On 25.10.2005, at 00:38, Chad R. Larson wrote:
> Andres Petralli wrote:
> We are a multi-national company with about 7000 employees. The very
> first firewall an outsider sees (or, rather, doesn't see) is a
> m0n0wall/Soekris box. Perhaps that is why I value security so highly.
I highly doubt that all your 7000 employees run over that box. Maybe
you use those boxes to connect subsidiaries of your company which may
be connected together over conventional ADSL or other cheap internet
lines. Whatever... there are always exceptions.
The fact that enterprise routing protocols like bgp4+, ISIS and ospf
are missing and that there is no way to cluster m0n0walls for
redundancy are clear indications, that it is not meant for this high
profile kind of enterprise use. If all your 7000 employees depend on
that single box, well then I really wouldn't like to have your job!
In m0n0wall everything, or at least most of it is built around NAT
and using the box as a router for internet lines where only one ore a
few IP addresses are available. This already does disqualify it as a
solution for medium and bigger sized companies. Other things like
PPPoE also indicate, that m0n0walls target user group is rather the
adsl and cable ISP user than companies that connect their network to
carriers with fibre lines.
But hey, maybe this is the whole point about this discussion. Maybe
the developers here should define what m0n0wall is about and who the
target audience is, wheter it should be a cheap but powerfull
firewall/router for everyone or a true substitute to checkpoint
firewalls and cisco routers. Personally I think that it is futile to
try to replace the later ones and that you can't build a box for home
and soho use while also building the same system towards enterprise
usage. But I'm fine with a box that is geared towards enthusiast
rather than towards enterprises. This is where m0n0wall really could
find a solid user base.