Some of those who are contemplating either upgrading from m0n0wall to pfSense or who are thinking about which firewall/router to utilize are likely weighing the advantages of these two platforms. m0n0wall is a customized version of FreeBSD developed to act as a firewall and router; pfSense is a fork of the m0n0wall project, yet while m0n0wall had been developed to work well with embedded systems, pfSense targets full PC installations. In this article, I will try to go over the advantages of each software. I will begin with pfSense.
pfSense includes load balancing; m0n0wall does not. Load balancing is a computer networking method for disbursing workloads across multiple computers or a computer cluster, network links, CPUs, disk drives, or other resources. Clearly, the more your networks employ distributed computing, the more important load balancing is going to become as a means of enhancing resource use, maximizing throughput, minimizing response time, and avoiding overload. You need dedicated software or hardware in order to perform load balancing, and pfSense can serve this particular function. This itself makes pfSense considerably more of an enterprise-level firewall in comparison with m0n0wall.
pfSense incorporates failover functions; m0n0wall does not. Failover is switching to a redundant or standby computer server, system, hardware component or network. Unlike switchover, failover is automatic and needs no human intervention. As you may have suspected, possessing such capabilities is not always crucial on a home network, but becomes essential for enterprise-level deployments, and the fact that pfSense allows invoking failover – and with a number of trigger levels – is yet another good motive for using it.
In addition, pfSense will allow custom rules based upon the user’s operating system. This may not be something all administrators find valuable, but if you plan on deploying your system within a company or organization that uses several OSes, it is something to consider.
One further consideration is that while both m0n0wall and pfSense both support virtual private networks (VPNs), m0n0wall only supports IPSec and PPTP protocols. pfSense, in contrast, supports both IPSec and PPTP as well as OpenVPN and L2TP. Since OpenVPN is rapidly gaining traction as IPSeec decreases in popularity, this is something to take into account if you are likely to use VPNs when connecting to other networks.
In spite of all these features, there are several reasons you might think about installing m0n0wall as an alternative. Among the particular advantages of m0n0wall are the following:
m0n0wall has less stringent hardware specifications: pfSense has more functionality, but requires a 100 MHz Pentium with 128 MB RAM and 1 GB of storage space (for installation onto a hard drive or other media). m0n0wall, on the other hand, requires merely 64 MB RAM and can run on 486s (though a Pentium II or III is more appropriate. I have been running m0n0wall for a number of years on an old 233 MHz Pentium with 64 MB RAM (running from a LiveCD with settings data saved on a floopy drive), and it has worked perfectly.
m0n0wall incorporates many features. Even though it does not have all the features that pfSense does, it nevertheless possesses many of the features the typical user would really want in a firewall, such as support for virtual private networks (VPNs), captive portal, traffic shaping, and inbound and outbound traffic filtering.
m0n0wall is simple. The m0n0wall web GUI has less options, and while this is a manifestation of the fact that it has less functionality than pfSense, there is less that can go wrong, and the GUI is somewhat less complicated to navigate than pfSense’s GUI.
In conclusion, while m0n0wall is still perfectly satisfactory for personal use and might even be acceptable for some businesses, the enterprise-level user will probably find the more stringent hardware requirements and extra complexity of pfSense are minor drawbacks in contrast with its added functionality.