Some are WAN links, others provide server security to a range of different servers, yet others are doing basic routing tasks and every single one of them is also carrying the Firewall, IPS, Spam/Phish, and Web Filter. Each deployment has a different use case. I work with 8 different Untangle Firewalls ranging from version 9 to (finally) 12. Best of all, I’ve never seen one drop since they revised their VPN app in version 9. IPsec takes a bit more config, but it takes literally like 5 clicks to stand up a VPN tunnel. The default comes with your standard -stuff people shouldn’t be doing- turned on, but there are an awesome number or nerd-knobs to tweak in this app. I haven’t set it up yet, and likely wont until I finish building my packet capture box (I smell a future post). I’m a huge proponent of keeping email on the web and in a browser, so I really don’t have a good way to test these. I can tell you that the UT boxes I monitor in major deployments have a steadily ticking viruses blocked counter, occasionally corroborated by the users who complain they can’t get into their poker tournament site.Įmail security is harder to test. Probably the AV vendors…as I believe Symantec and McAfee are 99% unicorn tears anyways. I don’t know if that’s cause for alarm on the AV vendors part or for the Untangle box. It caught all the (old) viruses, but it did let through the anti-virus test files I’ve collected. I don’t have any viruses laying around, but I pulled a few defanged baddies through, compiled them, and tried to push them around.
I don’t blame the Untangle in either case. Both times it thought it found porn and both times I imagine interesting cookies were involved. What’s really nice is the low rate of false positives. Pick the categories you want to include, white list or black list any exceptions and go have a beer. My pix was also thousands of dollars when Cisco pushed it onto the market. So I put mine in bridge mode, retuned my network, and gave the firewall real rules. Now, keep in mind, if you are NATing at the Untangle device, the firewall shouldn’t need a whole lot of tuning NAT should stop most sad attempts to hop through onto your LAN. A power button turns the feature on and off and each app has a myriad of different settings and tweaks. You move apps in and out of the rack based on the features you want. That’s right, Untangle Firewall can do all that stuff without breaking a sweat.Īnd it even it looks nice! All the applications are lined up in a graphical rack. Best of all, I turned every single feature on in an economy hardware build, and the tower just yawns at the challenge. Seriously, this thing is a *deep breath* Firewall, IPS, Phish Blocker, Virus Blocker, Ad Blocker, Application Controller, Web Filter, SSL Inspector, Bandwidth Controller, Load Balancer, Fail-over Controller, Web Cache, Captive Portal Controller, and IPsec and Open VPN node. Untangle is a beautifully written software-suite which capitalizes on taking a whole mess of security functions and putting them in one place. Well, this isn’t the case for the Untangle Firewall.
We have all heard it before for super-object-x-v127.6, right? Hey, it may be true, but the price-tag is in the millions or you’re going to have to hire an overpaid consultant to run the thing or at best it’s terribly unstable. Per “Untangle’s NG Firewall enables you to quickly and easily create the network policies that deliver the perfect balance between security and productivity.” I think this is the coolest solution since sliced bread, but that’s only because it’s true. Jeez, I’ve been teasing this post for a long time.
0 kommentar(er)
