to run Snort, or else don't work well with a CF flash disk due to Snort disk activity. And most still have fast ethernet connections not GigE. But this config fit the bill, low power and fanless 1U but still supports a SATA disk.
I placed an order and it shipped next day with overnight shipping to Canada. Sweet. The box is small and made of metal, it's well built and high quality. There are no moving parts, no fans etc. I originally wanted to build my own system with similar specs but I just couldn't build one this small using commodity parts, and a white box 1U rack mount system is kind of annoying to build myself and wouldn't be any cheaper anyway. There are less expensive options if you don't need GigE or a SATA disk but I do.
Of course the first thing I did was take the box apart. I'm not sure why but I love single board computers! This is a nice purpose-built system. I quickly installed a small SSD hard disk for Snort and was ready to rock. There's an excellent Quick Start guide, complete manual, and even a guide to installing a full version (non-embedded) version of pfSense onto a hard drive. That last one was helpful since I had a VGA cable to plug into the board but didn't had a SATA DVD/CD drive. I unsure if the device could boot from USB, so I needed to install pfSense using a different computer, then change the fstab and then reinstall the drive into the box. Following the instruction guide was easy, it's missing a few little details that might trip up newbies but overall is pretty good. I verified the system was working and then quickly installed the Snort package. Off to the races.
A little background about me. No affiliation to Netgate or BSD Perimeter. I've used FreeBSD for about ten years and OpenBSD prior to that but have just started with pfSense. The pfSense package system is cool and I love the web interface. Until now I was running on old repurposed hardware that was failing, and being sick and tired of unreliable hardware causing me grief I thought I'd try out a proper rack mount system. So far so good. The unit does get warm after a bit of usage, I'm sure that's normal. After a good workout with Snort over the next few days I'll see if it gets hot... I've got a 100MB connection and require Snort because I sometime need to visit hostile web sites. That's it for now.
Thanks,
Kelly -
I am very interested in the FW-7541 myself having deployed a handful of FW-7535's (previous Atom D510 based model) and overall being quite happy with them. Please do post more details on your experience with this unit when you have the time.
-
I am very interested in the FW-7541 myself having deployed a handful of FW-7535's (previous Atom D510 based model) and overall being quite happy with them. Please do post more details on your experience with this unit when you have the time.
I have some experience with the new Lanner stuff… I have deployed 1/2 dozen of the FW-7541, and also a bunch of FW-7535's.. All in all I would say that if you have used the 7535 you will know what to expect with the 7541. With a few improvements over the previous model.
#1 Most obvious difference is that the CPU is an Atom D525 vs a D510, or in other words it runs at 1.8Ghz vs 1.66Ghz. Besides that there is no addition CPU features like crypto acceleration or any other fancy microcode in there that I am aware of.
#2 The passively cooled version of the FW-7541 does NOT seem to give off any more heat than its predecessor.
#3 The FW-7541 uses DDR3 SODIMM's, not the older DDR2 used in the FW-7535. Since it is using DDR3 I would surmise that the supporting chipset is also a generation more modern than its predecessor.
Regards,
Richard Graver
-
Looks like another solid device from Lanner. Ok will definitely be picking one of these up for my next firewall project.
-
Nice review, and looks like pretty cool HW as well.
-
I like it. No moving parts.
-
Frankly speaking.. I don't see how $618 for a mere Atom system with 2GB RAM is considered affordable.
A good powerful i3 system with 4GB of RAM can be built for much less price than that.
-
Its a question of ultimate reliability vs power. Anything without a fan can be installed and forgotten about.
This thing isn't near as powerful as my old system, but it would probability be ubber reliability unattended.
But yeah - for $600, I can keep a fan clean at home. Unattended, I like this one better. -
You are also paying for the fact that it's pre-assembled and tested and that it's been certified by the dev team as being all pfSense compatible. Those things can be worth a lot depending on your requirements.
Steve
-
After a good workout with Snort over the next few days I'll see if it gets hot… I've got a 100MB connection and require Snort because I sometime need to visit hostile web sites.
Hey Kelly
Would you mind updating us on how Snort fared on your 100Mbit connection on this 7541? I've got a similar situation and was wondering if this low-power system was up to the challenge of running IPS at such high speeds without sacrificing too much performance. Thank you -
Frankly speaking.. I don't see how $618 for a mere Atom system with 2GB RAM is considered affordable.
A good powerful i3 system with 4GB of RAM can be built for much less price than that.
I wouldn't call it a "mere" atom system. Figure the cost of a supermicro 1U atom w/onboard Intel + RAM + Storage + new 4-port Intel NIC ($300-400 in some cases!), it would land somewhere in the same neighborhood, plus it wouldn't have the same level of integration and testing.
It's a great little box for what it does. Sure, not everyone needs that level of embedded system with that many NICs, but for those that do, it's worth the money.
Also not everyone is into building their own servers and they want something pre-loaded that's guaranteed to run and run well.
-
I'm figuring its a cold running processor with probably all solid caps on the board and loads of aluminium to keep the heat away with no moving parts. I figure its a machine for people who can't risk things not working.
-
I understand you are trying to support the company.. but just being honest (its my take) atom motherboards barely need any integration. CPU is already attached to the mobo.. no fans with passive CPU cooling it many of them. Just add RAM, HDD, NIC and plug in the PSU (no rocket science)
I would rather learn how to assemble a system rather than paying premium for a snail.
Same take on Apple Macbooks.. all companies offer 1 yr hardware warranties with additional warranty for $$. I can't find the excuse on paying more than double (may be at times triple) the cost for a less powerful laptop than Sony, HP, Asus..etc offer. No drivers issues on Mac is just coz they have nothing else to offer except one set of hardware.
-
After a good workout with Snort over the next few days I'll see if it gets hot… I've got a 100MB connection and require Snort because I sometime need to visit hostile web sites.
Hey Kelly
Would you mind updating us on how Snort fared on your 100Mbit connection on this 7541? I've got a similar situation and was wondering if this low-power system was up to the challenge of running IPS at such high speeds without sacrificing too much performance. Thank youSure, it has been working pretty well and I've been happy with it. I'm running Snort with the paid VRT rules and the Emerging Threats database and it's configured with the IPS policy of Security, so it looks at everything. Performance "feels" very good but I haven't done any formal tests. I had to configure Snort with the "ACS" performance profile because the daemon just wouldn't keep running if I tried a higher performance setting. I suspect it was running out of memory, I only have 2 GB installed. One day I'll pickup another DIMM and try a new setting. I only have up to about 5 people on the system at once, and often just one or two people, but I'm a heavy user and work in IT so I figure I've given it a pretty good workout for one person. :)
Overall I've been pretty happy with things… that is, up until the pfsense 2.1 release, which killed my system and left me with hours of troubleshooting... that's another discussion altogether and I'm starting a separate thread about that later tonight to ask for some help...
Sorry for the late reply.
Kelly
-
Frankly speaking.. I don't see how $618 for a mere Atom system with 2GB RAM is considered affordable.
A good powerful i3 system with 4GB of RAM can be built for much less price than that.
I don't disagree but I wanted a rack mount system, and it's not so much fun to build a rack mount 1U whitebox… having done that before, I told myself never again... :)
-
Frankly speaking.. I don't see how $618 for a mere Atom system with 2GB RAM is considered affordable.
A good powerful i3 system with 4GB of RAM can be built for much less price than that.
I don't disagree but I wanted a rack mount system, and it's not so much fun to build a rack mount 1U whitebox… having done that before, I told myself never again... :)
Did you check out http://www.plinkusa.net/
All parts are listed. Straight forward shopping for all 1U parts. Easy assembly ;) .. lastly.. cheaper and way powerful than Netgate. 8)
-
Did you check out http://www.plinkusa.net/
All parts are listed. Straight forward shopping for all 1U parts. Easy assembly ;) .. lastly.. cheaper and way powerful than Netgate. 8)
Thanks for that link, I haven't seen simple 1U cases and power supplies like that before. Their cases and power supplies look neat enough that I might be brave enough to build another whitebox 1U server one day.
However another big reason I bought the FW-7541 was simplicity, it's a single board computer with no moving parts so I believe it should be more reliable than other more complex systems that have many moving parts. The Atom processor is plenty power for my needs, I get good speeds on GigE, my Snort IPS works well, and it doesn't consume much power so it runs longer on my UPS when the power is out.
Now if I could just get the system to support pfSense 2.1… I'm stuck on 2.0.3 for the time being, since I use a non-standard config with a full install of pfSense (instead of the embedded version it shipped with), and an external SSD instead of the built-in CF card. It sounds like Netgate is working on an update.
Incidentally, the motherboard has 3G capabilities. Does anyone know what the 3G can be used for? I have visions of using this firewall at the cottage one day over 3G (some remote places up here in the mountains have no high-speed internet)...
thanks,
Kelly -
You mean it has a SIM card slot? Interestingly I can't find that referenced anywhere. It's probably so you can use a mini-PCIe modem, as you would in a laptop/netbook.
Steve
-
Hello,
Just a quick question:)
The 6 LAN ports can they be changed to wan ports, as I have 4 ADSL at home and need to load balance between them, today I have pfsense setup on an old computer with 4 port network card and using the motherboard lan back to the switch ??
-
Yes, pfSense just sees them as NICs. You can assign them to WANs or LANs or configure a more complex setup that blurs the lines. :)
Steve