UTM Thread.

Discussion in 'other firewalls' started by Mayahana, Nov 5, 2014.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Right now I have double Layer-7 UTM's on the home network. ZyXEL USG60 NGFW with Kaspersky UTM, and then a Untangle Appliance in transparent/bridge.

    ZyXEL is very very busy; (yes, that's almost 10,000 intrusions blocked, and 20,000 viruses stopped)

    Top 5 Intrusions
    # Signature ID Signature Name Type Severity Hits
    1 1059595
    SSL OpenSSL GnuTLS Server Hello Session ID Heap Buffer Overflow Buffer-Overflow severe 8945
    2 1059596
    SSL OpenSSL GnuTLS Server Hello Session ID Heap Buffer Overflow Buffer-Overflow severe 141
    3 1058608
    FILE Invalid XML Version Buffer-Overflow severe 80
    4 1059598
    SSL OpenSSL GnuTLS Server Hello Session ID Heap Buffer Overflow Buffer-Overflow severe 52
    5 1056687
    EXPLOIT Generic Javascript Obfuscation -5 Web-Attacks severe 35

    Top 5 Viruses
    # Virus Name Hits
    1 Trojan-Downloader.Win32.FraudLoad.wxnp 16078
    2 Trojan-Ransom.Win32.PornoAsset.gvv 282
    3 Hoax.Win32.ArchSMS.owa 108
    4 Trojan-Downloader.Win32.Geral.tnc 77
    5 Trojan-Downloader.Win32.VB.aa 67

    Untangle? Not so busy...
     

    Attached Files:

  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I had tried Untangle before, but since I don't completely own my network, conflicts over what to filter arose. Eventually, we settled it by removing Untangle altogether and never looked back.
     
  3. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    anyone have any thoughts on Untangle Firewall? I haven't tried the other yet but using it mostly for the AV, Intrusion Prevention and the Adblocker in transparent mode.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Actually, I'm going to setup one with my own access point. I have a spare machine with the following specs.
    Old Desktop [15" 1280x1024]:
    Intel Pentium 4 @ 3 GHz
    2 GB SDRAM
    80 GB HDD + 160 GB FakeRAID
    ATI Radeon HD 4670 @ 256 MB

    What I'm looking for other than meeting hardware requirements (32-bit CPU) are: universal file server, good intrusion prevention, and extensive configuration.

    Also, how would I go about properly testing one under VirtualBox? Thanks.

    *Think I am going with ClearOS.
     
    Last edited: Nov 21, 2014
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    I'm also wondering about hardware requirements. I have an old dual core laptop with an SSD and 3GB ram. It's pretty slow running Windows 7 so would it be strong enough to run a UTM without slowing down my 50mb connection? I don't want to find out it isn't after I have it setup :) It should be good in terms of power consumption though. The SSD draws a lot less then a spinning drive and of course the screen can be off most of the time. Perhap Mayahana will weigh in?
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    After setting up for hours, I still have problems with connecting to the file servers and my connection speed is now a quarter of what it was. Therefore, experiment failure.
     
  7. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,077
    try ipfire
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    Which UTM software did you try?
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    ClearOS. The speed bottleneck may be the WiFi adapter I was using as an access point. For now, I'm not going to bother with routing all my traffic through there, going with some sort of file/media server.
     
  10. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Sophos UTM home is very strong.. I think too strong for the home.

    It blocks so much, and at times refuses to allow traffic you may need. For example my smart TV creates a situation that 'looks' like a DOS/Flood, so no matter what I do Sophos blocked it by default, and I couldn't manually unblock it as this kind of thing is core to the product. Also it will block EVERYTHING non-business.. Steam, Streaming, etc.. It's a chore to manually exclude every possible thing, only to find it blocking something else.

    Good for business, I'd skip it for home.
     
  12. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    That's too lite of a machine for ClearOS.. I found ClearOS to be OK personally but it needs more hardware than they claim. Overall, I find most of these Linux or Distro based Firewalls to be pretty lousy in comparison to things like ZyXEL or Fortinet. Untangle is fine, and works, although not all that impressive in features and power, it does work. Especially in transparent mode.

    I still MUCH prefer dedicated, vendor locked hardware solutions to these distros - by a huge margin.

    I like Untangle at least for Adblocking at the network level, it's fine for that.
     
  13. DX2

    DX2 Guest

    I have a old desktop with E6600 2.4ghz dual core, 2gigs ram. What would be a good UTM for this box?
     
    Last edited by a moderator: Dec 5, 2014
  14. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Thanks for the feedback.

    Sophos UTM Home would probably work for me since I use my PC's mainly for web browsing with some streaming video (YouTube, etc.).

    However, my ZyXEL ZyWALL ZWUSG20 Internet Security Firewall has been doing a good job for me in the recent years. I will probably just keep using it.
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Recently got an Asus Eee PC 4G for free, wonder what's the best gateway for that.
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Lower requirements - untangle. But Untangle needs Snort set to BLOCK, as the overlords at Untangle seem to think IPS isn't needed so they toss one on it, and leave everything off. With it all turned on, it's pretty good! ClamAV on the UTM isn't great, but it catches stuff, Adblock is really nice on Untangle.. Hardware requirments are pretty low. ClearOS, Sophos, they can require a bit of muscle on the hardware depending on what features you enable. IPFire, and Endian are light, but not as good UTM's I hear. pfSense, Untangle, probably your best options.

    I will admit I dislike these distro UTM's. Compared to real UTM's with real hardware, they fall short in every way. I run Untangle in transparent mode to back up my main UTM.
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yeah, I was thinking about pfSense, but it'll probably be a bottleneck again for little to no gain (since I'm not targeted). Don't feel like reinstalling everything when I just got Puppy Linux working on that thing. It'll probably be a digital photo frame or something like that lol.

    UTM's are interesting, but I do not see the need for them currently (at least for myself). Thanks for your input.
     
  18. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Any Distro based Firewall won't be a bottleneck running in transparent/bridge mode.

    Right now there is absolutely no latency increase tossing my network through double UTM's.
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yes, but I believe the antiquated WiFi card and weak hardware will be a bottleneck. Just got a motion-detecting camera set up on it, so I'm good to go.
     
  20. Sprocket

    Sprocket Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    73
    Agreed. On my home network, I'm running ipfire on a dual core Atom mini-ITX board, w/ Squid proxy (transparent), URL filtering (Shalla's list), Snort IDS (VRT community rules), guardian, clam AV. The CPU loafs. The system is easy to set up, easy to monitor, and seems rock solid. (Point Snort at your red (WAN) interface and see just how nasty it is out there.)

    I've used pfsense and Astaro/Sophos in the past, and both of those are quite good, but ipfire fits my needs best.
     
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I agree, and people fail to realize how nasty it really is out there, and how you really NEED a UTM these days.. Which apparently ASUS and Bit Defender are now addressing for home users.

    I will work on an ipfire setup when I get time, I have a couple of low wattage Dell's sitting around here, both have dual core 2.66's and 4GB of ram, overkill.
     
  22. DX2

    DX2 Guest

    Anyone?
     
  23. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    That box can run any UTM.

    Start with Untangle, it's decent, and easy.
     
  24. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,077
  25. DX2

    DX2 Guest

    Yes, but which one is what I am asking? Which one would be better to install?