Intel Celeron J6413 Powered 6x i226 2.5GbE Fanless Firewall Power Consumption
This unit comes with the LiteOn 12V power supply that performs better than other generic brands. We have seen this 48W power supply with a few different units now, and it is better than the generic “Replacement A/C adapter” many of these came with previously.
The J6413 is generally a lower-power device, with less than 12W at idle. Single-threaded we get to around 14-15W. We saw highs in the 19-21W range under heavier multi-threaded workloads.
If you want to see more on the power testing, we show the unit powered on with a power meter in the video.
Key Lessons Learned
The build quality of this unit seems to be quite good. One challenge some may have is that it is using one of the larger passively cooled cases.
Given the choice of a larger chassis or a system that overheats, we will take the larger chassis.
On the software side, Proxmox VE installed without issue, but we could not get the VT-d NIC pass-through working on this unit.
In the video, we also discuss that OpenWRT installed and OPNsense 22.7 installed as well. OPNsense actually came pre-installed since pfSense 2.6 does not support the Intel i226 NIC. That is a pfSense 2.7 feature, so one has to use either a pfSense 2.7 snapshot or wait for that to release if pfSense Plus is not being used.
All told, we think that the N5105 is probably a better value. This is a nice unit, but the J6413 was not benchmarking faster than the N5105, likely because of the lack of L3 cache. When the N5105 units first came out, they used more power and cost more, but were much faster than the J4125. With the J6413, we get similar levels of performance, power, and cost to the N5105, and sometimes the N5105 units are less expensive.
Final Words
Two years ago, a quad-core 6x 2.5GbE NIC machine like this would have been astounding. Now, we have seen so many of these that there are items that give us pause. A great example of that is the mSATA SSD instead of a standard M.2 SSD.
Still, the Intel Celeron J6413 performed reasonably well, and this came with the chassis that we prefer keeping temps cool throughout our testing. As great as something like the R86S is, it is also nice to have a passively cooled unit.
Overall, this unit checked a lot of boxes and worked reasonably well. It just leaves us wanting something a little bit more since there was a transition to a new CPU with the J6413. We want something lower power, lower cost, or something to help us recommend this over a N5105 unit. The cost side may change in the future, but we are probably still going to buy N5105 units in the near term.
Is the Bios or UEFI accessible without a Monitor and Keyboard?
Ok so please don’t hate. This is an honest question which I posted on Redditt and I did get feedback but I am starting to see so many units in use by STH so I have to ask those of you here on your experience. I am not looking for controversy. I am not paranoid. I am trying to be as safe as possible. I am leaning towards protectli units with core boot. The ali express units seems way cheaper but, would I be opening myself up to something bad? I can’t verify the BIOS (as far as I know) and that is what I am most concerned about. I would load pfsense on it from scratch but my weakest link would be the BIOS. Anyone have experience on it? ran packet capture on the WAN side of the low-cost Ali Express boxes? Your help is appreciated.
@Charlie: I wouldn’t trust the site. These look like knock-offs from the actual protectli (near identical) there’s no telling the quality of components or failure rate. If you don’t have a large (less than 30) network I’d go with a Vilfo otherwise if you’d like to future proof it’s expensive (but with many options that are VERY~ customizable), I’d go the protectli route. Happy New Year
Also if you’ve got the space, consider the Dell small form factor machines. There are plenty around second hand after having had an easy life in an office. I put a 100G PCIe x16 card in an Optiplex 7040 SFF to see what it could do, and it reached just over 60 Gbps with pretty much 100% CPU use (across all cores). Given how cheap multi-port 10G cards are now, I’m thinking an old Dell with a few 10G links is a better option than these multi-port 2.5G units of unknown origin and questionable longevity. Dell might not be very exciting but they are pretty robust.
Of course it won’t alleviate your spying concerns, but I’d rather have the Americans spying on me than some other governments…
How are you not getting a kernel panic on IGC with OpenWRT??? Pass some traffic and pull the cable, share what happens.
Does anyone know why this unit would have gone with mSATA rather than m.2 with the typical keying for SATA(B and M, I think)?
I can see why you’d go with SATA in the context, the Celerons are relatively PCIe starved and this design is one where I/O means networking rather than storage, aside from boot and maybe some light logging; but at this point getting mSATA drives is markedly more irksome than getting SATA m.2 drives.
Prevents user confusion? mSATA connectors/drives still cheaper in aliexpress world?
@malvineous: I obviously wouldn’t bet against an adversary who owns the firmware; between everything UEFI can do and everything SMM can do there’s plenty of room for concern; but using expansion card NICs might incidentally provide some protection. It’s typical though not universal for a board’s UEFI to include drivers for onboard NICs(at least enough to do PXE and HTTP/HTTPS boot on the low end, iSCSI for nicer NICs; sometimes a standalone firmware update feature) plus, at least in business stuff, a few external NICs(vendor’s particular blessed USB dongle, dock NICs, etc.); but they rarely include much general-purpose support; so the odds of the firmware being able to do sneaky network stuff behind your back go down significantly if you are using expansion NICs based on a totally different chipset(and even class of chipsets) than the ones on the motherboard.
I certainly wouldn’t use that as a security feature, since it’s not; but the odds that some random desktop motherboard has firmware support to interact with any 100GbE chipset are way, way, lower than the odds that it can chatter merrily away on an i219 or some realtek thing
We’ve got like 50+ of the various versions including 2 of these now that we’ve installed. We used to be a protectli shop.
We haven’t seen any strange packets from these letting them sit and just sniffing.
In terms of quality, some of the protectli units we’ve had are almost just like these. The newer coreboot is nice. I’m thinking that protectli used to just oem units like these
We’ve switched because these are so much cheaper that we can buy spares. These are cheaper than the 6 port 1G Celerons by more than half so you get 3 of these for 2 of the celeron protectli’s and they’re faster.
@fuzzyfuzzyfungus
I’d imagine that mSATA drives are indeed less expensive for the sellers. The relative scarcity of lanes on these CPUs is also likely to be a factor. While mSATA drives of decent brands are getting kind of scarce in the US, I’m sure there are still tons of little unknown-brand ones floating around in Huaqiangbei market.
It’s also possible that small mSATA drives tend to produce less heat than NVMe drives can. That could well be a factor in a small fanless box like these. I also don’t know that an NVMe drive would even add anything over an mSATA drive in terms of performance for this class of box. The larger capacities of NVMe drives may also not be that useful for the average customer of these.
I have one of those unit and I am pretty happy with it. My first home server experience, so still learning, but really positive so far.
Do you know if the mini PCI-E port could be used to connect a mini PCI-E to SATA RAID controller? I would like to expand storage in this way and use it as a NAS.
Also, there is a 3-pin fan socket on the other side of the board which can be accessed from on of the sides. Is in a pretty weird and uncomfortable position and the board needs to be removed in order to access it… but is there! :)
I am so out of the game. But are these celerons better now? I remember the old celerons, Atoms from Intel were pure trash performance wise, and other issues.
Intel Celeron J6413 Underpowered 6x i226 2.5GbE Fanless Firewall Review
As for the paranoid people, if you look at the protectli FW4C then it’s basically the same model, just with a slightly better CPU. They probably are made by the same production company as where the protectli comes from.
I as an European is also slightly hesitant by US made products as I do not know if one of the US agencies have “requested” a backdoor into their products.
This is an intersting box.
I bought this one when trying to find a N5105 with a good price including SSD and Ram the price is not very different from the latest J6413
thanks.
I’ve been through the article twice, but I can’t seem to see anywhere how much traffic can this thing haul? One reason I can think of for buyng a 6-port machine is to avoid having an extra switch. Now, I don’t expect it to hold 30Gbps sustained traffic, but still, how much can it hold?
These units are terrible! I grabbed a VNOPN (cheap china crap) from Amazon and it kernel panicked like crazy and failed memtest. Now I can’t get it to post at all. I wish I went with protectli to begin with, now I’m paying double what it should have cost me to upgrade my home router. You should either test these units longer term and only promote them if they’ve been stable for a good long while, or just stop. Setting people up for a bad time with these cheap knockoffs.
I was just coming back to say that we’ve now got 38 of these units running for a few months now and they’re surprisingly stable.
I don’t understand why @Adam is sayin’ this unit’s bad when they bought a different model with a different chip from a different no-name vendor. Is it even the same chassis and chip? I looked because we have so many and I don’t see a VNOPN version of this.