Untangle's Multi-Functional Firewall Software
Most reviews are based on trying a product and running it through hypothetical situations to see how it performs. In the case of my Untangle review, I had an emergency for which I needed a Web filter ASAP. I'm the technology director for a K–12 school district in Michigan, and our proprietary Web filter quit working. In order to meet federal requirements for Internet filtering, I had to have a working Web filter, and I had to have it before the next morning—thus, my full-blown, production-level review of the Untangle product. Hopefully, my all-night installation and configuration marathon is beneficial to you.
At its core, Untangle is a Linux distribution designed to filter and manage network traffic. It can act as a transparent bridge functioning between a router and network, or it can work in router mode, both filtering and routing at the same time. I tested Untangle in transparent bridge mode, but if used as a router, it supports load balancing from multiple WAN links (for additional cost).
Untangle is a free product that offers premium commercial options. Although it's obvious the company wants to sell those premium products, the free features are surprisingly robust. (See the sidebar for a comparison of free features vs. commercial add-ons.) For my test, I activated most of the free features and started a 14-day trial of the premium Web filter.
Free Features vs. Commercial Add-ons
Web Filter Lite
Kaspersky Virus Blocker
Commtouch Spam Booster
Installation is done similarly to any other Linux distribution. The steps were very simple and mostly automatic. My server was a standard rackmount Dell machine, and all hardware was detected and configured correctly. After initial installation, all configuration is done via Web browser. Interestingly, the Untangle server installs the X Window System and a browser, so configuration can be done directly on the server. I found it more convenient, however, to configure it remotely.
When you first log in to the configuration page, you're presented with a graphical representation of an empty server rack. As you add services, they visually fill this “rack” on your screen (Figure 1). Each service is represented as a service on the virtual rack and can be turned on or off by clicking on a virtual power button. I'll admit it seemed a bit silly at first glance, but after a while, I found it rather logical and easy to use. (It also made it easy to turn services off, which was required as my production day started. More on that later.)
The configuration pages for most services are similar in design. Figure 2 shows the configuration window for the Spyware Blocker module. Although I wish many of the modules had more configuration options available, Untangle provides a decent set of configurations with a very sensible default setting for most features. The biggest frustration I had with Untangle was its extremely limited authentication integration. Although the server apparently will authenticate against a Microsoft Active Directory, I don't have AD in my network. The only other authentication option is to use a Radius server, which quite frankly I haven't had on my network since we hosted dial-up networking. The inability to communicate via LDAP or Open Directory forced me to use Untangled in anonymous mode. That was fine for my emergency situation, but it would be a major hurdle for permanent adoption in my network.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide