untangle open source network gateway

Discussion in 'other firewalls' started by lodore, May 19, 2008.

Thread Status:
Not open for further replies.
  1. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    i found untangle awhile ago. www.untangle.com
    it has:
    PRODUCTIVITY:
    Spam Blocker
    Web Filter
    Protocol Control
    SECURITY:
    Virus Blocking
    Spyware Blocker
    Phish Blocker
    Intrusion Prevention
    Attack Blocker
    Firewall
    REMOTE ACCESS:
    OpenVPN
    MONITORING:
    Untangle Reports
    NETWORKING:
    Routing & QoS

    all the above are free the antivirus for the above is provided by clamAV
    then under Commerical Add-ons i noticed Kaspersky virus blocker
    for only $10 a month you can have kaspersky as a gateway AV for your home network.
    it goes something like internet--modem--untangle---switch---networked computers
    if you want it to filter wireless you need a wireless router connectec behind the untangle server.
    i may buy a cheap second network card for my old pc to test it.
     
    Last edited: May 19, 2008
  2. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It's awesome...absolutely awesome!
    I made a post about it last year....
    https://www.wilderssecurity.com/showthread.php?t=181493&highlight=untangle

    As well as a few other posts about various *nix distro UTM appliances..there are other distros that do similar tasks, such as Endian, IPCop with the Copfilter add-on, Astaro, etc.

    But Untangle stands above the crowd. I've used it at several clients of mine already (business networks). Signed up to become a reseller...it's that good.

    Great for adding protection to your Exchange server...you can run the appliance as a bridge in front of it...but I stick with having it as the primary router/NAT box for the network.

    I'd love to see UTM appliances get more attention around here....it's great to have them as a first layer of protection on your network. Having a hardware appliance perform scanning of all your traffic..filtering out bad websites, malware protection, SPAM, viruses....begs the question "why not?" This front line of protection brings ZERO performance impact to the computers behind it.

    Their new version which just came out...5.2, adds a remote support application to the "pro" version..which lets the IT support person connect to any computer behind the Untangle box...and be able to support it.

    Pro version has SSL VPN also.

    Very...very..cool product. :thumb:
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    hello YeOldeStonecat,
    glad you like the product.
    i agree it seems stupid not to use this epecially since for home use its free all you need is some spare hardware and two network cards and your sorted.
    what spec of hardware have you run this on?
    i have an old pentium 3 with 256mb of ram lying around that could be used if powerful enough?
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    You'll want to beef up the RAM....notice on their site it states minimum specs....1.0GHz, and 512 megs of RAM. It will fail the pre-install test that the CD runs when you try to install it with less than 512 megs.

    Recommended is a P4 with 1 gig of RAM minimum. But for a home setup....a P3 will do just fine...and 512 megs of RAM will do just fine. The Java based admin will take a bit to load...but you don't spend all day managing it..so who cares if it's slow. Its throughput will be adequate for a home setup of under 10x computers with a P3 and 512 megs.

    To help performance...you don't have to load every component of the "rack". Default install is just the router...you "add" components from the "library"..into the "rack". To see how cool it is..play with the online GUI demo..link is on this page...
    http://www.untangle.com/index.php?option=com_content&task=view&id=242&Itemid=967

    I have a few rigs running purely as gateways for clients Exchange servers...just the SPAM and Antivirus protection...on older P3's...such as 733 or 866 MHz. All it's doing is "washing the mail"...so I only loaded those components in the rack..and it does well.

    In other setups...where I have it running as a full router for clients...I use small form factor desktop computers..such as HP/Compaq Business desktops, and IBM NetVista models...small form factor desktop chassis, onboard Intel Pro NIC..Pentium 4, PCI riser to add another Intel or 3COM PCI network card..and they run like champs.

    These "UTM" distros require more horsepower to run..then a plain old *nix router distro...because UTM distros are doing much more work..scanning traffic for viruses and other threats, removing SPAM from mail, etc. Untangle has the most features of any distro I've seen...it can do more things..so naturally it does need more power..than say an older more basic *nix UTM distro such as Endian, or IPCop w/Copfilter.

    Untangles support forum is excellent also.

    And...they're here to stay...they're aggressive in the market...so those of you here who are small business network consultants....Untangle is working with SMB Nation...and building other similar relationships.
     
  5. typist

    typist Registered Member

    Joined:
    May 6, 2008
    Posts:
    4
    why not use vmware for testing instead - afaik it comes prepackaged for vmware.

    untangle still seems to lack some (possibly desirable) capabilities - such as voip pass-through and a caching web proxy, but apart from that, it's a very complete suite of products, and I agree that the kaspersky pricing is quite attractive.
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    They actually did already add VoIP support with 5.1, improved in 5.2..and they plan on building that feature in upcoming releases..possibly to something that has pre-canned packet shaping abilities such as PFSense.

    There have been a couple of requests in the feedback forum about web caching...but honestly...industry wide...it's a feature that sort of has become less needed over time. Todays browsers do a lot more caching per user than before. Websites change content much more frequently. The savings really only occurs in big enterprise grade networks..in which case..they're likely to have something like ISA onboard already. They're not ruling out adding that module though..we may see Squid implemented shortly.

    And yes they do have a special VM download for it..as well as step by steps in their forums and wiki.
     
Loading...
Thread Status:
Not open for further replies.