[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Tor Bechmann Sorensen <tor at studentergaarden dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Is a m0n0wall the right choice for my institution?
 Date:  Wed, 29 Jun 2005 14:36:22 -0400
On 6/29/05, Tor Bechmann Sorensen <tor at studentergaarden dot dk> wrote:
>     1) it only requires a minor investment and thus no risk in that
> sense (if we decide move to a different solution later we will not be
> bound by a large investment in hardware),


>     2) since management of the firewall would be just as easy as with a
> "hardware-firewall",


>     3) since it would provide us with more flexibility for future needs
> (we'll be moving a lot and our needs may expand),

depends on what those needs might be.  If a layer 3-4 firewall is
sufficient for those needs, then yes, it'll serve you well.

>     5) since I think that I can provide the same uptime, and the
> necessary performance with a m0n0wall.
> I have however, based on the information that I have been able to find,
> started worrying if 5) is really true.
> I am hoping someone here with more experience than myself can help me
> judging whether 5) is true.

What makes you think it isn't?  

My experience - I have installed about 2-3 dozen for a number of
companies, and I've yet to get a single phone call on anything other
than configuration changes.  As far as uptime, the one that's been in
the field the longest without a site power outage was up for more than
one straight year until the company recently moved into a new
building, and of course had to power it down in the process.

Netcraft's top 50 longest uptimes list is always dominated by the
BSD's.  For you Linux fanboys out there, it doesn't even have ONE host
in the list right now (and usually doesn't).  Windows 2000 is far
better represented.  http://uptime.netcraft.com/up/today/top.avg.html

As for performance, as long as you're throwing enough hardware at it,
that won't be an issue.  Even at that it won't be an issue unless you
have a huge amount of bandwidth.  For the sake of reliability, I'd
stick with one of the embedded boxes (Soekris or WRAP should be
sufficient).  All my installs are WRAP or Soekris 4501.  If for some
reason you need to upgrade hardware in the future, migrating your
configuration is a breeze.  But unless you're getting a T3 or close to
it, a Soekris or WRAP will do the trick.