Submitted by: David Zientara

Some of those who are thinking of either upgrading from m0n0wall to pfSense or who are contemplating which firewall/router to deploy are probably weighing the merits of these two platforms. m0n0wall is a customized version of FreeBSD developed to act as a firewall and router; pfSense is a fork of the m0n0wall project, but while m0n0wall had been designed to work well with embedded systems, pfSense targets full PC installations. In this article, I will try to go over the strengths of each application. I will begin with pfSense.

pfSense incorporates load balancing; m0n0wall does not. Load balancing is a computer networking process for distributing workloads across multiple computers or a computer cluster, network links, CPUs, disk drives, or other resources. Clearly, the more your networks employ distributed computing, the more important load balancing will become as a means of improving resource use, maximizing throughput, minimizing response time, and avoiding overload. You need dedicated software or hardware in order to carry out load balancing, and pfSense can serve this particular function. This itself makes pfSense much more of an enterprise-level firewall in comparison with m0n0wall.

pfSense includes failover functions; m0n0wall does not. Failover is moving over to a redundant or standby computer server, system, hardware component or network. Unlike switchover, failover is automatic and also requires no human intervention. As you might have guessed, having such functionality is not always crucial on a home network, but becomes vital for enterprise-level deployments, and the fact that pfSense enables invoking failover – and with many different trigger levels – is another good reason for utilizing it.

In addition, pfSense allows custom rules based on the user’s operating system. It’s not always something all administrators find valuable, but if you plan on implementing your system within a company or organization that uses multiple OSes, it is something to take into account.

One further consideration is that although both m0n0wall and pfSense both support virtual private networks (VPNs), m0n0wall only supports IPSec and PPTP protocols. pfSense, however, supports both IPSec and PPTP in addition to OpenVPN and L2TP. Since OpenVPN is rapidly gaining traction as IPSeec decreases in popularity, this is something to take into account if you are likely to use VPNs when connecting to other networks.

In spite of all these features, there are several reasons you might consider installing m0n0wall instead. Among the particular strengths of m0n0wall are the following:

m0n0wall has less exacting hardware specifications: pfSense has more functionality, but needs a 100 MHz Pentium with 128 MB RAM and 1 GB of storage space (for installation onto a hard drive or other media). m0n0wall, on the other hand, requires only 64 MB RAM and can work on 486s (though a Pentium II or III is more appropriate. I have been running m0n0wall for a number of years on an ancient 233 MHz Pentium with 64 MB RAM (running from a LiveCD with settings data saved on a floopy drive), and it has worked flawlessly.

m0n0wall incorporates many features. Although it does not possess all the capabilities that pfSense does, it still has many of the features the typical user would want in a firewall, including support for virtual private networks (VPNs), captive portal, traffic shaping, and inbound and outbound traffic filtering.

m0n0wall is simple. The m0n0wall web GUI has less options, and while this is a reflection of the reality that it has less functionality than pfSense, there is less that can go wrong, and the GUI is somewhat less complicated to browse through than pfSense’s GUI.

In summary, while m0n0wall is still perfectly acceptable for personal use and may also be acceptable for some companies, the enterprise-level user will probably find the more stringent hardware requirements and extra complexity of pfSense are trivial drawbacks in contrast with its added functionality.

About the Author: The author has 17 years experience in software engineering and information technology, and is an ardent supporter of free and open source software. He lives in New Jersey, which is not as bad as it sounds. Really. If you found this article helpful, be sure to check out my pfSense setup blog at:

pfsensesetup.com

Source:

isnare.com

Permanent Link:

isnare.com/?aid=1853016&ca=Computers+and+Technology }