Christiaens Joachim wrote:
>>
>>How much traffic do they generate now?
> 
> 
> Hard to say, since they are on one big switched / hubbed(?) LAN now (25
> servers, 400 workstations), which will be replaced by a new network (new
> cat6, fiber backbone, all switched)

I would consider m0n0wall very carefully.  I could be wrong, but I don't 
seen anything about m0n0wall having a higher state limit.  I suspect a 
diverse group of machines and interfaces will max that limit out pretty 
quickly.  Especially with DNS traffic.  IPFilter has one big state table 
  that all interfaces share, and with that many machines you will see 
lots of states between machines on different interfaces.  The default is 
4013 states.

sys/contrib/ipfilter/netinet/ip_state.h  has the setting.

Which brings me to - is anyone looking at 5.x with PF for m0n0wall?  PF 
has the nice feature of a state table per interface...among many other 
things like load balancing. :)

Also- have you considered what a reboot of the m0n0wall machine would do 
to your network in the middle of the day?

>>>On a related matter: does anybody use gigabit nic's in their m0n0 ?
>>
>>We had an hp DL360 G3 on the bench yesterday and I popped in 
>>a m0n0wall 
>>1.0 cd just for fun.  Evertything seemed to work ok with the broadcom 
>>chipset gig nics.  It was only a short test though.
> 
> 
> That sounds promising already! :)

Well, I just saw the pretty lights and didn't see any big traffic.  It's 
also an incredibly slow boot.