Am Montag, den 20.12.2004, 11:39 -0700 schrieb Mat Murdock:
> I've made a pdf comparing M0n0wall to a Cisco 506e. I wanted to make
> sure that my comparison was accurate. Any input would be helpful. It
> can be viewed here: http://kimballequipment.com/mono/features.pdf Any
> input would be appreciated.
m0n0wall cisco
-----------------------------------------------------------------------
Stateful Packet Filtering with block/pass rules on all Interfaces and
Logging
yes yes (but no reject)
Web Interface (supports SSL)
yes java based (pdm)
SVG-based real-time traffic monitor
yes many statistics incl.
traffic monitor
Caching DNS Forwarder with Optional Static Entries
yes no (but fixup for DNS)
Easy VPN client no yes
Easy VPN server no yes
VPN Client included no (available yes
for license fee)
filtering incomin VPn traffic
no yes
Security device reachable via VPN tunnel
no yes
secure Logging to Remote Syslog Server
(via VPN tunnel) no yes
PPTP VPN endpoint (with Radius authentication support)
yes yes (+tacacs)
mobile IPSec clients
/w certificates no yes
/w RADIUS no yes (+tacacs)
Number of 10/100 Interfaces >1 2 (515E: 3-6)
Client Licenses Required no no (501:
10,50,unlimited)
CLI: no (minimal yes (similar to IOS)
through exec.php)
extensive debugging features no (minimal yes
through exec.php)
hardware support by vendor no yes
Summary: PIX isn't as bad as said earlier in this list. PIX does a good
job of what it is designed for. Not more. VPN is a great deal IMHO,
while the absence of many DNS features (DNS forwarder, DynDNS) sometimes
confuses me (note: PIX is a security device and no feature monster).
Ciao ...
... PIT ...
---------------------------------------------------------------------------
copyleft(c) by | They can always run stderr through
Peter Allgeyer | _-_ uniq. :-) -- Larry Wall in
| 0(o_o)0 <199704012331 dot PAA16535 at wall dot org>
---------------oOO--(_)--OOo----------------------------------------------- | 