In my home network, I had placed my network behind a router box running OPNSense since I decided to abandon Ubiquiti’s Unifi Security Gateway a while back. In my previous home, the internet speed was such that a super cheap low performance box would be good enough to get the job done. And it worked great. I was able to use my entire internet and troubleshoot in ways the USG would not allow. I had hoped this would last me for some time, but I did not anticipate getting myself into a living situation where 1 Gbit internet is actually on the lower end. That little box fought tooth and nail to give me performance, and optimizations to OPNSense got close. But it was time to upgrade.
Research showed that the newer CPU systems from Intel that tend to get used in these boxes were substantially more powerful than I thought. Celeron N5105 was showing that it could easily push port speeds on 2.5 Gbit ports without too much trouble. So not only would that meet my needs for a 1 Gbit internet connection, it would give me a future of faster speeds. It also opened the door for me to upgrade my home network.
I saw the KingnovyPC appliance reviewed well in this regard. It’s available on Amazon for a decent price. So I went for it.
Transferring my configuration was pretty easy. The only thing I had to fix, which was expected, were network interfaces. Going from 1 Gbit ports to 2.5 Gbit ports meant new network chipset, probably new driver, and probably new names. Updating who was LAN and who was WAN was all I had to do. OPNSense figured out the rest. From there, install the missing modules, and I was back online.
I can confirm I can use my entire internet connection with anything on the wired network. This was great news. Not only that, the CPU wasn’t hit too hard, indicating there was plenty of head room, and I was able to turn on additional insights and protections.
Let me say, though, this great enhancement in performance was NOT thanks to KingnovyPC. Rather, this was thanks to Intel. It might be easy to say that about any brand, but I suspect KingnovyPC likely hurts this system.
This appliance box is sold as passively cooled. The case is a giant heatsink. The model I bought came with 128 GB of storage and 8 GB of RAM, which is more than I need. Light weight and quiet is definitely desirable for this. With the CPU with a TDP of 10W, passively cooling should be no problem.
This is where there’s problems. KingnovyPC poorly designed this system.
First, the storage and RAM are brand names I’ve never heard of. My suspicion is they are whatever they find at the local markets at the lowest price. This is super risky because this hardware has no reputation for reliability nor performance. For the storage, there’s the additional risk of fake products that aren’t as advertised. With the RAM, this is where CPU performance can realy be hurt. It’s already not the best specification matched with the CPU, but also, it may not be well designed, and likely will underperform. And, as I mentioned, longevity is likely going to be an issue.
To further concerns about these 2 modules is they take standardized names for the specifications and modify them in an extreme measure of avoiding trademark issues. The SO-DIMM memory module is called LO-DIMM for unknown reasons. When searching if this was even a commonly used thing, I found confusion, and mostly references to differentiate it from SO-DIMM for long or large modules, typically used in desktop computers. The module sockets are definitely not long/large module sockets. The module is definitely a SO-DIMM. And then the storage is labeled as NVM. Without the e. I believe it’s actually an NVMe module, but it uses a modified NVMe logo, in order to avoid any conflict with NVMe marks.
I will likely replace both of these at some point. I don’t need a lot of RAM nor storage so it shouldn’t cost too much.
The embedded hardware on the mainboard seems to be in good order. The network control appears to be legit so there’s no concerns on performance or anything.
But the issues don’t end there. This is sold as a passively cooled system, but it appears there was no care in ensuring heat is actually extracted from the CPU and into the heatsink.
In a purely passive and warm environment, it definitely heats up on the outside. This would indicate that it is extracting heat, but I also noticed in the OPNSense dashboard that the CPU temperature was all over the place and not at all smooth. This is an indicator that the thermal interface is likely bad. Idle temperature was 65C and would spike to 90+C. Getting so hot in a passive configuration is a concern because if it goes much hotter, there’s nothing to move heat away. Going up and down, though, told me doing anything to the heatsink probably wasn’t going to help much.
I put a USB powered 120mm fan on the top. This helped. But not by much. Idle temperature came down by about 5C and it was still going above 90C. Temperatures were still moving fast.
I took it apart to see what the thermal interface looked like. I expected to see a thermal pad from the CPU to the case, but found a copper block with thermal paste instead. It was a positive thing compared to my expectation, and now I had an idea on how to improve it. This also meant there were 2 thermal interfaces instead of 1 to worry about. So I cleaned up the thermal compound and used a high quality compound I had used in the past and had around. One thing that I noted was the interface from the copper block to the case on the case side was not smoothed. This means no matter what I do,until I clean that up, that interface will always be bad.
The result is it now idles 38-39C and doesn’t seem to be able to push past 55C. This is massive. I’m much more excited to see the 55C max than I am to see the <40C idle.
If I really care about it in the future, I would likely smooth out the interface between the copper block and the case, and use Thermal Grizzly Conductonaut there, and just a high quality compound between the copper block and the CPU. The copper block will likely need some cleaning up as well. The Conductonaut will effectively make that thermal interface like a welded/soldered interface, and there’s no conductive components to worry about there. I don’t think I’ll be able to get temps down much further than they are now, so this might have limited impact.
My final thoughts on the KingnovyPC Firewall Micro Appliance with the Intel Celeraon N5105 is it’s poorly designed. It’ll get the job done, but for the price there might be better available. If you go with this appliance, consider going barebones (priced at $300), if you can, or assume you’ll need to replace the storage and RAM. If thermals are a concerns (if this is going into a poorly ventillated or warm environment), consider also getting high quality thermal compound (I used Noctua’s compound, there’s a few other brands to consider). This box comes with pfSense installed, but I cannot speak to whether it’s trustworthy. If you want to use pfSense, then install your own copy from a trusted source. OPNSense also works well.
It’s worth noting that KingnovyPC says this machine supports up to 64 GB of RAM. Intel says this CPU supports a maximum of 16 GB. KingnovyPC sells a configuration of this machine with 32 GB of memory. I don’t know if more than 16 GB will work, but generally, if Intel puts it in the specification, there’s going to be something in the CPU that enables this arbitrary limitation. So, buyer beware if you intend to use higher amounts of RAM in this machine, or purchase the max configuration from KingnovyPC. It’s possible more RAM will work, but it’s also possible they named this specification because, technically, RAM exists that would allow such configurations, though adding more than specified by the CPU may cause it to not use the RAM beyond the spec.