Untangle's Multi-Functional Firewall Software
I've been using Linux routers and Web filters for more than a decade. I've never seen a system with so many filtering features that is so easy to configure. I was particularly impressed with the Protocol Control module. Although not 100% accurate, it did a really good job of stopping traffic based on packet type. For example, in the first hour of school, Untangle found and blocked a student from running bittorrent on our network. The torrent traffic was running on a random port, but Untangle was able to identify and block the traffic. The system-wide Ad Blocker module also was nice, since blocking ads on Web sites helps kids focus on their work. (The moral ramifications of blocking Web ads in a school district are, of course, up to the reader, but the ad blocker works very well.)
The free Web filter (or “lite” version) is very basic. It includes a few categories and does not block SSL traffic. Although it might be sufficient for a home user trying to block accidental porn surfing, it certainly isn't robust enough for a K–12 school district. The premium Web filter, on the other hand, seems to be on par with other commercial Web filtering solutions. Pricing is based on concurrent users, but based on the pricing for 500 workstations, the cost was comparable or lower than other products. Because I was unable to authenticate Untangle with my user accounts, I can't attest to how fine-grained access control is, but the configuration appears to be adequate for tiered access. That's important for us, as staff and students have different access rights.
I've already mentioned the limited configuration options for user authentication. Unfortunately, that's not the only problem with authentication. Untangle works in transparent mode only. By that, I mean it intercepts traffic as it passes through the bridged network ports, but it doesn't act as a proxy. I find using a proxy (one that is configured on the browser and is assigned to connect via proxy server) is a very efficient way to manage Web filtering. Although transparent mode is convenient, it also breaks SSL connections, requiring some fancy hacking to block filtered SSL sites. Don't get me wrong, Untangle does a really great job of hacking, but if it had actual proxy support, it would be simpler to support SSL traffic. Plus, I wouldn't have to reconfigure 500 workstations that currently have proxy settings in the browser!
The only other frustration I had with Untangle was its system requirements. Although my single Xeon CPU is a few years old, with just the Web filter module active, my CPU was pegged at 100% usage most of the day. When I turned on the other modules, like Protocol Control, Ad Blocker, Spam Blocker and so on, my entire network slowed to a crawl. I do have a rather busy network, and I realize protocol analyzation is very CPU-intensive, but I was surprised at how quickly my 2.8GHz Xeon CPU became overloaded. Still, with enough horsepower, I fully expect my network would not slow down. Just be aware that Untangle's awesome features come at a CPU premium.
Untangle has an amazing number of features. Some of them seem a little redundant (like the Spyware Blocker and the Phish Blocker), but it's nicer to be overprotected rather than underprotected. The reports are searchable and quite visually appealing (Figure 3). I find myself looking at the daily reports that arrive in my e-mail inbox to look for trends and troublesome client computers. If authentication were a bit easier to configure, those same trends could be identified by user as well.
One of the best parts of being forced to use Untangle in a production environment is that I was able to identify its major weaknesses for my purposes very quickly. I'm happy to say that the company seemed very willing to hear my concerns, and the developers were given my feedback immediately. In fact, I wouldn't be surprised if some of my concerns are addressed by the time this review is printed. I'm always encouraged by a company that listens to criticism. Hopefully, that criticism will be put to good use in future editions of Untangle.
I'm always hesitant when companies provide a small portion of their product for free and charge for premium features. Thankfully with Untangle, the free offering is extremely generous and sufficient for what many users would want. The premium features are truly valuable, and the pricing is fair. There are some situations that make Untangle the wrong choice for your network, and unfortunately for now, I am in that situation. Until Untangle works out additional authentication schemes and provides direct proxying, I can't implement it as my main Web filter. I will admit, however, that even though I'm not using Untangle as my Web filter anymore, I did leave it in place to filter P2P traffic and block ads.
I'm very impressed with Untangle and would recommend it to others. With its very robust set of free features, many users won't need to pay in order to meet their needs. For more information and a free download, check out www.untangle.com.
Shawn Powers is the Associate Editor for Linux Journal. He's also the Gadget Guy for LinuxJournal.com, and he has an interesting collection of vintage Garfield coffee mugs. Don't let his silly hairdo fool you, he's a pretty ordinary guy and can be reached via e-mail at email@example.com. Or, swing by the #linuxjournal IRC channel on Freenode.net.
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
|Dart: a New Web Programming Experience||May 07, 2013|
- RSS Feeds
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Developer Poll
- Dart: a New Web Programming Experience
- Readers' Choice Awards
- What's the tweeting protocol?
- Linux is good
1 hour 6 min ago
- Reply to comment | Linux Journal
1 hour 23 min ago
- Web Hosting IQ
1 hour 53 min ago
- Web Hosting IQ
1 hour 54 min ago
- Web Hosting IQ
1 hour 55 min ago
- Reply to comment | Linux Journal
4 hours 55 min ago
- play with linux? i think you mean work-around linux
13 hours 21 min ago
- Where is Epistle?
13 hours 27 min ago
- You forgot OwnCloud
13 hours 57 min ago
- aplikasi free
17 hours 11 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.