Jeff Rhys-Jones wrote:
> However, on reading the manual - it could not be spelt out clearer, the
> message is this: DO NOT USE IT FOR PRODUCTION!
> What I would really like to know is - why?
Really? Jeff, is there any software available that does not come with
a shrinkwrap license that says, in effect, "We know our marketing
literature says our product X is a Y, but you agree that we make
no representations whatsoever as to its fitness for use as a Y."
Disclaimers are pro forma. Ignore them.
> Is it something to do with a fundamental issue - like performance -
> I have had a trawl through these lists and it seems that people *are*
> using monowall on ESX - and it seems that from what most people say -
> the main issue are issues / mis-configurations of virtual switches.
> If used as an additional layer of security (in a virtual data centre,
> behind a dedicated firewall and providing better VM to VM segregation) -
> would it hurt?
> Or would it cause everything to fall to bits?
I have as much confidence in m0n0wall as I do Checkpoint. No exaggeration.
It is not as featureful, but you can deploy many m0n0wall VMs for the
footprint, computational load and $$$ of a Checkpoint FW.
Anyway, I would not put any security VM into production unless I had
tested it in my dev and staging environments. Fortunately, Xen and
ESX make this quite feasible.
Your experience is key -- there may not be enough people who have
already done what you propose to make it a mature field of endeavor.
In which case, we look forward to your report. Welcome to a world
of people no better than yourself! Disappointing, isn't it?
I also want to say:
Manuel is at the top of a short list of people whom I would hire without
any hesitation. Not only is m0n0wall technically innovative (XML-based
config? now everyone will do it!), he has been a consummate professional
in the way he's handled the project, fielded complaints/RFEs/etc.