Lead Image © Guido Vrola, 123RF.com

Lead Image © Guido Vrola, 123RF.com

Professional protection for small and mid-size enterprises


Article from ADMIN 63/2021
To what extent does the Untangle NG Firewall, where apps come together like pieces of a jigsaw, meet customer criteria for protection, usability, price, and support?

Founded in 2003, US manufacturer Untangle Inc. offers a security solution in the form of NG Firewall [1] tailored to networks in small and medium-sized enterprises (or larger companies with many branch offices). The idea is to empower small companies in particular to achieve a security standard that is otherwise only available to far larger companies, with the integration of successful open source applications combined with an easy-to-use and flexible user interface.

Untangle Firewall is available as a free version with limited capabilities, or admins can purchase individual functions or the complete range of functions as commercial products.

The Untangle NG Firewall can be installed on various systems, and the manufacturer offers hardware appliances, but you can also put together your own system according to your individual requirements. However, you do need to pay attention to the hardware requirements. Alternatively, you can install the software as a virtual appliance for VMware or as a virtual machine (VM) for Hyper-V. Additionally, deployment in the cloud is supported on Amazon Web Services (AWS) or Microsoft Azure.

Firewall Structure

The basis of Untangle NG Firewall is a hardened Debian Linux, which is responsible for managing the network interface cards, routing, network configuration, and other basic services. On top of this operating system sits the Untangle VM, a Java VM within which the various firewall functions run. These functions are encapsulated in individual apps (applications) and can be (de)activated as required.

Traffic arrives at a physical network interface card, and the operating system forwards it to a virtual interface within the Untangle VM, where it is processed in a rules-based session. The firewall then forwards the traffic through another virtual interface to the appropriate physical network interface card, through which it reaches its destination. For testing, troubleshooting, or special operations, the entire traffic or a single area can be bypassed with bypass rules on the Untangle VM (Figure 1).

Figure 1: The path of data through the Untangle NG Firewall or, in special cases, past it. Image from the Untangle wiki [2].

Policy Manager

The first stop for traffic arriving at the Untangle VM through the virtual interface is the Policy Manager. From the data stream and the existing configuration, it decides which policies (rulesets) apply to the session. Policies define a group of applications that filter the data of a session according to appropriate criteria.

If you want to execute separate policies for different recipients, times, or IP addresses, for example, you have to define them in the Policy Manager (Figure 2). The Policy Manager decides which route through the firewall is appropriate for the session. Each route includes different applications and configurations that the firewall applies to the session. After a successful check on the respective route, the complete data stream leaves the firewall again through one of the virtual interfaces. Thanks to the built-in reporting within Untangle NG Firewall, you can always determine which policy was used for a particular session.

Figure 2: In the Policy Manager, you define which apps the Untangle firewall applies for a rule.

In the settings, the Policy Manager shows the existing policies on the left and the applications the firewall is running, for the session in this case, on the right. The Policy Manager supports inheritance, making it quick and easy to create new policies. For this purpose, a basic ruleset is inherited, the rules of which you then adapt to the specific requirements. The criteria you can use for a policy include the source or target address, protocol, hostname, or even the time and day of the week. For example, a different policy can be applied during working hours than during hours outside the workday.

After the Policy Manager, the session passes through the various apps that examine the traffic (Figure 3). The Protect group includes apps for protecting your network and thus provides the basic functions of a firewall. These apps include the current versions of Firewall Free, Intrusion Prevention Free, Phish Blocker Free, Threat Prevention, Virus Blocker, and Virus Blocker Lite Free. Apps with the Free suffix are included with the free version of Untangle NG Firewall.

Figure 3: The available apps, each representing different examination methods and filters.

In the Filter group, Untangle combines all the apps that execute the appropriate rules according to the content of the data streams. These include Web Filter, Web Monitor Free, SSL Inspector, Spam Blocker, Spam Blocker Lite Free, Application Control, Application Control Lite Free, and Ad Blocker Free. These apps allow you to control a company's network traffic and enforce corporate rules. For example, Web Filter lets you block specific websites or categories of websites to restrict access, such as limiting access to social media portals to lunchtime. Application Control provides corresponding capabilities not at the URL level, but at the application level. These filter apps can be used specifically to influence the use of the network.

The apps in the Perform category are primarily used to ensure the functionality of the firewall in terms of bandwidth. Bandwidth Control, WAN Balancer, WAN Failover, and Web Cache give you control over network use. For example, for VoIP applications, you can set up a Quality of Service that Bandwith Control processes. WAN Balancer and WAN Failover are required for enterprises that have multiple WAN links and want to direct traffic.

Connect apps have become hugely important, especially in times of working in home offices. Untangle NG Firewall offers the IPsec VPN, OpenVPN Free, Captive Portal Free, Tunnel VPN Free, and WireGuard VPN applications. VPN apps provide several ways to let employees access corporate data outside the network. Captive Portal lets you control access from the network to the Internet, for example, by login.

The Manage group is used to configure settings. It includes the Policy Manager, Directory Connector, and Reports Free apps. Directory Connector creates a connection to a Radius server or Active Directory; you do not have to define VPN users individually. Under Additional Apps , you will find Branding Manager, Configuration Backup, and Live Support, which are administration applications.

By using apps, Untangle integrates established open source and commercial solutions from other developers into its firewall product, encapsulating each into an app under a common interface. In particular, this makes it possible to integrate new applications without having to change the user interface or operation. For example, the WireGuard VPN app was newly integrated into the Untangle NG Firewall in version 16. The only change for the user is another app icon inside the firewall.

User Interface

For the Untangle developers, it wasn't just the feature set that mattered. They also set themselves the goal of providing an easy-to-use interface that gives users without special firewall know-how a good introduction to the product. Untangle NG Firewall can be managed in a web browser and does not require a dedicated desktop application. The user interface is based on modern smartphones. All main functions can be accessed by four menu items, which means that users can get started quickly and easily. After logging in to the firewall from the browser, the dashboard provides a quick overview of its status (Figure 4).

Figure 4: The Untangle NG Firewall dashboard provides a quick overview.

By turning the individual elements (widgets) of the dashboard on and off – and even configuring them in part – you can create a customized home screen that provides precisely the information you need, including the ability to display the hardware load, such as memory consumption and the CPU load, along with the number of sessions or the most frequently used websites. The individual NG Firewall applications are available in the Apps menu.

Any desired function can be found quickly. You can also see exactly which applications are active and which are disabled. Even if the apps have different settings, you can quickly find your way around the clearly structured overview.

The Config menu item contains the settings for the firewall in general. The most important values are already set during the install, such as the IP addresses or the selection of network interfaces. Additionally, you can configure mail or web servers by network address translation (NAT) (Figure 5).

Figure 5: Configuring the basic firewall settings.

The Reports menu item gives you access to predefined reports. The Untangle NG Firewall meets strict reporting requirements and opens up an option for defining reports yourself. All the session information is routed to a SQL database that you can access directly if needed. Usually the predefined reports are fine, but if you do need to create specific reports, you will find the functions you need here.

The results of the reports are available in different formats, such as lists or graphics, depending on the nature of the data (Figure 6); then, you can see a graphical overview and check the matching lists for more detail. Reports also help you to discover why the firewall performed a certain action (e.g., why an email message was moved to the quarantine folder as spam).

Figure 6: Report data is available in various formats.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • New versions of the Endian and Sophos UTM solutions
    UTM systems combat all kinds of dangers under the policy of Unified Threat Management. The demands and expectations of customers fuel competition. Two of the most popular manufacturers – Endian and Sophos – have now released new versions of their solutions.
  • Tested: Barracuda firewall X201
    With a number of new firewalls, Barracuda seeks to expand its portfolio to include small and medium-sized companies. We take a closer look at the Barracuda firewall X201.
  • Network security in the Google Cloud Platform
    Creating complex network infrastructures on the Google Cloud Platform is quick and easy with virtual private clouds, but fast doesn't always mean right. We look at the on-board tools you need to heighten your cloud security.
  • IPv6 Tables
    We design a basic set of ip6tables rules for an IPv6 firewall.
  • Stopping SQL Injection

    SQL injection can strike at any moment. GreenSQL is an effective remedy that sits between the database and application and filters out suspicious queries.

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=