PF Sense & UnTangle 1 / 2 punch
-
we are using an untangle in transparent mode in a production enviroment. we are really satisfied with it. we first tried pf but due to the lack of antispam/antivir we had to choose untangle.
in my test enviroment i set up a untangle and a pf on a vmware server using 5 nics (looked nice with the crossover from one nic to the other and the other 3 nics) for all interfaces. well it was running, but the hosts hardware was a little bit to weak to satisfie me,but: it worked. one issue occurded on untangle was, that the untangle had to use the official ip cause with a private ip on it and the public on pf, untangle didnt see any traffic.
regards
cc
-
It's been running like a champ. I actually have had a increase in performance. I try to give a simple overview of my network.
DSL with fixed IP connects to PFSENSE firewall
Crossover to UnTangle in
UnTangle out connects to Dell GB switch
All other devices connect to Dell GB switch
1 clone
1 nas
1 compaq server
1 linksys wirless switch
1 play station2
1 Dish Network DVR
2 laptops via wirlessI am seeing over 4000 spam messages blocked. I need to do some fine tunning but it works great
RC -
DSL with fixed IP connects to PFSENSE firewall
Crossover to UnTangle in
UnTangle out connects to Dell GB switch
All other devices connect to Dell GB switchOk, so two dedicated machines, I tried untangle, as I thought it was a firewall, but this use makes much more sense,I'm contemplating creating an unTangle here, I'm just a bit worried about the amount of boxes here, just for access secutiry.
I would very much like an 'all-in-one' box, a bit like Astaro, but without the limitations.
-
The untangle server offers abunch of features that are not avaiable in PFSense. The PFSense server offeres a lot of features that untangle does not. I would rather use a combination of boxes and get the best of both worlds. I work with medium and small companies. They need this type of combination. I have reduced my spam alone by 4000/5000 messages a week.
RC
-
Ok, so two dedicated machines, I tried untangle, as I thought it was a firewall, but this use makes much more sense,I'm contemplating creating an unTangle here, I'm just a bit worried about the amount of boxes here, just for access secutiry.
I would very much like an 'all-in-one' box, a bit like Astaro, but without the limitations.
separate boxes are much much better in terms of security. less complexity, less chances of the various software messing with each other.
-
i agree with sai comments there.
RC -
Is Untangle free also?
-
They have 1 main program with 2 feature sets. Most are free but some have paided costs. the site is http://www.untangle.com
I actual found it while reviewing the latest verision of M0n0wall. It was a ad on their site. It looked promising and it filled a very specific need I had. So I tried it.
It's working very well.
RC -
Thought about doing exactly that. I have Gigabit connectivity into my building with about 25 nodes. I will need a fairly robust (extremely modest by most company standards) PFsense and Untangle boxes; the Untangle hardware support isn't quite what I would like, however. The forums indicate the newer kernel should be out soon. Or I could just buy one of those Untangle appliances they sell.
-
I am trying to build a really cool product. I want to get one of the 1u cases that will handle two mini-itx system boards and then run pfsense on one and untagle on the other. that would be a great product and would fill a nice void in the market right now.
RC -
I am trying to build a really cool product. I want to get one of the 1u cases that will handle two mini-itx system boards and then run pfsense on one and untagle on the other. that would be a great product and would fill a nice void in the market right now.
RCGet one from our recommended vendors ;) http://linitx.com/viewproduct.php?prodid=10404
-
I use this same setup at my organization. I have one pfSense firewall doing everything I need (pfSense is, by far, a better firewall), but the Untangle does a fantastic job in transparent bridge mode of filtering spam, phishing, virus, etc. you would expect from an UTM. Currently, we run them as separate boxes for our two networks being feed from our one pfSense firewall. We were being overloaded with e-mail, but when I brought the Untangle unit online, we began filtering over 20,000 pieces of junk mail a week. I agree with fastcon68, this is a fantastic design for any small or medium network. In my consulting, I recommend them together for growing businesses. Thanks to hoba, I now have a 1U unit that I can recommend to do both. I also am going to pick one up for our two networks, so I can save some rack space.
-
Anything in the US case wise? what would you recommend for a system board with say 10 ipsec vpn tunnels?
RC -
Can you guys please explain or give an example of how you have this setup as transparent bridge? I guess what I am not clear on is how you set the ip's up. Thank you.
-
Hi !
Untangle seems to be great ! It have a vpn portal… But I prefer two box to do this,
1 pfsense for the firewall and one sme server for the mail (spamassasin /clamav) / proxy (dansguardian) /lamp / server.
This is my opinion.
Marc -
Been messing around with untangle on my homenetwork(not really need but..)
how have you solved the vlan problem with untangle, i cant have vlan configured on pfsense at the same timewhat´s your config on this?
/F
-
Can you guys please explain or give an example of how you have this setup as transparent bridge? I guess what I am not clear on is how you set the ip's up. Thank you.
During the install/setup of Untangle…the wizard will ask you what mode you will run it in..as your router, or as a bridge. Select bridge. You use both NICs..but during this wizard, it bridges in the internal NIC with the external NIC.
See 1/2 down this part of their WiKi
http://wiki.untangle.com/index.php/Introduction#Supported_ConfigurationsIt's a UTM distro (Unified Threat Management), would be compared against Endian, or IPCop with the Copfilter add-on, or Astaro..as they are UTM distros. PFSense is not one.
I install Untangle at my clients in full router/gateway mode...not bridged, I'm not a fan of layering firewalls. I run PFSense at home due to its superior traffic shaping/QoS, and IPSec support..which currently...Untangle has no IPSec support, only OpenVPN. But...IPSec support is comin soon. As well as the slow pokey java management console is going away, soon will be all web based.
-
Can you please tell how you configured untangle in bridge mode?How do you define in/out interfaces?
in - from already existing firewall/router(pfsense)
out - to the LAN -
http://forums.untangle.com/ ?
-
Can you please tell how you configured untangle in bridge mode?How do you define in/out interfaces?
in - from already existing firewall/router(pfsense)
out - to the LANThe same wiki link as above. Just follow the easy peasy setup install wizard in Untangle, placed behind your router..when you select bridge mode in the hand holding install wizard..it takes care of all the settings for you.
