Some of those who are considering either upgrading from m0n0wall to pfSense or who are considering which firewall/router to deploy are likely weighing the merits of these two platforms. m0n0wall is a customized version of FreeBSD designed to act as a firewall and router; pfSense is a fork of the m0n0wall project, but while m0n0wall was designed to work well with embedded systems, pfSense targets full PC installs. In this article, I will attempt to summarize the advantages of each software. I will begin with pfSense.
pfSense incorporates load balancing; m0n0wall does not. Load balancing is a computer networking method for distributing workloads across multiple computer or a computer cluster, network links, CPUs, disk drives, or other resources. Obviously, the more your networks employs distributed computing, the more important load balancing will become as a means of optimizing resource use, maximizing throughput, mimimizing response time, and avoiding overload. You need dedicated software or hardware to perform load balancing, and pfSense can serve this function. This in itself makes pfSense much more of an enterprise-level firewall than m0n0wall.
pfSense incorporates failover capabilities; m0n0wall does not. Failover is switching to a redundant or standby computer server, system, hardware component or network. Unlike switchover, failover is automatic and requires no human intervention. As you may have guessed, having such capabilities is not necessarily crucial on a home network, but becomes crucial for enterprise-level deployments, and the fact that pfSense allows invoking failover - and with several different trigger levels - is another good reason for using it.
In addition, pfSense allows custom rules based on the user's operating system. This may not be something all administrators find useful, but if you plan on deploying your system within company or organization that uses multiple OSes, it is something to consider.
In spite of all these features, there are several reasons you might consider installing m0n0wall instead. Among the advantages of m0n0wall are the following:
m0n0wall has less stringent hardware requirements: pfSense has more functionality, but requires a 100 MHz Pentium with 128 MB RAM and 1 GB of storage space (for installation onto a hard drive or other media). m0n0wall, on the other hand, requires only 64 MB RAM and can run on 486s (though a Pentium II or III is more appropriate. I have been running m0n0wall for several years on an old 233 MHz Pentium with 64 MB RAM (running from a LiveCD with configuration data saved on a floopy drive), and it has worked flawlessly.
m0n0wall incorporates many features. Although it does not have all the features that pfSense does, it still has many of the features the typical user would want in a firewall, including support for virtual private networks (VPNs), captive portal, traffic shaping, and inbound and outbound traffic filtering.
m0n0wall is simple. The m0n0wall web GUI has less options, and while this is a reflection of the fact that it has less functionaliy than pfSense, there is less that can go wrong, and the GUI is somewhat easier to navigate than pfSense's GUI.
In summary, while m0n0wall is still perfectly adequate for personal use and might even be acceptable for some companies, the enterprise-level user will probably find the more stringent hardware requirements and additional complexity of pfSense are minor drawbacks in comparison with its additional functionality.
If you found this article helpful, be sure to check out pfSense Setup HQ, my pfSense blog. Here you will find several tutorials to help you set up and configure your pfSense box.
pfSense incorporates load balancing; m0n0wall does not. Load balancing is a computer networking method for distributing workloads across multiple computer or a computer cluster, network links, CPUs, disk drives, or other resources. Obviously, the more your networks employs distributed computing, the more important load balancing will become as a means of optimizing resource use, maximizing throughput, mimimizing response time, and avoiding overload. You need dedicated software or hardware to perform load balancing, and pfSense can serve this function. This in itself makes pfSense much more of an enterprise-level firewall than m0n0wall.
pfSense incorporates failover capabilities; m0n0wall does not. Failover is switching to a redundant or standby computer server, system, hardware component or network. Unlike switchover, failover is automatic and requires no human intervention. As you may have guessed, having such capabilities is not necessarily crucial on a home network, but becomes crucial for enterprise-level deployments, and the fact that pfSense allows invoking failover - and with several different trigger levels - is another good reason for using it.
In addition, pfSense allows custom rules based on the user's operating system. This may not be something all administrators find useful, but if you plan on deploying your system within company or organization that uses multiple OSes, it is something to consider.
In spite of all these features, there are several reasons you might consider installing m0n0wall instead. Among the advantages of m0n0wall are the following:
m0n0wall has less stringent hardware requirements: pfSense has more functionality, but requires a 100 MHz Pentium with 128 MB RAM and 1 GB of storage space (for installation onto a hard drive or other media). m0n0wall, on the other hand, requires only 64 MB RAM and can run on 486s (though a Pentium II or III is more appropriate. I have been running m0n0wall for several years on an old 233 MHz Pentium with 64 MB RAM (running from a LiveCD with configuration data saved on a floopy drive), and it has worked flawlessly.
m0n0wall incorporates many features. Although it does not have all the features that pfSense does, it still has many of the features the typical user would want in a firewall, including support for virtual private networks (VPNs), captive portal, traffic shaping, and inbound and outbound traffic filtering.
m0n0wall is simple. The m0n0wall web GUI has less options, and while this is a reflection of the fact that it has less functionaliy than pfSense, there is less that can go wrong, and the GUI is somewhat easier to navigate than pfSense's GUI.
In summary, while m0n0wall is still perfectly adequate for personal use and might even be acceptable for some companies, the enterprise-level user will probably find the more stringent hardware requirements and additional complexity of pfSense are minor drawbacks in comparison with its additional functionality.
If you found this article helpful, be sure to check out pfSense Setup HQ, my pfSense blog. Here you will find several tutorials to help you set up and configure your pfSense box.
SHARE
