Almost a Decade in the Making Our Fanless Intel i3-N305 2.5GbE Firewall Review

31

Fanless 4x 2.5GbE Intel Core i3-N305 Internal Hardware Overview

Inside the unit, we get a familiar layout for the Intel Core i3-N305 unit versus the N100 and N200 units we looked at previously.

CWWK N305 4x 2.5GbE Internal Barebones
CWWK N305 4x 2.5GbE Internal Barebones

We get a primary M.2 slot. Our unit had a 128GB Faspeed P8 NVMe SSD. If one orders a barebones, there are some amazing deals on low-cost 512GB and 1TB M.2 SSDs, so we would probably suggest going that route.

CWWK N305 4x 2.5GbE Fasepeed 128GB NVMe M.2
CWWK N305 4x 2.5GbE Fasepeed 128GB NVMe M.2

Memory in the unit is a Samsung 8GB DDR5 SODIMM. If we were configuring this ourselves again from barebones, we would probably get a 16GB SODIMM. With only one SODIMM slot, the expansion is limited to a single DDR5 unit. We get 50% more bandwidth with DDR5, but only half of the channels as previous generations.

CWWK N305 4x 2.5GbE Samsung DDR5 4800
CWWK N305 4x 2.5GbE Samsung DDR5 4800

While we are tempted to upgrade, the 8GB/128GB is a strong firewall configuration.

The chassis has a plate that goes from the Intel Core i3-N305 to the chassis to passively cool the CPU. If you have one of these fanless units, and you are seeing very high temperatures, the chances are that there is an issue with the contact between the motherboard and the chassis here.

CWWK N305 4x 2.5GbE Front Sides Off
CWWK N305 4x 2.5GbE Front Sides Off

This unit also has the Intel i226-V NICs on the CPU side with their own block. The Intel i226-V was an update to the i225-V not just in logic, but also with lower power consumption. Both moving the NICs to have more direct cooling and away from the SSD and memory is a good choice.

CWWK N305 4x 2.5GbE Rear Sides Off
CWWK N305 4x 2.5GbE Rear Sides Off

Next, let us discuss the new expansion options in the chassis.

Starting the x86 Pi Ecosystem of Expansion

The CWWK folks have realized they have a platform that they can expand and get more use cases for. We have seen some attempts at this previously, but there is a small H-board that comes from the WiFi slot and offers a second, lower-speed M.2 slot for storage in the chassis.

CWWK N305 4x 2.5GbE Internal Overview With Original M.2 H Board
CWWK N305 4x 2.5GbE Internal Overview With Original M.2 H Board

The Topton one had a similar board but with a smaller connection between the long sides of what we call the “H-board.”

Topton N305 4x 2.5GbE Internal M.2 H Board 1
Topton N305 4x 2.5GbE Internal M.2 H Board 1

With our unit, we got an early expansion board with more features. Namely, this board has a M.2 slot but also a mSATA slot and a SATA port.

CWWK N305 4x 2.5GbE Second M.2 Expansion SATA Board
CWWK N305 4x 2.5GbE Second M.2 Expansion SATA Board

One can use the set of four onboard switches to determine which of these ports is active.

CWWK N305 4x 2.5GbE Second M.2 Expansion SATA Board Installed
CWWK N305 4x 2.5GbE Second M.2 Expansion SATA Board Installed

The initial unit CWWK sent was rough. Here is the back of the new H-board.

CWWK N305 4x 2.5GbE Second M.2 Expansion SATA Board Back
CWWK N305 4x 2.5GbE Second M.2 Expansion SATA Board Back

Here is the updated unit that arrived in an envelope just before this review went live. We can see, for example, that the new board has tape on the back to prevent shorts.

CWWK M.2 Expansion Board 1 1
CWWK M.2 Expansion Board 1 1

Here is the other side of the newer board.

CWWK M.2 Expansion Board 1 2
CWWK M.2 Expansion Board 1 2

That was not the only expansion board. There was another one in this envelope for the M.2 2280 slot. The board had a M.2 2280 board with a number of pins. The pins are connected to a larger 4x M.2 SSD board.

CWWK M.2 Expansion Board 2 1
CWWK M.2 Expansion Board 2 1

We saw the chip on there and did not know what it was.

CWWK M.2 Expansion Board 2 2
CWWK M.2 Expansion Board 2 2

The best we could find is that it is a TBUF0308 from Silicon Innovation.

Silicon Innovation TBUF0308
Silicon Innovation TBUF0308

Here is the back side of the assembly.

CWWK M.2 Expansion Board 2 4
CWWK M.2 Expansion Board 2 4

Here is another angle.

CWWK M.2 Expansion Board 2 3
CWWK M.2 Expansion Board 2 3

We are not going to go into this one too much in this review. It works, but cooling is a significant challenge. This will likely be its own piece later.

Next, let us get to the performance.

31 COMMENTS

  1. I promise I’ve been reading. I’ve known for months what a TF slot is. However – WTF is “a recessed G button” ???

  2. @Slash Its what you hit to turn the hot unit on.

    Any hint of these ever coming with ECC? Time for a new few devices but that last bit just seems like it no longer is in play.

  3. This cpu looks to be an amazing powerhouse with a thermal envelope that is reasonable. I have been looking for something like this since the day of the old atoms. Hopefully it ends up in a pot of devices

  4. Looks like where Huawei failed (to conquer network of democratic countries), CWWK is set to continue (at least from the SOHO side). And STH plays nicely along. Yet, a ton of alternatives exists either made in Taiwan (or if this is too close to P.R.C. for you) then even in EU (do not follow domestic makers in USA hence can’t mention that).
    What a pity…

  5. Regarding SATA data connector on H-Board – is on mainboard output for SATA power? And if so, is only 5V for laptop hdd or is also 12V for 3.5″ drives? Thanks

  6. Have you tested these N series processors with more than 16GB of RAM? There are some options in AliExpress offered with up to 32GB but Intel says they only support up to 16GB

  7. KarlG,
    It’s one thing to point out / remind people that networking devices from the P.R.C. might be compromised. It’s far different to accuse Patrick and STH of being complicit on their own site.

  8. If I’m a government trying to get into networks I’m not going after the customers buying $300 devices. I’m going after the Lenovo customers. Dell and HPE’s are made in China as well.

    I don’t know KarelG if you’re not shouting Lenovo is unbuyable by anyone on every website I don’t get what that is all about either like HerbM.

  9. Hello, I would be very interested in the review of the CWWK M.2 Expansion Board 2.1. For me, the ideal configuration is 1x 2.5 Gbit ethernet or 1x SFP+, 2-4x SATA and M.2 Expansion Board 4x NVME.

  10. If the OEM (CWWK?) would offer a CoreBoot BIOS it would help alleviate some of these conspiracy type theories that everything is a target.

  11. Today?

    Protectli have had 2.5Gb ports for a while now. I run one. Tbf, it’s a celeron, but it has more than enough oomph.

  12. I have no reference for CPU power needed for firewalls, are units with this CPU good enough for a 2man household office with bunch of 1gigabit wan traffic and 2.5gbe lan traffic?

  13. @ saeris – This is far in excess of what you would need. My previous gen J4125 is more than adequate and the N100 that replaced it can run the FW and 5-6 small VMs alongside it and still not use more than 10% CPU unless you start using intrusion detection etc.

  14. Would you be able to test the CWWK M2 expansion board in a different mini pc like the beelink pro? I’m really curious if the board would fit in other systems, maybe one that is more actively cooled.

  15. I know I’m a broken record, but how nice it would be if Intel would include vPro Advanced on these chips so that we could get remote controle without having to get an PiKVM. An Aspeed implementation will use too much power (7-9w).

  16. Would you recommend this unit instead of the i5-1235U in the same chassis for a proxmox server running a firewall (PFsense), a media server (PLEX) and a few other apps (Lidarr, Readarr, Sonaar etc) – to be used as a Home server?

  17. HerbM and heinrik: yes, HPE and Dell makes their devices in China too. In comparison with Lenovo and CWWK, their devices are still designed in free countries. Besides this HPE offer some supply-chain danger mitigation tactics — Patrick already wrote about it IIRC year ago or so. Those were special HPE servers build in US IIRC. You both seems to be concern by govs’ infra and leaving consumer infra free to P.R.C. Unfrotnately if large attack happen and your whole country consume infrastracture is in the hand of you r enemy, then well, I can only pray for your gov’s infra build with reliable/trusted components but running over the same cables…
    E.g. when flood happen, nobody is safe and tiping point may be quite close.
    So I would be careful even with simple consumer devices.
    Heck, on some other side you may read about car battery volt-meter made in P.R.C. using Bluetooth and app on Android/iOS to report battery health. This device is perfect spy as it scans wifis around and call back to China with what it found. It’s possible due to app requiring excess permissions for its core business. And that’s just silly device for few bucks. No imagine P.R.C. made EVs, what the hell may go wrong here…
    So be careful.

  18. Could you link to ram that works with this board? Typically manufacturers have a supported ram list, but not even sure how to look this up for these boards.

  19. I’m sorry but any board with the buggy I-225 or I-226 chipset is instantly a blocker. Google the chipset issues if you want to find out more, but they have been trying to fix it for three years now.

  20. Am I the only one furious that these Alder Lake-N CPUs exist, and yet Synology chose ancient Intel and embedded AMD trash for their ’23 refreshes?

  21. Not that anyone cares..

    using an M.2 breakout Adaptor to PCIe 3.0 x4 one can hook up some nice SFP+ Cards..
    in my case an Intel X520-DA2 10 Gigabit 10GBe SFP+

    it wont probably cut the same as a
    https://www.servethehome.com/this-gowin-r86s-pro-is-an-everything-revolution-with-25gbe-and-2-5gbe/4/
    provided that the card uses PCIe 2.0 x8

    but still, it adds some dearly missing dual SFP+ connectivity, far superior and more common than 2.5 GbE connectivity..

    It is a great N305 system, superior to the
    https://www.servethehome.com/new-4x-2-5gbe-and-2x-10gbe-intel-core-firewall-and-virtualization-appliance/4/

  22. A few weird items that make me feel off in using these for a firewall:
    – FreeBSD 14.0 and VMWARE 8.0u2 both show the presence of, but difficulty connecting to the TPM 2.0 module. This is a serious red flag for hardware capable of manipulating or snooping on secure traffic keys, such as VPNs and browser SSL
    – Units shipping today still have BIOS containing the LogoFail vulnerability; the company has not published an update to fix this and other major BIOS and ME issues
    – When clicking the CWWK website’s support link, Norton blocks the link due to suspicious activity
    – CWWK neither has non-Chinese language manuals or support sites hosting BIOS and Firmware outside of China. This is a significant software supply chain concern, as the CCP and state-sponsored hacking groups have ongoing access to manipulate software (See Double Dragon, APT41, BARIUM, Axiom, Winnti, Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie, Blackfly, Brass Typhoon, … )

  23. Anyone know how to disable the SD reader. I have no idea where else to ask, but it seems that may be a fix for higher than expected iowait, I have gone over each bios setting and cannot see to find anything. If anyone has any ideas please let me know.

  24. In case anyone ends up here looking for the same as card solution. I just ended up putting a SD card in the slot and the Iowait went away. Apparently you don’t have to use it just have something in the slot.

  25. I took the recommendation to buy two of these systems and am quite disappointed. Only one of them works properly. One is missing half of its network PCI devices. The support site is horrible–even if you can manage translating the chineese to figure out what is going on.
    The BIOS and UEFI appear broken; many setting changes are not saved. I’ve worked as an engineer for companies that ship servers, so I know my way around, but even I couldn’t figure out how to get this device to work properly. For now I have one sketchy server that works, and one that only half works.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.