OPNsense on Zotac Zbox CI337 nano: no reliable uptime (a week of testing)

[OmnomBánhmì]

For people searching for a low price fanless box to run OPNsense on, I can comment on what maybe not to buy. YMMV, but my idea was to buy another Zotac Zbox, since I run a large handful of these in older hardware iterations (CI327 nano) with N3450 for branch offices as failover since ca. 2018. So it seemed a safe bet.

TL;DR Experiments failed with the CI337 nano.

For context, the N3450s all work nicely with lines up to symmetric 1 gbps speeds, most offices have lower bandwidths though. However they all max out at around 640mbps. Unsure why that is, however I didn't care too much since these boxes are companion failover to DEC740 devices that do handle everything we throw at it without hiccup. So failover barely happened in a handful of years and if it did the CI327 nano was good enough for the specific purpose.

There's Realtek chips in the CI327 nano as well as the newer CI337 nano. So I thought let's get one of those and test on a DOCSIS gigabit. Mixed results here overall, line speed when it works, but no stable connection. Either I get 1 hour of uptime or maybe even 4 or so, but then inevitably b0rkage happens:

• data throughput drops to zero
• OPNsense UI is a no show
• pings to the CI337 might still work though
• ssh login might work, but more often the box does not respond on any TCP port
• its HDMI output goes blank, i.e. I can't see any on-screen messages - if I see any it often repeats emulated netmap adapter rel_vlan entries with either destroyed, created, activated messages. After that repeated I see dropped packages
• a keyboard needs to be connected for a ctrl-alt-delete reset
• box is up again after rebooting, log entries are unremarkable

Looking for answers I found what everyone else may find: the useful posts with caveats here in the forum (heat dissipation, comments re Realtek chips, Intel firmware and microcode, power supply issues), and also comments on amazon re BIOS/UEFI updates. Well, none of what I tried fixed the issue: switch power supply and makeshift usb fan cooling. About 4 hours of uptime was the maximum I got.

So I'm returning this CI337 nano unit to the vendor. What I do like about Zotac is their size and sturdy build. The general reliability of the older model though... whatever, time to move on.

Next up, I'll go for N100 again with Intel i226-v this time. Protectli boxes seem a good next step at the next price level. For our branch offices SFP+ would sure be nice to have for upgrading the failover game, should I make the time for CWWK attempts there's boxes with that too.

I'll keep reading in the forum, thank you meyerguru and everyone who is active here with answers. This post is my 2ct. :)