Tuesday, April 10, 2012

Custom Firewall ( UTM ) + Internet Gateway + NAS / Storage


Introduction

I have setup a lot of firewalls on a lot of servers and LANs for past many years. The firewalls used to protect complete networks were basically thrown away PCs, from the hardware point of view, with multiple network cards, running Linux as their OS. One complaint I occasionally hear about these firewalls is their physical size. Since old PCs can come in any size and shape, these firewalls look bulky, and sometimes out of place. Though a firewall is not you showcase in your network environment, but it has to be placed at least somewhere! And most of the time, it is placed in the same room where all the DSL connections are coming in, and the network switch is located.

To solve this problem, I developed the idea of creating a custom case, especially to serve the needs of a firewall system. My design goals were very simple:

1) Use COTS (Common Off The Shelf) computer components to built a PC, which will act as a firewall. That means, a normal uATX (Micro-ATX) motherboard (socket LGA 775), a commonly available P4/Pentium-D/Dual-Core/Core2Duo/Core2Quad/Core i3/ Core i5 processor, commonly available RAM, commonly available 3.5" hard drive (later changed to 2.5" hard drive), commonly available low profile network cards, and a regular/normal ATX power supply unit.

2) Design a custom case around these components, in such a way, which should not waste any space, and yet accommodate all the components inside it, but still the height is confined between 1U to a maximum of 2U.

3) The case needs to accommodate a uATX motherboard, a couple of additional NICs, a power supply unit, and a hard drive.

4) The additional PCI and PCI-e NICs should be low profile (as in height).

[1U = 1.75 in (44 mm) , 2U = 3.5 in (88 mm) ]
I wanted to use uATX (Micro-ATX) motherboard, because it is the most widely available motherboard in Pakistan and Saudi Markets. Mini-ITX is a very good candidate, but I can't find it anywhere in my local market. And if I try to get it from the internet, it is pretty expensive compared to a normal uATX motherboard.

In order to reduce the height of the solution, I had to strip off the PSU from it's metal case. The only two components, which consume height in my case are (1) the heat-sinks of the power transistors of the PSU, and the CPU heat-sink/fan. If I leave these components as it is, the height of the solution is 2U, instead of my desired ideal height of 1U.

Below are calculations of the components I used.
  • Motherboard GigaByte GA-G41MT-S2P [[1]]: 24.4cm (L) x 19.4cm (W)) = (9.6 in (L) x 7.6 in (W)
  • Processor heat-sink Intel E97375-001 [[2]] :- [ Total Height = 50 mm or 2.0 in ]
    • Note: The height of the CPU heatsink is a pain point for my design. It is the only COTS CPU heat-sink available in my local market, and prevents the height of my solution to go below 2.0 inches.
  • Power Supply Circuit board [[3]]: 10.8 cm x 14.5 cm or 4.25 in x 5.7 in
  • Power Supply Heat-Sinks [[4]]: Height = 41 mm or 1.6 in
  • Hard drive 3.5 inch [[5]] [[6]][[7]]: 4 in (W) × 1 in (H) × 5.75 in (L) = 101.6 mm (W) × 25.4 mm (H) × 146 mm (L)
  • Hard drive 2.5 inch [[8]] : 2.75 in (W) × 0.4 in (H) × 3.945 in (L) = 69.85 mm (W) × 10 mm (H) × 100 mm (L)
  • ThermalTake Case fan (small) [[9]]: 60 mm x 60 mm x 25 mm = 2.4 in x 2.4 in x 1 in
  • PCIe x1 Gigabit Network Card TPLink TG-3468 [[10]] : Height 58mm or 2.28 in , Length 83 mm or 3.2 in
    • Note: This card is a pain point for my design. It is the only COTS PCIe NIC available in my local market, and prevents the height of my solution to go below 2.5 inches.
  • PCI Network card Realtek RTL8139D [[11]] : Height 7.5 mm or 1.5 in ???

Various Measurements

  • Space between case's bottom surface to M-Board's bottom = 4mm
  • M-board thickness = 1.5 mm ~ 2 mm
M-Board top surface is at 6 mm from case surface . ( 4mm + 2mm = 6 mm) . This height is added to all components' height measured with respect to M-Board surface.
  • Star Tech NIC (height from M-Board) = 44 mm .
  • TPLink NIC (height from M-Board) = 62 mm . (Total height = 62mm + 6mm = 68 mm; which is more than 2.5 inch). This case cannot use TPlink cards.
  • RealTek NIC (height from M-Board) = 48 mm .
  • M-Board I/o Panel height = 48 mm
  • RAM (height from M-Board) = 33 mm
  • Processor fan (height from M-Board) = 52 mm
  • PSU HeatSink height from PSU circuit board = 44 mm
  • Metal Spacer/stand-off height = 7 mm ( Will not be included in any design)
  • Normal plastic spacer height = 6mm
  • Plastic spacer height, after removing/cutting its round base = 4mm
  • Plastic legs of the processor heatsink, protruding beneath the M-Board surface = 4 mm (This means this is the minimum space we ill need to maintain below the M-Board).
  • M-Board solders at the bottom side have length = 1.5 mm to 3 mm.
  • M-Board holes are found to be of the same diameter as of an M4 screws.
  • Rivet head height from surface = 2mm (Only relevant in plastic case / riveted design).
  • For plastic case, M4 screws of 16mm length are required. (Flat head. Not counter-sunk head).
  • Plastic ring washers are required with M4 / 4mm hole and 4mm thickness.
  • The NIC slots / cuts on the back panel of the case are to be 15mm x 30 mm .
  • The NiC slots are at the distance of 5mm, 45 mm and 65 mm from the right side of the M-Board I/O back panel.
  • The slots must start from 20 mm from the inside bottom surface of the case.
  • The I/O Panel right side is at 88 mm distance from inside of the case's right wall.

Images

File:PSU-stripped-open-modified-small.png
File:UTM-2011-11-13-19.17.33.jpg-small.jpg
File:UTM-2011-11-14 00.05.06-small.jpg
File:UTM-2011-11-14-23.48.01.jpg-small.jpg
File:UTM-2011-11-15-11.33.21.jpg-small.jpg
File:UTM-2011-11-15-11.37.21.jpg-small.jpg

1 comment:

  1. Thank you for sharing this article about setting up a custom firewall Ajit! I came across it because I have been trying to educate myself on NAS storage because I have heard so much about it and it sounds so interesting. From everything I've heard it's definitely the wave of the future. i think I'm even going to attend a webinar on the Evolution of NAS Storage. Thank you again for sharing!

    ReplyDelete