Messages

Check this ASUS P11C-I as well, I like the Supermicros better, but if you don't need integrated IPMI or DC power supply, this might be nice as well: https://www.asus.com/us/Commercial-Servers-Workstations/P11C-I/

That actually comes with a 200W Gold level PSU and doesn't seem stupidly expensive so that would probably be the best option..?

I'm not sure about it, it's good for sure even for server build, but that would be overkill for a firewall. I run this xeon d1521 with picoPSU in my NAS/virtualisation lab and I use 90Watt external power supply for notebooks which should have about 87-90% power efficiency, I have it with 2-3 sata drives attached. So for firewall may be only 60Watt supply will do, with 90-120watt you're 100% sure. The picoPSU isn't even necessary, you need just the p4 to jack connector as this board is made to accept DC straight away. I got picoPSU left over from some past build, so I've used it, because in my country nobody sells P4 to DC jack conectors, so I would have to order it from Germany, which makes no sense for part which costs about 4 EUR...

This Tyan serie is funny, no IPMI, so - extra 6W consumption, no redundant ports, nothing unuseful in the package:
TYAN S3227 (S32272NR-C538) made to be firewall: https://www.tyan.com/Motherboards_S3227_S32272NR-C538
Just too little ports imho..and installing it must be hassle for home user...

I feel like the barebones are overpriced...
In general I like the i3 idea for high performance firewall builds.
What about using just 8GB ram, 16GB seems to be just too much for most cases. I have 16 GB by my self and I use only 4GB and out of it about 2,5 GB for Ram disk only.
450W PSU and 67W TDP CPU makes no sense it will be so ineffective, tha what you save on HW, you'll pay for electricity. Let's asume your build will consume about 50W average, with 80% PSU efficiency, it will be 62Watts. With 60 Watt external brick and SoC your average consumption won't be higher than 20W. That's 42Watt difference, now calculate the electricity price for 5 years, that's 42x 24x 365x 5/ 1000x 0,19 = 349 USD in my country. The question would be, how much extra performance will you get on purpose build SoC if you pay 349USD more :) why just not buy something like this for performance: https://www.supermicro.com/products/motherboard/Xeon/D/X10SDV-4C-TLN2F.cfm this should be about 6900 PassMark points, but much more efficient and and you could use this to power it https://www.logicsupply.com/cbl-pwrpd73/

Many people think that ECC makes sense for handling critical data within a datastorage only. But they forget that operating systems run on RAM too, so whenever there's ram error your system might crash and for me that resiliency against crashes is very important. In fact I do use ramdisk in Pfsense and ZFS-mirror for dual USB boot media. Because what I add extra for ram, I save on storage. Backing up the config once a 24 hours isn't a huge load on that flash sticks.
Almost ideal complete build, just add ram and whatever storage.
https://www.supermicro.com/products/system/Mini-ITX/SYS-E200-9A.cfm

According to this benchmark, the c2558 and n3710 are similar, but the later is worse...so it depends on workload, but the g4900t should be 30% better:
https://m.cpubenchmark.net/cpu_list.php
For OpenVPN single core performance is more important than multi thread performance. According to their documentation, you can count 20Hz for every Mbps in single direction with AES-NI enabled. So Celeron should give about 145Mbps down, atom N max 125Mbps and C should give about 110Mbps performance maximum. These numbers are very acceptable for me, as anything beyond 100Mbps is beyond my reach, where I live. Even when I had 100Mbps connection it was so fast, that I didn't really cared when downgrading to 60Mbps in the past.

You're right It probably performs marginally better, but lacks ECC...I would exchange stability for couple percent of performance for sure. I had non ECC build with celeron G1610T in the past and I had to hard restart it once a week, with ECC and Xeon the issues stopped...this experience taught me to use server grade HW for firewalls...even Cisco and Netgate uses C series Atoms in their networking products.

It's a really outdated board with non ECC RAM ddr3 ram, for the sake of stability a would rather buy something, with ecc. This costs the same money and should run faster:
https://www.supermicro.com/products/motherboard/atom/A2SDi-2C-HLN4F.cfm
C3338 has only 2 cores, but based on benchmarks it's faster than C2558, which I would expect to be similar as N3710 which have 4 cores.
https://www.servethehome.com/intel-atom-c3338-benchmarks-why-denverton-is-so-sweet/

Yeah with i3-8100 it should idle bellow 30 Watts I think, based on this review: https://www.servethehome.com/intel-core-i3-8100-benchmarks-and-review-low-cost-server-processor/3/
I think this is price/performance killer, but I will go for the Celeron G4900T and ECC Ram. As my connection is about 40Mbps only and I use currently very old Xeon CPU E3-1220L V2 with Suricata, OpenVPN client and server, shaping and about 30 clients my CPU usage was never above 15%. So I hope I could manage up to 100mbps openVPN session with celeron.

What about these for that matter, has anyone tested them? I think this is better than Asus as it has IPMI inbuilt without having to buy an extra module and with celeron G4900T it would be cheap and it would perform fairly well, while still having ECC memory:
X11SCL-iF https://www.supermicro.com/products/motherboard/X11/X11SCL-iF.cfm
Personally I would buy this one, but I've seen no performance reports on that one:
A2SDi-2C-HLN4F https://www.supermicro.com/products/motherboard/atom/A2SDi-2C-HLN4F.cfm
And Netgate seems to use these processors:
A2SDi-4C-HLN4F https://www.supermicro.com/products/motherboard/atom/A2SDi-4C-HLN4F.cfm
I think it's possible to power it with a DC adapter only when buying P4 to jack adapter, so it will be very efficient...