[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall Feature Comparison
 Date:  Mon, 20 Dec 2004 20:14:04 +0100
Am Montag, den 20.12.2004, 11:39 -0700 schrieb Mat Murdock:
> I've made a pdf comparing M0n0wall to a Cisco 506e.  I wanted to make 
> sure that my comparison was accurate.  Any input would be helpful.  It 
> can be viewed here:  http://kimballequipment.com/mono/features.pdf  Any 
> input would be appreciated.

				m0n0wall	cisco
Stateful Packet Filtering with block/pass rules on all Interfaces and
				yes		yes (but no reject)
Web Interface (supports SSL)
				yes		java based (pdm)
SVG-based real-time traffic monitor
				yes		many statistics incl.
						traffic monitor
Caching DNS Forwarder with Optional Static Entries
				yes		no (but fixup for DNS)
Easy VPN client			no		yes
Easy VPN server			no		yes
VPN Client included		no (available	yes
				for license fee)
filtering incomin VPn traffic
				no		yes
Security device reachable via VPN tunnel
				no		yes
secure Logging to Remote Syslog Server
(via VPN tunnel)		no		yes
PPTP VPN endpoint (with Radius authentication support)
				yes		yes (+tacacs)
mobile IPSec clients
/w certificates			no		yes
/w RADIUS			no		yes (+tacacs)
Number of 10/100 Interfaces	>1		2 (515E: 3-6)
Client Licenses Required	no		no (501: 
CLI:				no (minimal	yes (similar to IOS)
				through exec.php)
extensive debugging features	no (minimal	yes
				through exec.php)
hardware support by vendor	no		yes

Summary: PIX isn't as bad as said earlier in this list. PIX does a good
job of what it is designed for. Not more. VPN is a great deal IMHO,
while the absence of many DNS features (DNS forwarder, DynDNS) sometimes
confuses me (note: PIX is a security device and no feature monster).

Ciao ...
	... PIT ...

 copyleft(c) by |           They can always run stderr through
 Peter Allgeyer |   _-_     uniq. :-)  -- Larry Wall in
                | 0(o_o)0   <199704012331 dot PAA16535 at wall dot org>