On 25.10.2005, at 00:38, Chad R. Larson wrote:


> Andres Petralli wrote:
> We are a multi-national company with about 7000 employees.  The very
> first firewall an outsider sees (or, rather, doesn't see) is a
> m0n0wall/Soekris box.  Perhaps that is why I value security so highly.
>

I highly doubt that all your 7000 employees run over that box. Maybe  
you use those boxes to connect subsidiaries of your company which may  
be connected together over conventional ADSL or other cheap internet  
lines. Whatever... there are always exceptions.

The fact that enterprise routing protocols like bgp4+, ISIS and ospf  
are missing and that there is no way to cluster m0n0walls for  
redundancy are clear indications, that it is not meant for this high  
profile kind of enterprise use. If all your 7000 employees depend on  
that single box, well then I really wouldn't like to have your job!

In m0n0wall everything, or at least most of it is built around NAT  
and using the box as a router for internet lines where only one ore a  
few IP addresses are available. This already does disqualify it as a  
solution for medium and bigger sized companies. Other things like  
PPPoE also indicate, that m0n0walls target user group is rather the  
adsl and cable ISP user than companies that connect their network to  
carriers with fibre lines.

But hey, maybe this is the whole point about this discussion. Maybe  
the developers here should define what m0n0wall is about and who the  
target audience is, wheter it should be a cheap but powerfull  
firewall/router for everyone or a true substitute to checkpoint  
firewalls and cisco routers. Personally I think that it is futile to  
try to replace the later ones and that you can't build a box for home  
and soho use while also building the same system towards enterprise  
usage. But I'm fine with a box that is geared towards enthusiast  
rather than towards enterprises. This is where m0n0wall really could  
find a solid user base.


Kind regards,

Andres