Honey, I Shrunk the Firewall...AGAIN! - pfSense on a ZimaBoard!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

ever since we made a video on turning a Zotac Mini PC into a pfSense firewall which in my dad is still happily running in John's home lab I've been on the hunt to go even smaller and today friends we might have a winner in this this is the zema board welcome home lovers and cell posters Rich here and in today's video we're going to take this guy here the zema board 832 turn it into a PF sense firewall and test how well it performs let's get down to business this is the Zima board 832 and xa6 single board computer running a 4 core Intel Celeron n3450 CPU with a base clock of 1.1 gigahertz and a boost to 2.2 gigahertz the zema board is a single board computer with everything you need all in a super small package this model is the 832 which rocks 8 gigabytes of LP ddr4 RAM and has 32 gigs of onboard emmc 5.1 storage the zema board is far more unique than your run-of-the-mill xa6 spcs though this board has connectivity that is rather they're unheard of in the realm of sbcs for example the Zima board has two one gig ethernet ports two six gigabit SATA ports two USB 3.0 ports a Mini DisplayPort for 4K video and lastly an exposed discrete PCI Express 2.0 4X slot all of this in a 6 watt package the SEMA board is entirely fanless and passively cooled by the built-in heatsink supports hardware virtualization aesni for encrypt decrypt and weighs in at a scant 278 grams there are three different models of Zuma board you can choose from starting at 120 for the cheapest board that has two cores 2 gigs of RAM and 16 gigs of on-board storage a 160 dollar board with four cores 4 gigs of RAM and 32 gigs of onboard storage and the board we're using here with four cores 8 gigs of RAM and 32 gigs of storage for 200 out of the box the zema board comes installed with Casa OS which is based on Debian and features a simple web GUI with built-in Docker support so you can start running containers and apps right away Casa OS also has a full feature desktop for those of you interested in running the Zuma board as a miniature desktop PC all of that is nice but we're here to see if this little SPC can handle pfSense and handle it well so let's get pfSense installed and up and running we made a video about how to install pfSense so check the card in the top right if you need help building a boot stick and doing the installation getting PSNS installed on the Zuma board was no different than installing it on a regular full-size PC the beauty of x86 sbcs is that getting into the BIOS selecting your boot disk and kicking off installation via a USB stick is super simple compared to the work necessary on an arm-based SBC we have since took a little over four minutes to install on the Zuma board with no issues to report throw in another minute or two for the web UI wizard walkthrough so in roughly six minutes we had a ready-to-use psense firewall up and running which was awesome I want to take a moment and address what will no doubtedly be a hot button topic for this video and that's the real techniques on board yes the SEMA board has two Realtek 811 H based Knicks on board and historically there have been issues with real Tech drivers and BSD now there are two ways we can resolve these issues the first is to install the compiled and updated Nick drivers in BSD which requires you to enable SSH install a driver package and add modifications to the book config or the second and simpler method disable Hardware checksum offloading for the Nic in the psn's web UI I wanted to walk you guys through that really quickly so let's do that now two disable Hardware check some offloading in pfSense let's head up to system on top and then click advanced click on the network tab scroll down to the network interfaces section and click disable Hardware checksum offloading now scroll down to the bottom and click the save button the last step is to reboot the firewall to enact our changes so we'll head back to the top click on diagnostics and then down to reboot a normal reboot is all we need here so we'll click submit to reboot our zema board pfSense box alright friends let's run some performance tests to see how well the Zuma board can handle flinging packets between the two Nicks we'll run two basic tests here first we'll run an iperf3 test to test raw TCP throughput through the netting firewall to see the sustained throughput and then we'll run an HTML5 speed test to see how well the system manages natting HTTP traffic let's kick off our iperf 3 test we'll be running the iperf3 test for a total of 300 seconds or 5 minutes to give ourselves a good average on the throughput through the firewall we'll speed this up for brevity and go foreign [Music] in the five minute test we moved nearly 32 gigs of data through the firewall with a sustained average of 912 megabits a second in and out that's exactly what we'd expect let's move on to our HTML5 speed test open speed test is a free self-hosted HTML5 speed test tool that I run in a Docker container it's a great way to run simple HTML speed tests internally or externally and I use it very often to test real world bandwidth between my internet connection and others on the net there's very little for us to do here other than to hit the start button so let's do that now foreign and the results are in I was able to reach 815.6 megabits down and 980.3 megabits up these are great numbers and once again show that The Zuma board has plenty of power to handle firewall duties okay let's talk about thermals the semen board has this big that covers the entire top of the SBC that heatsink has plenty of Mass to it so how warm does it get when we start pushing packets I want to set up the zooming board and run another test this time I'll push I prefer for a good 30 minutes and see how warm that heatsink gets we'll be using my thermal camera to get a good idea of the temps let's check it out and here we go we'll speed this up a bit for brevity [Music] foreign [Music] this run the Zima board only reached a maximum temperature of 38 degrees Celsius or 100.4 degrees Fahrenheit the system stayed cool and didn't throttle at any time that's pretty impressive so here are my final thoughts today the zema board is the best SBC I've tested in terms of performance for PF sense it's low powered yet fully capable of handling the job of a 1 gig firewall with plenty of performance to spare if you think about building a PF sensor open since firewall out of azima board I'd recommend purchasing the 432 model because it's a bit cheaper it has half the ram of 832 that we reviewed here but pfSense requires a minimum of one gig of RAM anyway so four gigs is plenty and you'll shave 40 bucks off the top I also think this is a great way for people to get into building their own home firewall and getting off the cheap Asus Netgear and tp-link Hardware that's out there it's 2023 people let's up your internet protection game if there are any other types of services or systems you'd like to see us set up with the SEMA board get down those comments and let us know and not your fans watching this video how about digging into our other Home lab in virtualization videos we've done in the past if you're looking to get into virtualization home labbing or self-hosting we can help emptiness is [Music]

Info

Channel: 2GuysTek

Views: 18,736

Rating: undefined out of 5

Keywords: zimaboard, pfsense, pfSense on Zimaboard, Ultra-small firewall, Home firewall, Homelab firewall, Build your own Firewall, ZimaBoard 832, single board computer, opnsense, iperf3 testing of pfsense, iperf3, openspeedtest, zimaboard 432, zimaboard 216, icewhale, zimaboard custom project, zimaboard specs, x86 sbc, raspberry pi rival, buy this instead of a raspberry pi, an sbc you can and should buy, embedded board, Openspeedtest, Install pfSense on ZimaBoard, homelab, self hosting

Id: 5Yjr7bM99Ko

Channel Id: undefined

Length: 7min 23sec (443 seconds)

Published: Sat Mar 04 2023