[ previous ] [ next ] [ threads ]
 
 From:  Jesse Guardiani <jesse at wingnet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Experiences in 50+ user organizations?
 Date:  Thu, 24 Feb 2005 13:49:27 -0500
Eric Collins wrote:

> 
> 
> David Statman wrote:
> 
>>Hi,
>>
>>We're looking at using m0n0wall at our company.  We currently have around
>>50 users internally, although we could end up at 60-70 users by the end of
>>the
>>year.  I'd like to hear from others who use m0n0wall in similarly-sized
>>organizations, particularly with respect to whether or not you've
>>experienced any performance issues.  My boss is a little skittish about
>>relying on open source software (however good it may be) for our firewall.
>>
>>More info...We host a website with ASP pages that query a SQL database. 
>>So far, the number of simultaneous connections to our website has remained
>>under 100.  We also have an Exchange server and an FTP server.  About 15
>>remote users connect to us via Terminal server.  We also have a VPN tunnel
>>established with one of our business partners.
>>
>>Thanks in advance to any who share their experiences,
>>
>>David Statman
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>
>>  
>>
> David,
> 
> Currently our company offers high speed internet (5mb per user) to the
> building tenants where our datacenter is located, in all we have around
> 120 clients using this network which all lies behind a single m0n0wall
> system. It never blinks, I have had 1 lockup in the last 3 months which
> turned out to be a flakey power supply. The system typically on a busy
> day pushes 7-15Mbps without problems. Hardware is a P4 3.2 with 1024mb
> ram and Intel Pro NICs.
> 
> We also use it to protect our server farms, some run in DMZ (bridged)
> others run in the LAN with port forwards. On our main server rack we
> have each server with 2 NICs one NIC is connected to the filtered bridge
> DMZ side for public services (web mail dns..etc) the other NIC is
> connected to the LAN side where we provide VPN access for our employees
> to access and maintain the servers over an encrypted channel. This setup
> so far has served us great its been  rock solid. Hardware for these
> setups is a P4 3.2 with 1024mb ram and Intel Pro NICs.
> 
> As for performance issues, all I can say is use good hardware, it make
> one heck of a difference when pushing the Mbps around. I personally
> wouldnt use a wrap or soekris board for what we have setup because of
> the throughput we need, so we went with high end.

I tend to agree with this. I had a Soekris 4801 riding a saturated T1
in bridge mode doing traffic shaping for about a week. The webGUI was
painfully slow, but the Soekris seemed to handle the traffic quite well.

I wouldn't place a Soekris 4801 on anything larger than a saturated T1
though.

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net