Today we are going to have an unusual piece for STH; we are going to have a double century of a review. We will look at not one but two Intel Core i7-1165G7 fanless firewalls as part of our recent series. Normally we like to do reviews of single products, but this time we have a review of two units at once because they are largely similar, yet with a few important features different between them.
STH Mini PC Overview
The two units we purchased from different Topton vendors via AliExpress over the summer. We were actually going to have a review of the first one before the second came out, and we held the review for that one. Then early August hit (the second was ordered in late July), and our team was on vacation. As a result, we have an accompanying video with a twist. This video also covers a third unit. Here is the video:
The video goes into these two units and the Intel Pentium N6005 version. The common thread is that they all have 6x 2.5GbE ports on them. Expect the accompanying N6005 review to be in the next few weeks. As always, we suggest opening this in its own browser, tab, or app for the best viewing experience.
We purchased these two Topton units at different points this summer. The first one was $539, the second was $525. The prices for both were as barebones units.
The systems we outfit with lower-cost, but more importantly, lower-power WD Blue SN570 NVMe SSDs. If you see Will’s review of that drive, it is not a fast SSD, but it remains cooler than higher-end drives in the market. Typically in fanless systems, we aim for lower power and heat than higher performance.
We also added DIMMs. While usually, we like testing 16GB, 32GB, or 64GB with these, we had two primary configurations. One was a 16GB configuration, and the other was a 12GB configuration. Some of the questions we have received on these units are if they can handle mixed-memory. So we used two DDR4-3200 DIMMs but one 4GB and one 8GB. The system worked fine. While one can theoretically use 2x 32GB in these systems, that adds more DRAM chips and heat, so we wanted to stay away from that configuration.
Next, let us get to the units to see what they are capable of.
6x 2.5GbE Intel Core i7-1165G7 Firewall Hardware Overview
We are going to call this unit the “Good” unit and the other the “Less Good” unit. As you can see from the front of the Good one, we have four USB 3 ports, a HDMI port, and a serial console port.
The less good version has the same layout because, as we will see soon, these have the same motherboards inside.
Here is the other side of the good unit. We can see a DC12V input and six 2.5GbE RJ45 ports.
That is the same on the less good unit.
These units were both sold as Topton units, but they were very different in terms of the chassis. The one we are calling the good unit can be identified by this through hole on the side of the chassis:
After weighing the units, this one was just over 13% heavier than the less good unit. The AliExpress Topton sellers claim better cooling. Some users in the forums have reported things like gaps between the CPUs and chassis on other units. (See the thread here.) While consistency can be quite varied, the newer system being 13% heavier is likely due to more mass on the chassis since the motherboards are the same. That extra mass seems to help with cooling, and that is the big reason we say that one is better than the other.
Next, let us get inside the systems to see what is going on there.
6x 2.5GbE Intel Core i7-1165G7 Firewall Internal Hardware Overview
One other big chassis difference is the bottom cover. Four screws allow you to get inside the systems, but the bottom covers are different. Here is the good unit.
Not only are there perforations on the bottom cover, but many of them are covered by mesh. One can still access the 2.5″ drive mounting holes on this cover without the mesh, but if you did add a 40mm fan, it would require removing or modifying this mesh. Still, we have seen similar covers in the past without this mesh.
The less good unit has a smaller cover, and the cover does not have as much airflow.
Here is the overall layout of the unit’s internal configuration starting with the good unit.
The less good unit has the same motherboard inside. Given that this is the same between the two, other than where the CR2032 battery is placed, we are going to just use the good platform for the rest of this.
Inside we have two SODIMM slots. These are DDR4-3200 SODIMM slots. Again, we used 16GB and 12GB configurations here, but one can put up to 64GB of memory. That feels like a lot of RAM for this platform, and one also needs to be mindful of cooling.
Something interesting here is that the 2.5GbE NICs are Intel i225 SLNMH, so B3 stepping NICs. Some of the 4-port units have been transitioning to the i226. Perhaps the fun part is that in these two 6-port systems, the NICs are on both sides of the motherboard. There are two on the memory and M.2 SSD side. The other four are on the CPU side.
Unlike many of the 4-port units, this does not have a mPCIe slot, but it does have a SIM card slot.
Something that is also different here is that it seems like someone forgot how long a M.2 2280 (80mm) SSD was. Instead of having a SSD placement parallel to the motherboard, it is raised above a small metal platform. It seems like this is there so that the drive does not make contact with the DC barrel jack input or the ETH0 NIC. Here is a view of the WD SSD in this system so you can see how strange this looks:
Another strange part of this is that we have a number of headers that we have seen on other units, except they are a bit different. The SATA port is the same, but the power header is different from most of the 4-port fanless systems we have seen. Also, the fan header is in the same area and is a 3-pin fan header, not a 4-pin. We are unsure why these were not standardized across 4-port and 6-port chassis.
Our units included a cable to attach power and data to a 2.5″ drive.
Next, let us get to performance and power consumption before getting to our key lessons learned and final words.
The M2 slot, it was meant as 2240 and they made this makeshift adapter to 2280?
The version from CWWK seems a bit better;
https://www.aliexpress.com/item/1005004739262428.html
It has a serial console port instead of UTP one. But at least there is propper room for a M2 2280 SSD.
IPS throughput?
For the 6 port units could you post `lspci -tv` output to show the pci topology?
I def would like to know how this would perform with IDS enabled, as well as VPN enabled. I have a large Dell 8th gen i7 desktop, with 16 gig of RAM. It boasts 6 cores and 12 threads. I would love to shrink this footprint but want to ensure these units have adequate performance.
does any one know if these cases can be bought separately?
I bought one of the four port models with an anemic heatsink and would like to swap the motherboard to something more robust.
I bought this:
https://www.aliexpress.com/item/3256804187604377.html
Want this:
https://www.aliexpress.com/item/3256804345487559.html
Can you tell me the Mac address I’m wondering who is the Mac address owner.
Don’t need the entire 12 digits just first 6.
@Artur, in one of the photos: 009027e709f6, seems to be Intel Corp as expected
why spend 500-600 on this when you can get a Ubiquiti Dream Machine Special Edition for the same price?
I mean this has more CPU and more memory capacity for starters and it’ll be better for a firewall box than the Ubiquiti.
Since the power supplies were different, did you ever rerun the tests to see if the “Bad One” temperature, throttling and performance would be the same if you switched power supplies?
I’d bet you would get the inverse results of both being the same 19V is a lot compared to 12.
The good one I bet will be the bad one, and vice versa.
Rerun the tests, it’s only fair, someone sent you the wrong power supply.
This 6 port small box is awesome .
But , i need a 8 port low-watt small box for pfsense , any suggestion ?
You mention Proxmox but were you able to get ESXi 8.0 loaded on the i7-1165G7 units? I have a Qotom device that seems to only want to install ESXi 6.7U3 and even with that will do sporadic reboots. Obviously these are not on the HCL, so you get what you get sometimes.
I would also love to hear your thoughts on the Asrock BOX-1260P… it only has two ports but seems like it would make a great ESXi home lab.
So, what I’d really like to see here is actual benchmarks of these devices as firewalls. Throw on OPNSense or pfSense or whatever, with a few different configurations (low, medium, and high numbers of firewall rules, plus different configurations of OpenVPN versus WireGuard, etc…), and then see how much speed you can actually sustain across these things in various conditions — direct LAN to LAN configs, across a high speed WAN that is nearby, a high speed WAN that is far away, etc….
You’re doing benchmarks that show how the bare box can do on CPU benchmarks, but you’re not showing us how this could function in an actual firewall application configuration.
Is it possible to take the hardware in a 19″ rack case? Is anywhere a tutorial for this?
Agree — Patrick,
Please consider:
When reviewing products like this, although it may take alot more time for you to do the review, it would be absolutely essential information people are scouring the internet for and hoping to find in the 11th thread and 6 comments down with no luck.
Home users want to see how these potential firewall solutions perform setup –
throw a few basic vlans on there, realistically expectable openvpn speeds, and in various configurations, i am sure you can save a few test configs on opnsense/pfsense and be able to give us this info without it straining you too much..
i think you would find that providing that information will surge views to your website :)
Absolute number one question here is can you enable QAT in the BIOS of this box since it is integrated in the i7-1165G& CPU. Or is it enabled by default? This is a massive plus for anyone wanting to run pfSense on this with VPN acceleration.