Fujitsu Futro S920 Thin Client as opnsense firewall

frauhottelmann

New Member
Dec 11, 2020
4
5
3
Build’s Name: My Router ;)
Operating System: opnsense
System: Fujitsu Futro S920
CPU: AMD G Series GX-415GA (1,5 GHz Quad Core)
Drives: 64 GB M-Sata SSD
RAM: 2x2 GB
Add-in Cards: Fujitsu D3045-A11 GS1 Quad Port Nic (Intel i350-T4) va PCIE riser
Power Supply: 40 W

Usage Profile: Firewall

Other information:

I thought I'd write something about the Fujitsu Futro S920. The other favourite thin client HP T620 Plus hasn't been very available in Germany. So I had to look for something else instead. I did have an Edgerouter X with OpenWrt in use before, but I wanted something more.

This has the same CPU as the T620 Plus, just with 1.5 GHz instead of 2.0. It is the GX-415GA. These also came with either the dual core GX-222GC or the more powerful GX-424CC quad core with 2.4 GHz. The GX-415GA seems to be the most common though.

Opnsense installations is straight forward.

1) Exterior

It is a nice little box (52 mm x 195 mm x 250 mm / 2,05 inch x 7,68 inch x 9,84 inch without the feet).
IMG_20201202_215945.jpgIMG_20201202_215934.jpg
You get two USB 3.0 and audio ports on the front (there is an option for a smart card reader). As usual with these corporate boxes there is a multitude of port options on the back. The Ethernet port blank next to the 4 port nic is for the PoE option. Mine came with the feet, but you don't need them. They can be mounted for vertical or horizontal use.

2) Interior
cpu.jpg
The CPU is passively cooled (in my case it hovers around 50° C / 122 ° F in a small cupboard).

ram.jpg
There are two DDR3 SO-DIMM slots. These come in a variety of configurations. Mine came with 2 GB and I added another 2 GB.

msata.jpg
For storage there is a M-SATA slot. Mine came with 2 GB and eLinux which is probably very common as these have been used to display RDP sessions. There are versions with Windows though. I upgraded to 64 GB just because it was the best price to storage ratio at the bottom of the price range.

sata.jpgsata power.jpg
There is also a SATA port, but it is in the most unusual place on the motherboard :D There is no way to mount a drive though. There is a system extension component holder, but I am not sure if there is room for a SATA drive. The component holder is used for the smart card reader and the speaker (yes, you can add an additional speaker :D ). I also don't know the pin out of the SATA power port.

mpcie.jpg
Between the CPU and the PCIE slot is a Mini PCIE slot. One could add a wifi card here or one of those obscure ethernet adapters. Some of the models do come with a wifi card.

pcie bay.jpg
Unfortunately I got the version without a PCIE riser. There is a separate extension available (part number
C26361-K528-C16). So I added another riser. Some of these can come with a PoE add in card (plugs into the pins above the PCIE slot) or even a AMD graphics card (in this case congratulations, you got the riser for free).

riser.jpgtoo long.jpg 293px
The Delock 16x riser is the correct hight (they call it 1U) but it is too long. I had to cut it down a bit :D

3) The Bill (everything with shipping)

Futro S92032€ (I was very lucky, the usually go for about 70€ plus shipping)
2 GB RAM5 €
64 GB SSD19.79 €
Delock Riser Card11 €
Fujitsu Quad Port Nic30 €
Overall97.79 €
 

frauhottelmann

New Member
Dec 11, 2020
4
5
3
Nice build, @frauhottelmann ! :)
I was wondering that the DeLock Riser fits without any problems.
The original Fujitsu riser looks like a bit heigher.

I ordered a Kalea-riser (https://www.amazon.de/gp/product/B018KEM1GI/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1) - i hope the riser will fit.

How's the performance with active IPS / DPI ?
Hi @h0schi,
the height of the riser is perfect, but it was too long :D The one you ordered looks good. I am not doing any IPS/DPI right now. I can test if you like, but I need some pointers on how to test it. I am not dowing anything special and I can saturate my 500 MBit down link.
 

frauhottelmann

New Member
Dec 11, 2020
4
5
3
It's difficult to say. I don't really have a reliable benchmark endpoint to test my Download speeds. I have a 500/25 connection via cable modem (in bridge mode).

EDIT: I'll probably redo these test with a better speestest server.
EDIT: I reran all the test with nperf.com against the 10GBit-Vodafone-Berlin-IPV6 server. Speed is taking big hit with IPS!

DownUpUpdated
No shaping or anything491,824,15yes
With shaping484,924,15yes
Disabled Hardware Offload (no shaping)491,524,77yes
Just Intrusion Detection (no shaping)473,625,00yes
Intrusion Detection with IPS (disabled hardware offload, no shaping)241,024,87yes
 
Last edited:
  • Like
Reactions: h0schi

h0schi

New Member
Oct 24, 2020
29
12
3
Germany
I knew that IPS is hungry, but 50 % of the whole bandwight is heavy :oops:
How high was the CPU-load during these tests ?

I also ordered a HP T620, this thin-client got a 500 Mhz faster CPU (AMD GX-420CA), but the results should be similar to your benchmark.

Thx for your tests.
If you bechmark it again, please let me know :)
 

frauhottelmann

New Member
Dec 11, 2020
4
5
3
I knew that IPS is hungry, but 50 % of the whole bandwight is heavy :oops:
How high was the CPU-load during these tests ?

I also ordered a HP T620, this thin-client got a 500 Mhz faster CPU (AMD GX-420CA), but the results should be similar to your benchmark.

Thx for your tests.
If you bechmark it again, please let me know :)
I have updated the numbers again.

Yours should run faster with all four cores running at higher speeds. But damn IPS ist hitting it hard
But I can't complain. The price was so low
 
  • Like
Reactions: h0schi

h0schi

New Member
Oct 24, 2020
29
12
3
Germany
The results are better now :)
This thin clients with AMD GX-CPU / platforms are very efficient and cheap.
I will change to OPNsense and will leave the Unifi-universe.

I can not understand how a Unifi UDM-Pro with a Quad ARM Cortex-A57 (1.7 GHz) CPU can handle an IPS-throughput of 3,5 GB/s ?! :D
This appliance seems to be running a modified suricata IPS-engine.
 

newabc

Active Member
Jan 20, 2019
118
31
28
I can not understand how a Unifi UDM-Pro with a Quad ARM Cortex-A57 (1.7 GHz) CPU can handle an IPS-throughput of 3,5 GB/s ?! :D
This appliance seems to be running a modified suricata IPS-engine.
Its spec sheet said it was tested by iperf(v2? v3?), so each time the machine faces a same traffic pattern which triggers a same rule from a single direction.
 

newabc

Active Member
Jan 20, 2019
118
31
28
I knew it is hard to get something with low price like 2nd-handed Wyse 5070 extended or HP T730 in Europe.
Or the Qotom boxes from aliexpress? (The Qotom barebones usually cost totally around $200 with shipping to US.)