N150 / N355 good fits?

Started by Billy2010, November 23, 2025, 06:59:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 23, 2025, 06:59:34 PM Last Edit: November 23, 2025, 07:46:09 PM by Billy2010
Soon we will make the swith to a 8,5G fiber connection.
The main switch is a Mikrotik 10G
Behind it are 2 more 1G switches.
Connected to the network that are :
2 servers (10G), 8 workstations (Mix of 10G, 2.5G, 1G), 6 mobile devices, 16 iot devices (1G,100M).
Split in 3 vlans.

I am now looking to run opnsense with zenarmor on a baremetal (I ran it on my PE homeserver but thats 100W) to sit between the modem and the main switch.
The main purpose is ofcourse FW/IDS.
But if its "capable" of having more bells and whistles then thats just better.

I have been browseing around and keep coming across these N150/N355 devices.
Most of these devices(CWWK/MNBOXCONET..) have 2x sfp+ and 2x2.5G connections.
But I also came across ROUAFWIT which seems to have 2x2SFP+ and 4x2.5G. I have seen these boxes with other hardware aswell.

I have listed these with 32Gb ram + 1T ssd:
N150 (+-450€)
N355 (+-560€)
N355 (+-704€) <- the one with 4x2.5G instead of 2x.
i5 1334U (850€) 4x2.5G, 20pci lanes vs 9.

Ofcourse I now have a few questions.

1. Are aforementioned devices capable of functioning as desired (throughput wise etc?
2. With the 4x2.5G one I would add 2 extra ports to my cabinet and I might move the 2 switches that are connected to the main swith to this device directly. Another would temporary serve for the current modem (copper) and one for admin.
3. Any advice with does and dont's?
4. Good alternate devices that are within given budgets with similar or better punch?

Ty.
November 23, 2025, 09:23:08 PM #1
IDK if zenarmor has finally made the jump to being multithreaded, there was a long ongoing discussion about that. If not, then an N355 will probably do nothing at all over an N150, because it only has more cores.

Any type of IDS/IPS will stress the CPU way more than pure routing. With an N150 and without IDS, you should get 10G routing throughput (or close to it, because most 82559-based devices cannot really reach full 10G speed.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
November 23, 2025, 10:07:35 PM #2
That would be big news so I asume they don't.
But lets anticipate they eventually might do so.

I do want that IDS/IPS.

CWWK also has these other boards.
Based on a i5 1335u wich should run at 15W.
And a i7 155h at 28W. I find this a bit much but "maybe ok" it also has a 4x sfp+/4x 2.5G.

Pricewise that 155h starts to move up to that of a minisforum a2 but the latter draws 100W.

 
Today at 05:57:37 AM #3
Do you have a temperature constraint? Because you have enough equipment to make the contribution from any single device... less significant.

I'm going to have to stick a window A/C in my equipment room (to supplement the main system), but I'm in Texas, where the average high is about 35C in the summer. But then power is $.15/kWh.
Today at 06:15:24 AM #4
If you take the buy-once approach, the i5 would be my choice. Better to have the bigger/better engine for when the wheels get onto the autobahn. ;)
Mini-pc N150 i226v x520, FREEDOM
Today at 02:36:44 PM #5
Quote from: meyergru on November 23, 2025, 09:23:08 PMIDK if zenarmor has finally made the jump to being multithreaded, there was a long ongoing discussion about that. If not, then an N355 will probably do nothing at all over an N150, because it only has more cores.

Any type of IDS/IPS will stress the CPU way more than pure routing. With an N150 and without IDS, you should get 10G routing throughput (or close to it, because most 82559-based devices cannot really reach full 10G speed.


I will added here the blanks to @meyergru response.

ZA still doesn't officially support multi-core. Its in development. Further more it seems they will really go with a pay wall for this feature.
You can read the following and make your own opinion > https://forum.opnsense.org/index.php?topic=41295.0

N355 Single core performance is bit better than the N150. So granted the performance on ZA should be bit better, but don't expect 10G throughput. I am currently unaware of any cheap low powered CPU that could handle this. And I would argue that not even the official DEC can do it. (Maybe the devs did test the enterprise classed DECs and can confirm? :))

If you don't use non-multicore based IDSes you have a chance to get 10G throughput. The N100/N150 can handle 2.5G throughput on single core without IDS.

Quote from: Billy2010 on November 23, 2025, 06:59:34 PMI have listed these with 32Gb ram + 1T ssd:
N150 (+-450€)
N355 (+-560€)
N355 (+-704€) <- the one with 4x2.5G instead of 2x.
i5 1334U (850€) 4x2.5G, 20pci lanes vs 9.

These prices are crazy. I bought like last week for LAB a N355 2x10G AQC113 + 4x2.5G i226-V for way less providing my own RAM and NVME.

Regards,
S.

Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Today at 09:26:29 PM #6
@pfry No, i don't have temp constraints. The hardware is spread out.

@Seismus thanks for pointing out, it indeed seems to be for the higher tiers and and thus not affordable.
Are there good alternatives to Zenarmor?
Or are there better solutions offering this kind of configuration.
A dream machine pro max also has 5G with ids. And thats not even per core it seems on first glance.

Would you suggest the i5 1335u (1334u was a typo).
They also have a H155 (6P+8E+2le cores).

Yes the prices are insane. Everything is. Ram is becoming super expensive.

Or should I dedicate my minisforum ms-a2 to it? Then I need a second one. But thats an energy sucker.

Or otherwise put, knowing what I am looking for, what would you advice? (Does not has to be on this list.)
Print
Go Up Pages1
User actions