Untangle Network Gateway

Posted on January 3rd, 2009 webmaster 4 comments          Print

Another great open source software. 

Untangle is basically a Unified Threat Management (UTM) solution designed for SMBs (up to about 300 users, although there are people who have successfully deployed it in much bigger environments, like this one, for example, with 1600+ users).  Untangle packaged all these great open source security software together and then provided a really nice and very intuitive user interface for them simplifying installation and management.  They also have commercial add-ons and provide live support for a fee.

Here’s the product overview.

Open Source and Free

• Firewall – Just like most firewalls, nothing really special.  You can add a description to each rule (yes, I had to mention this because our current SonicWALL firewall at work doesn’t have this option!!!).
• Web Filter – 14 categories.  Uses a local database with data downloaded from URLBlacklist.com.  I asked in the forums how often it gets updated and someone mentioned he thinks it’s every 6 hours but I haven’t confirmed it.
• Spam Blocker – Uses SpamAssassin.  Gets updated every hour.
• Phish Blocker – Based on ClamAV engine and phish signature database which gets updated every hour.
• Spyware Blocker – I really like this one.  Seems to be blocking a lot of stuff.  Sometimes you’ll see websites with just a big white section somewhere where an ad used to be .
• Virus Blocker - Based on ClamAV.  Signature gets updated every hour.
• Protocol Control – Uses “L7-Filter Netfilters to classify protocols based on OSI layer 7 data, regardless of port or port-hopping.”  Let’s say you want to block AIM, but AIM has the option use a different port, like port 80 for example, so blocking just the default AIM port on the firewall won’t work.  With Protocol Control, it doesn’t matter which port AIM is using, it can detect it based on its signature.
• Intrusion Prevention System – Uses Snort signatures.
• Attack Blocker – Blocks attacks .  This prevents DoS attacks.
• OpenVPN – Well, just like what the name says, it uses OpenVPN.  They made it really easy to set up.  You can also control which network to give a user access to and override DNS settings.
• Untangle Reports – I love this one.  Gives you  a nice summarized and detailed report (Daily, Weekly, and Monthly).

Commercial Add-ons

• Active Directory Connector – Uses a logon script that tells the server what IP a user is using.
• Policy Manager – Lets you create multiple custom racks and assign them to certain users or IP addresses.
• Branding Manager – Lets you change the look of the block pages.
• eSoft Web Filter – A better web filter with 53 categories.  It also allows you to block https.  It’s a bit pricey though.
• Kaspersky Virus Blocker – Adds another layer of protection.
• PC Remote
• Remote Access Portal

You can deploy Untangle as a router, a transparent bridge, or a re-router.  I’ve been using it at home in router mode (virtual machine) for over a month now (I started with v5.4 and I just upgraded today to v6.0.2) and it’s great so far.  Very stable and seems to be doing its job.  You can manage everything using the web interface (Java is no longer required starting with v6.0).

We’re actually planning on using this at work to replace our old SonicWALL firewall (which we’ve been planning on replacing since last year but kept getting pushed back due to budget cuts) and this would save us thousands of dollars from buying a commercial UTM appliance.