So I have been tasked with setting up a core router/firewall for the organization that I do work for. I have looked at both Monowall and pfsense. They both look extremely similar, but Monowall looks easier to set up and maintain. Would there be a big advantage to go with Monowall over pfense? Or pfsense over monowall? Have you used either? Thoughts.

Haven't used either, but I remembered reading a nice little comparison of those and others awhile back. A quick google turned it up: http://www.fsckin.com/2007/11/14/7-d...alls-reviewed/

i'd recomend having a look at smoothwall and ipcop

http://www.ipcop.org/

http://www.smoothwall.org/

It is my understanding that PfSense does load balancing. Didn't see mention of that though on the review of any of the seven solutions reviewed? We want load balancing between a T1 and HughesNet Satellite.

The official documentation is normally a good place to check.

As a longtime pfSense and IPCop user, here's the short and quick of it:

IPCop is a fantastic linux-based router distro.

m0n0wall is a great BSD-based router distro.

pfSense is a great BSD-baded router distro, actually forked off m0n0wall ~5 years back. It primarily was intended to offer more advanced/enterprise-class features than those found in m0n0wall or other basic firewall distro's.

Both allow you to set up site-to-site and/or roadwarrior VPN connections, squid proxy configurations, static DHCP leases, easy saving/restoration of the configuration etc.

For a business environment I love pfSense, and have had it running at many offices, all the way back to release candidates of version 1.0. It offers some pretty nifty features like failover and load-balancing, as mentioned previously, in addition to processing network traffic with the BSD packet filter (pf) versus iptables in linux.

pf has some neat features by itself; one thing is being able to detect the Operating System of a computer on your network and have custom rules depending on the OS. Can be handy in certain mixed environments.

There are pro's and con's to each; I recommend fully researching both and a thorough pilot of the chosen platform in at least one office.

pfSense provides a great deal of extra features and options when compared to most firewall distro's, but it's a bit more technical, as well. It's not too bad, though--you still have an easy-to-use web-based GUI. You can run pfSense on a machine w/no hard drive, booting off a CDROM and loading the config from a USB thumb drive... less power use, and no worry of a head crash.

Load balancing is mentioned on the Info-->Features page at the pfSense web site (http://www.pfsense.org).

IPCop is a stable, linux-based firewall distro with a decent set of features, and tends to be a bit easier to install, perhaps. Works very well, but no support for load balancing, so I don't imagine it will work in your particular setup. Makes for a great home router box, though.

Though it should go without saying, read, read, and then read some more

Hope this gives you some more ideas.

2 members found this post helpful.

Strick: Thanks for that. I am going to mess with pfsense some more. Maybe I will get it figured out and working the way we want. Certainly want the fail-over and load balancing we will get with it. Have two identical servers here. Is it hot-fail over? When one fails does the second server automatically take over?

Just want to dig this tread again.

Can both act as a bandwidth manager?

Look at untangle too.

Strick had some good information. What anyone looking into a firewall needs to do is see what it does under stress. If you use a linux distribution (which uses iptables) then under an attack such as DDoS your firewall grinds to a halt until the attack is over. In a business atmosphere this is unacceptable. I like the features of Untangle and other linux firewalls, but I would only use them in SOHO installations. If you need something that will still pass data under an attack and do not want to shell out money to Cisco for a PIX then BSD is the base distribution you need to use. BSD under an attack will still pass data through the firewall/router. I have used Linux and BSD firewalls. The linux ones are sweet on ease of use and features. as opinions are like @ssholes the top 10 are all about the same. just look for the features you want. For BSD boxes, monowall and pfSense are the way to go. monowall is great for embeded applications. pfSense being a fork from monowall from a few years ago and is monowall + enterprise functionality. Remember that BSD is also more scalable and uses a lot less resources. A BSD firewall will need 256mb of ram and a 300mhz cpu where as a linux variant would require 1GB of ram and a 1Ghz cpu for the same amount of users. This means that under BSD you can use ancient or more cost effective hardware and get the same result. If I wanted the best firewall for reliability in a business atmosphere I would choose pfSense (that is if Cisco or Juniper were out of the budget). If it was for my house or small office I would use smoothwall or UnTangle. I hope this helps.

-Bryan

1 members found this post helpful.

pfsense is way better than untangle. although untangle is much easier to install than pfsense and untangle has a sweet filtering options than pfsense, its hardware requirements exceed the most target system. PfSense is a great firewall distro, while untangle has much more filtering capabilities. look at my simple comparison about pfsense and untangle

helmikuu,

Very nice write up. I only disagree with the capabilities of pfsense. pfsense can do everything that untangle can. The problem as you pointed out is configuration. That is very true. Pfsense is not cumbersome just advance. very advance. If you can add to your review pfsense hardware requirements that be great. I think you have something there.

When it comes down to comparing monowall to pfsense (the topic of this thread) as above monowall is best for embedded and pfsense is best for pc firewall router.

I agree the linux firewalls should also be looked at. Untangle is very good. When it comes down to it, end users need to look at features,
what it is going to be used for, and what is stable for their application. We can find examples where any of the bsd or linux distro's are better than each other in specific situations. I can attest that all of the ones described in this thread are stable and good to use. Totaling up features does not make one better than another. Look for features that matter for your application. Best thing to do is test a few out, load test and attack them and see which you like.


-Bryan

Bryan

Thank you for enlightening me. I will try to improve my review.

-Helmikuu

My goal is to use one of those tools (pfsense or m0n0wall) as a hotspot solution (captive portal), so im interested what is your opinion which is better.
On first they r basically the same, m0n0wall have extra vaucher abillity (thats big plus) but GUI looks little bit older (not that im a gui fanatic or smth)
and that is all i have noticed as a difference .
One of my problems is that i cannot find some kind of user managament on either of those servers (i would like to give different restrictions to different user)...

Well, if u have some experinece on captive portal management with those tools please write me some review...

Tnx

Zli

Zli: have you looked through the docs at the pfSense site? There's even a nice tutorial on Captive Portal config: http://doc.pfsense.org/index.php/Tutorials

Really, if you don't require 802.11n hardware support at the moment, it's hard to beat pfSense for all its features. They're likely very close to an official release candidate for version 2.0, which adds all sorts of nice stuff to an already-solid BSD-based firewall distro.

That said, you didn't specify just what level of user management in which you're interested... there is a limited amount of different user levels for administering the firewall itself, but if you're looking for web-related restrictions you will need to investigate squid and authenticated proxies, or perhaps even building custom rulesets defined by MAC's etc.

Good luck!