General Questions

Hi, I'm very new to the world of firewalls so sorry if this is a stupid question.

At work we're installing some new debian servers in a rack which we have at a data center. The servers will be used for live video streaming to several thousand users and so we will be using about 1Gbps of bandwidth. This high end of firewalls is beyond me at the moment so I'm trying to learn.

We have been advised by the dc that a cisco ASA5550 would be the best device to get as is has the throughput. We have 2x1GBps ports coming into our rack and then about 5 servers inside the rack. Each server will have its own public and private IP address.

What I want to know is, is it possible for the m0n0wall box to deliver the same reliability of the cisco ASA5550 (we're willing to spend money on this if it's cheaper than a ASA5550 so something like a £1000 dell Xeon with RAID 1 SCSI drives which I know is overkill but this is mission critical) and also deliver the traffic to the servers based on the public IP address whilst still filtering out hack attempts etc?

One last question, obviously we'd have the two incoming connections hooked up, but we would also want to have two connections to the rack switch for redundancy purposes. Is this possible?

Thanks for any and all advice.

Andrew.

I would suggest you check out http://www.pfsense.com and http://forum.pfsense.com.

CS...

pfSense is more suitable for this type of deployment. For one, you're likely going to need more than the 30,000 state table size of m0n0wall and you would have to recompile the kernel to get that with m0n0 where it's adjustable in the web interface with pfSense. Also in that type of environment, you'll want stateful failover, and m0n0 doesn't offer that right now.

There are a lot of datacenter environments like you describe running a CARP pair with pfSense, it's proven to be an excellent solution for these kinds of environments.