Re: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform

From:	Michel Servaes <michel at mcmc dot be>
To:	monowall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform
Date:	Tue, 09 Sep 2008 19:02:43 +0200

I personally feel a bit akward to put an ESX physically on a WAN link!
Since your VM host will be servicing a monowall "guest", your vmware 
solution (either ESX or VMWare Server) would be running directly in 
contact with the internet... that's why I guess that it's ideal to run a 
monowall (or pfsense) in vmware for testing out new features...

kind regards,
michel

Jeff Rhys-Jones schreef:
> I have taken a good look at Monowall and think it's a great bit of 
> coding. Monowall has a very small OS footprint, and is therefore idea 
> to run in virtual environments.
>
> Initially I was very excited about the VMWare version of Monowall, as 
> I can see a clear need for people to use Firewall VM appliances. It's 
> a hot topic right now.
>
> However, on reading the manual - it could not be spelt out clearer, 
> the message is this: DO NOT USE IT FOR PRODUCTION!
>
> What I would really like to know is - why?
>
> Is it something to do with a fundamental issue - like performance - 
> security?
>
> I have had a trawl through these lists and it seems that people *are* 
> using monowall on ESX - and it seems that from what most people say - 
> the main issue are issues / mis-configurations of  virtual switches.
>
> If used as an additional layer of security (in a virtual data centre, 
> behind a dedicated firewall and providing better VM to VM segregation) 
> - would it hurt?
>
> Or would it cause everything to fall to bits?
>
> Anyone?
>
> Jeff
>
> ACC International Ltd
>
> t: +44 (0) 20 70436093
> f: +44 (0) 20 70436099
> e: jeff at acc dash international dot co dot uk
>
>
>
>
>