[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall Feature Comparison
 Date:  Mon, 20 Dec 2004 14:19:29 -0500
On Mon, 20 Dec 2004 11:39:39 -0700, Mat Murdock
<mmurdock underscore lists at kimballequipment dot com> wrote:
> I've made a pdf comparing M0n0wall to a Cisco 506e.  I wanted to make
> sure that my comparison was accurate.  Any input would be helpful.  It
> can be viewed here:  http://kimballequipment.com/mono/features.pdf  Any
> input would be appreciated.

PIX does support PPTP with RADIUS auth.  

Online firmware upgrade is on the PIX as well as m0n0wall, but it's a
whole lot easier on m0n0wall.  Upload through the webGUI, vs. pulling
over via TFTP.

You left out ALG's, Application Layer (or Level, depending on who you
ask) Gateways.  ipfilter has some, PIX has more and they're better
overall.  To get more details on that, you'd have to do some research
or ask a ipfilter guru.

PIX has stateful failover.  Not sure if the 506 supports that, but the
bigger ones do.  m0n0wall has no failover at this point.

PIX has fine grained access control for administrative users. 
m0n0wall has one user with full control.  PIX supports AAA

PIX supports RADIUS and TACACS+ traffic accounting.  

PIX doesn't have captive portal like m0n0wall does, but does support
authentication for traffic it passes, and has more fine grained
control than captive portal offers.

Everything else looks accurate at a glance.