[ previous ] [ next ] [ threads ]
 
 From:  "Tonix (Antonio Nati)" <tonix at interazioni dot it>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] CARP/VRRP on monowall
 Date:  Mon, 03 Jan 2011 09:44:54 +0100
If it is less costly pfsense or cisco, has nothing to do with my 
request: a monowall with carp would be well accepted.

Actually, there are more reasons which make me prefer monowall to 
pfsense (i.e. not mounting a flash disk for intensive work and/or 
swapping, better shaping, impressive I/O performance), which are valid 
for all, despite of local needs.

Instead, network topology and network features are topics which are 
competely different from company to company, so you cannot make a 
general assumption.

Regards,

Tonino

Il 01/01/2011 14:34, Klaus Stock ha scritto:
> ?> We switched from monowall to pfsense only for redundancy reasons, 
> but we
>> miss speed and semplicity of monowall, and we'd love to switch back 
>> whenever possible.
>
> I suppose that a major part of the speed and simplicity of m0n0wall 
> vs. pfSense is that such "exotic" features are being left out.
>
> A fully redundant internet connection with fully transparent 
> (unnoticeable) failover also requires quite a bit of complexity on the 
> internet provider's side, which makes it so costly that very few 
> people actually consider this. And if you pay $$$ for the neccesseary 
> infrastructure on the provider's side, you might as well afford to 
> spend a bit more money for labor and hardware on your side.
>
> Unless you plan on using it only for an inner firewall. Here you might 
> get away by not using a single HA firewall (with CARP and enerything) 
> but by two separate simple firewalls. This assumes that you have 
> redundant machines both in the DMZ and the backend. So one firewall 
> betwen pirmary DMZ machine and primary backend nachiness, and another 
> one between secondary DMZ and backend machines. The failover machnism 
> which switches for primary DMZ to secondary DMZ machines may then take 
> also care of failing backend machines or inner firewalls.
>
>
> And still pfSense appears more accessible that what for example Cisco 
> has to offer ;-)
>
>
> Best regards, Klaus
>


-- 
------------------------------------------------------------
         Inter@zioni            Interazioni di Antonio Nati
    http://www.interazioni.it      tonix at interazioni dot it
------------------------------------------------------------