Current popular QOTOM or similar hardware for home UTM-9?

https://www.aliexpress.com/item/Qotom-Q355G4-Fanless-Mini-PC-Broadwell-Core-i5-5250U-HD-Graphics-HD-Video-VGA-Pocket-PC/32799580496.html?spm=2114.search0104.3.2.v45kqz&ws_ab_test=searchweb0_0,searchweb201602_5_10152_10065_10151_10344_10068_10130_10345_10324_10342_10547_10343_10340_10341_10548_10545_10541_10084_10083_10307_5640015_10178_10060_10155_10154_10056_10055_10539_10538_5370015_10537_10312_10536_10059_10313_10314_10534_10533_100031_10103_10073_10102_5630015_10142_10107,searchweb201603_1,ppcSwitch_5&btsid=760af3f2-8542-4429-890f-cbdb2fa4774b&algo_expid=cd00b238-ba0c-4fa8-8c46-eec9a32c0be1-0&algo_pvid=cd00b238-ba0c-4fa8-8c46-eec9a32c0be1

Slightly over your budget but probably best bang for the buck.  Been running this for the last 2 months with no issues.  Only gotcha is the port arrangement.  Physical ports don't correspond to the way software identifies the ports.  They are 1, 3, 4, 2 instead of 1 2 3 4.  I run utm under esxi which allows me to remap the ports and make better use of the box by running other servers (freepbx).

There's a lengthy thread on the pfsense forum discussing this box - https://forum.pfsense.org/index.php?topic=132528 .

Overall, I think money well spent considering processing power and power consumed.

Thanks Jay Jay, I appreciate your input.

I've gone from running ASL 0.8 (I think), on a 486, to higher performance hardware,

ASG, UTM, ESXi vm and now I'm looking for low power and quiet.

The best price I can find on a QOTOM Q355G4 Mini PC w/ 8GB RAM + 16GB SSD - Core i5, AES-NI, 4 Intel LAN, 15Watts,

Industrial Mini PC Firewall Gateway Router (Q355G4-8R-16S) is CDN$500. + 13% VAT.

Slightly off topic, did you ever consider RPIPBX on a PI 3?

Mike

Look on amazon, ebay and aliexpress.  One of those should yield a favorable price.

The included ssd was junk (intel 525, 30gb).  Getting a unit without it would be ideal.  The included ram is $55USD on amazon so probably best to get the unit with the ram unless you have a ddr3 stick of 8gb laying around.

No interest in running a pbx on PI 3.  Running it on qotom box is a neater solution, one less piece of hardware, memory cards, etc.

Thanks, I'm looking in those 3 places.

Are you running your ESXi host on the QOTOM box?

Mike

Mike_Cunningham said:

Thanks, I'm looking in those 3 places.

Are you running your ESXi host on the QOTOM box?

Mike

Yes, along with 3 vm's at the moment, utm, freepbx, and cyberpower systems powerpanel business appliance (very small vm for managing ups).

Still have about 2 GB of ram left, might install some other lightweight vm's/servers in the future.

I think bang for the buck the qotom is the best deal out there.  The thread over on the pfsense.org forum convinced me to get this box.

You could save a little bit of money and go with a 120Gb SSD instead of 256Gb. 256Gb is way more than you will ever use. On my UTM I have a 120Gb SSD and it only uses 6% of a 40Gb data partition.

Amazon has the Qotom with recommended RAM and SSD. https://www.amazon.com/Qotom-Q355G4-Firewall-Ethernet-Barebone-Computer/dp/B06XJV9R8X

You sure that's the right link?  It brings up just the bare bones with no ram/ssd for $228USD + s/h.  I think this is the one you're referring to.

https://www.amazon.com/gp/product/B06XPJKV5L/ref=s9_acsd_hps_bw_c_x_2_w

8GB ram module is $72 from newegg, and $59 from amazon. So $287 is less than the $301 (+ s/h) that I paid, but too late now.   I wanted to get the box with the ram due a number of posts about ram incompatibility.  The ram module model below is according to the pfsense thread.

https://www.amazon.com/Kingston-Technology-1600MHz-PC3-12800-KVR16LS11/dp/B00CQ35HBQ

https://www.newegg.com/Product/Product.aspx?Item=N82E16820239697

After 2 months of use, space is plenty.  I'll never run out at this rate.  I have a spare 250gb ssd, but was concerned about excessive log writes.  Also, while a mechanical drive probably slows things down somewhat, for general utm function other than av scanning, it's still plenty fast.

You sure that's the right link?  It brings up just the bare bones with no ram/ssd for $228USD + s/h.  I think this is the one you're referring to.

https://www.amazon.com/gp/product/B06XPJKV5L/ref=s9_acsd_hps_bw_c_x_2_w

8GB ram module is $72 from newegg, and $59 from amazon. So $287 is less than the $301 (+ s/h) that I paid, but too late now.   I wanted to get the box with the ram due a number of posts about ram incompatibility.  The ram module model below is according to the pfsense thread.

https://www.amazon.com/Kingston-Technology-1600MHz-PC3-12800-KVR16LS11/dp/B00CQ35HBQ

https://www.newegg.com/Product/Product.aspx?Item=N82E16820239697

After 2 months of use, space is plenty.  I'll never run out at this rate.  I have a spare 250gb ssd, but was concerned about excessive log writes.  Also, while a mechanical drive probably slows things down somewhat, for general utm function other than av scanning, it's still plenty fast.

Jay Jay said:

 

After 2 months of use, space is plenty.  I'll never run out at this rate.  I have a spare 250gb ssd, but was concerned about excessive log writes.  Also, while a mechanical drive probably slows things down somewhat, for general utm function other than av scanning, it's still plenty fast.

 

 

So, your log disk is an external spinning drive?

I was looking at the AliExpress site and noticed they have Q355G4 units with 4th gen i7 processors,

versus 5th gen i5 procs. Not that I can afford it but, would the i7 be a better solution for an ESXi host

with a couple of vm's (like you have)? 

Also, the AliExpress and Amazon.com sites have a hugely better selection of QOTOM units compared to Amazon.ca

Mike

No, you can mount a standard 2.5" laptop drive internally.  There's a sata port and sata power plug.  I got rid of the 30gb mini pcie ssd.

As for the cpu's, I don't know.  I'd say the difference is marginal at best.  Maybe a few points higher for the 4500u.

https://ark.intel.com/compare/75460,84984

They're roughly 18 months apart in terms of release dates.  Both dual core with hyperthreading.  The 4500u has a slightly higher clock speed and 1 more MB cache.

I one key feature as it relates to virtualization is VT-d support on the 5250u.  As I understand it, this allow mapping certain hardware directly to a vm rather than through software emulation.

https://software.intel.com/en-us/articles/intel-virtualization-technology-for-directed-io-vt-d-enhancing-intel-platforms-for-efficient-virtualization-of-io-devices

Search "I/O performance through direct Assignment"

I didn't implement my configuration this way with respect to network adapters.  I may try it later to see if there's any significant performance improvements or lower cpu usage.

Jay Jay said:

Also, while a mechanical drive probably slows things down somewhat, for general utm function other than av scanning, it's still plenty fast.

So, you have A/V scanning off? How much of an impact does it make?

Mike

MIke,

Sorry for the late reply.  Never received notification of another posting.

I can't honestly answer your question as I never turned av scanning on in the first place.  All clients except for android devices have their own local av software (kaspersky).

Also, I don't know if the cpu load pictured earlier is valid because the 5250u is dual core with hyper threading.  I don't think it's ready all core loads properly.  Exsi cpu utilization shows around 100% (for all available cpus) if I do speed tests with IPS turned on.

There's a thread on here outlining a number of exceptions to add to utm so it skips scanning of netflix/youtube content.  Also, since installing utm almost 8 months ago i've only had one IPS hit.  Originating from a local client and targeting the utm, both on the local lan.  I think that might be a false alert because it's the only one in so much time and has never been repeated.

I have att fiber coming out this week to install symmetrical gigabit because of ongoing upload issues with the cable isp.  I'm hoping the install goes well and there's no obstacles.  Supposedly fiber has been available in my area since 2015 so the network should be well developed by now. Most in the neighborhood have comcast, some have the other cable provider. It'll be interesting to see what the utm achieves assuming i'm able to hit advertised speeds connected directly to the att gateway.  If all goes well I plan on keeping the cable around for a week or so while I do more testing.

Will be doing some vpn testing with the cable internet for as remote.  At the least I expect a 500mbps+ upload with fiber.  Should have no problem saturating the cable's 350 mbps download so the only bottle neck will be the utm hardware.  I recall either here or on the pfsense forums, somewhere around 200-250 mbps was typical for a qotom 5250u vpn connection.

Hi gus,

I am currently using the aliexpress box for the latest version of UTM and my NICs are in the correct order. My link speed is 4/0.4 so nothing gets really stressed.

No wifi, 8gb ram 128 ssd, 4 NICs.

Ian

Hey Ian,

Did you have any issues installing the UTM as the Qotom box doesn't have a VGA port?

Regards

Hi Jevin,

I didn't get the qotom box, i got the aliexpress 4 port device that jay jay refers to earlier in this thread.

ian

^^The box I referenced is the qotom box.  The q355g4.

Edit: Q355g4, not q335g4.

Sorry.

https://www.aliexpress.com/item/Pfsense-fanless-X86-mini-pc-VGA-with-ATOM-E3845-CPU-4-Lan-router-barebone-nano-itx/32825994238.html?spm=a2g0s.9042311.0.0.oFoGF0

Ian

Looks like there's countless of these mini pc's on aliexpress.  How does the atom e3845 compare to an i5-5250u?

Looking at some of these other minipc's, the big drawback are the NIC's used..  Many are realtek, few and far between are intel.  For a firewall/router appliance I wouldn't use anything but intel. Of course, the fastest cpu available is also high on the criteria list.

I'm pretty happy with my set up.  Handles the 350mbps isp without issue.  If all goes well, will have gigabit fiber by the end of the week. Will see how well the 5250u handles that.