New: NitroWall for Professional Network Security

Wireguard support?

What is the typical power consumption in active and idle mode?

does it have serial console support?

Why not support Wireguard VPN protocol? It should be ultra fast, and still secure.

Enough power for five VLAN with more than 20 firewall roules to route between the LAN‘s?

OpenBSD?

Made in Germany? Or China?

Why does the nitrowall hardware look similar to the hardware protectli and others sell? And can you use other OSes that support coreboot e.g PFsense?

How can I get OpenSense updates after the pre-installation? The hardware of the nitrowall is Intel based, but as far as I now the only precompiled OpenSense images are AMD based.

I got a CryptoStick v2 all the way back in 2012 and have been happy with your efforts since. I just wanted to say thank you for taking a step into filling this niche too. I'm an extensive user of OPNsense having switched all my gateway/routing/edge appliance activities to it for both myself and a number of clients over the last few years, but I've run it primarily on SuperMicro 1U boxes. I've wanted a better option to fill the role in smaller scale/managed home solutions, and while using a NUC or other embedded options is of course doable it's nice to see you take a step towards making it more turnkey. Deciso, the company behind OPNsense Business Edition, does offer a number of options too but they neuter important hardware functionality and many of them are very long in the tooth and mediocre value. A few comments though:

1. A 16GB flash card just shouldn't even be something you offer IMO. At RPi price points sure, but at $500+ you should really try to have the 120 be the basic default. CPU ceiling can't be helped, but people should be able to play around with IDS/IPS, web proxying, plenty of log space (circular logs are dead now) etc. A decent basic 250GB NVMe SSD like the PNY CS1030 is about $34-40 retail. I just don't think it's a place to penny pinch vs user experience personally.

2. Having said that at the $500 level you should be a bit more generous, I'm going to turn right around and hope you can pull off a $100-200 Arm (probably not x86) version down the road too! Obviously at that point there would need to be some more feature cuts, just two ports etc.

3. If this does well enough for you, I hope you can fund some focused improvements in OPNsense itself. In particular given your original business, it'd be nice to have webauthn support for the OPNsense web gui as well as easy native key support for ssh and logging into the console.

4. I can't tell, but I hope you're installing this as ZFS native particularly on the 120+ drives. Even with one drive being able to detect (and repair with copies=2+) corruption is useful, as is snapshots and boot environment rollbacks if something goes pear shaped.

Anyway, best of luck with this! I'm delighted to see a slow but growing appreciation for how important open source is for network edges after ages of people getting burned by crappy appliances (happening again right now! Ars Technica just had a piece on yet another massively widespread flaw, "Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw"). OPNsense remains too technical/clunky for a lot of users for now, but the foundations are good and if you do want to put some time in it's so nice to have normal open PC management/recovery for such a critical piece of infrastructure. I hope it does well enough in its niche for you.

I just got my nitrowall today! I had to remove the SSD to be able to boot from USB and install Vyos as I found no way to change the default boot device. After this small workaround vyos is running sucesfully.... BUT changing configurations is painfully slow. Just "configure" and then "show" takes 6 seconds while unionfs-fuse will consume 50% or so of a CPU. It was not so slow when I was running on a KVM guest on proxmox. Will need to see if I find a solution as this performance makes the solution unusual to work with via Terraform - refresh times out.

what about ipfire? Is there any problems with it or just concentrating on one OS?

Just wondering. Does it make sense to use this box/CPU with Proxmox and run virtualized Opnsense passthru on it with a 200mbps AES tunnel , and Pihole and another small Debian based ssh/onion/http server? Can it handle all this or do you have better hardware suggestions? Another question: can the HAP bit still be set on these boards (as they are newer than the old tweakable Thinkpads used by the privacy community) Last question: do you still accept BTC?

Just wondering how can I get the open source firmware files of the nitrowalls?

Does the cheaper one with the 8gb ram handle Surricata IDS with logging and Zenarmor well or do you recommend another with 16gb or 32 GB? For small home office.... Please provide links to the product recommended for this usecase

These are 2015 processors and I have some qotom box experience. Their CPU paste is usually dried out in under a year? Do you take care of this before shipping? What is typical men utilization for Opnsense with Suricata and zenarmor on this one. 8gb enough for 3 users?

Hi, I got one of your boxes and installed opnsense. But why am I getting a max of 720Mbit/s using iperf3. This is the hardware line speed between the Intel NICs of the board and my client, which is 2.5Gbps laptop (Intel). The board has 4x Intel 1Gbit ports and the hardware line speed measured with iperf3 should be closer to 940Mbit/s . I am using a short CAT6 cable directly connected to the Nitrowall. No VPN , normal CPU load, it doesn't matter if powerd is set to HiAdaptive or off, it doesn't matter if HW offloading boxes for CRC etc are ticket on or off. The box seems to be underperforming for some reason and it is unable to handle/utilize a 1 Gbit stream. Please confirm if this is the norm due to older CPUs or if anything I can try to boost performance?

It works flawlessly with openvpn and wireguard. Just don't try to run surricata on it , the CPU is not powerful enough. But it easily handles 500mbps AES traffic with just over 25% CPU. (One core maxed out , due to openssl not multi threading). Its a old CPU (2016) and may be subject to Intel vulnerabilities and its a bit priced , but it comes with warantee which is an uncertain factor when buying Chinese Qotom. I basically paid 200 EUR extra for warantee and support. Now my little support question. Site says: "Unencrypted LAN: 940 Mbps" But I only get 720 Mbps using CAT6 cables and iperf3 LAN to LAN (receiving end is 2.5Gbps ) I wonder how the devs here got the 940mbps (the max speed for gigabit) directly on the cable. I hope I can tune this somewhere and hoping for an answer. The box is fine for 500mbps uplinks but for gigabit I would need to return it for a faster model, if I can't amp up the speed to the norm. But I trust I am probably making some error somewhere because the site says 940mbit so I guess they tested it

Hello, I am expecting a reply to the former message posted here. I got a unit but only getting like 720mbit/sec (using cat6 cables and 2.5gbit clients) directly on the interface using iperf3 (so not internet speeds). Your site says 940mbit unencrypted which is the max for gigabit on iperf3. Please tell me what could be the problem and what things I can check.. Running opnsense now with low CPU and under 10% men usage. I run iperf3 directly on the interface lan2lan... Please help , I really like to have some feedback and confirmation is this is a generic issue with this unit or something else?

Hi, I tried these things already. When I enable hardware CRC offloading, disable TSO and Receive buffer offloading (3 boxes , I tried all combinations) I get slightly different rates but all slower and unstable results in iperf3 with rates like 500-600mbps. When all boxes are ticked I get a stable 720mbps which is the max for this device. Regarding powerd: I tried HiAdaptive, and Max and I tried disabling it. Powerd has no effect at the throughput at all, CPU usage remains very low. Regarding the EEE in sysctl , when I toggle them, I lose connection to the firewall and the only way to restore it is power cycling the box. Current setting is default EEE=1. I really need to double check the client side again and fetch a machine to test against the firewall. What other things can I try? And can you test one of these boxes with iperf3 ? The problem could just be with these boards. I read some of the Qotoms with similar specs have the same data rate issues , getting no more than 80MBps Would be great if you have the time to test it in your lab and let us know Any other suggestion is welcome

Some update: With CRC offloading I get 750 instead of 720mbps TSO remains default , everything else default Then when I try a 64k windowsize and at least 2 iperf3 streams I am finally seeing a mixed total result of 930mbps But with one iperf3 stream and various window sizes all I am getting is around 750 (CRC hw offloading) or 720 (no CRC hw offloading) Any guesses? At least its doesn't appear to be a hardware problem but I think a client should be capable of getting 1gig in a single stream?

The plot thickens. When using iperf on the nitrowall as client and laptop as server (in reverse) I get the full 942mbps in 1 stream. When I use the laptop as client at least 2 streams with a 64k windowsize are needed. The results are much better now

Hi, how can I update the coreboot bios with a more recent one to stay up to date? I can't find a link to firmware updates on your site. Please help

Hello, is there a manual how to create the coreboot-file for updating the firmware on the nitrowall (the link above to github is not really helping) and also how to update the firmware it self? Could you writte such manual, if there is no?