Quoting from the Untangle Web Site:
Untangle is an open source software company located in San Mateo, CA. Our mission from the beginning is to simplify IT for small businesses. ……
Untangle delivers an integrated family of applications that simplify and consolidate the network and security products that businesses need at the network gateway.
Untangle has 3 network deployment options:
Router: Dedicated server that performs routing & firewall services
Transparent Bridge: Dedicated server that drops seamlessly behind existing routers & firewalls
Re-Router™: Adds network-wide protection while running on an existing desktop (runs on Windows)
Untangle runs on generic Intel/AMD hardware. A Pentium III processor, 2 NICs and 512MB of RAM is the min spec for smaller networks and multi-core chips with extra RAM really make Untangle sing for larger networks. More specific sizing guidance and links to the community hardware compatibility list can be found on the Hardware Requirements wiki.
To compare it to other firewalls, I chose the Router option. I had many false starts on different hardware, trying to get Untangle up and running. For me it took creating a virtual machine and using that to get Untangle to install and run. Perhaps my impatience installing into a real machine was my downfall. With the virtual machine, I expect things to take longer and run slower. Untangle hides nearly everything from you, so you can’t tell whether it’s working or hung, when all you get is a pretty blue screen. There is no console to view the installation progress, although with some poking I found that the Alt-F2 option gave you a somewhat detailed boot log. Otherwise there is nothing to tell you what applications are being installed behind the scenes. During most of the install all you see is the nice blue Untangle Screen.
However, if you wait long enough you will be greeted with the Installation Wizard.
One of the steps that the Installation Wizard does it to check your hardware to make sure you have sufficient resources to run Untangle. This isn’t your friendly embedded firewall, that you install into a compact flash and run on a single board computer. Untangle takes some serious horsepower to run. A list of the software that can be installed on the system, helped me understand why.
According to the Untangle Website a recommended configuration depends upon the number of clients you are serving. For a small network with 55 or fewer Users, a Pentium 4 with 1 Gb of memory and 80 Gb of hard disk is recommended. And, of course, if it’s going to be a gateway you need two or three network cards.
After the installation completes, Untangle will restart. The first thing you’ll see is the console screen.
Immediately afterward the “Client” firefox web browser will pop up. And you’ll see the following screen.
Through the web interface you will configure your internet connection, your internal network, and although this virtual machine only has two interfaces, I suppose if it detected three, there would be options for configuring the third.
There are three options during boot.
Debian GNU/Linux 2.6.22-15-untangle
Debian GNU/Linux 2.6.22-15-untangle (hardware workaround)
Debian GNU/Linux 2.6.22-15-untangle (recovery mode)
During the default boot if you use the alternate console Alt-F2 you can see the boot progress.
The hardware workaround
When I started with the recovery mode. On top of the Untangle splash screen I see the boot process taking place. It finally ends up in a terminal screen with a ncurses interface that allows you to choose five menu options:
Backup & Restore
Return to Factory Defaults
Reset Administrative Accounts
I was interested in the applications that start, during boot before I add additional software. I found Postgresql, Apache-2, Exim-4, rsync, openldap, DNS and NTP Server are all started, after the default install.
I like the simplified install, but I would prefer if there was a little more information about what is going on during the initial install. The web tools are sophisticated and well thought out. The application Wizard gives me a good start at getting the applications installed. There are essentially four screens that walked me through installing the software.
Once the software is installed then you have to configure it. The visual web metaphor Untangle uses is a rack of applications. You can see it looks like a rack of servers on the left, including power buttons to turn on and off the applications.
Each individual application has a settings button. For example here is the screen that appears when you click on settings for the Spam Blocker Application.
The graphical user interface for setting up Intrusion Prevention (snort) is very nicely done. There are preset rules and options to build your own rules.
Probably my favorite screen is the Protocol Control.
- Easy to install, just boot the CD
- Nice interface, intuitive and well thought out
- Options for installing and removing components through the Web GUI
- Very little information during the install
- Graphical interface hides all the details
- Application list is generic, and doesn’t let the admin know what’s behind the scenes
- During the Application Wizard, it’s not clear which parts have a cost, and which are open source
- Too many moving parts for a secure gateway server
- Requires substantial hardware to operate
If my customer felt they needed all the software, including spam blockers, multiple virus prevention, intrusion detection and prevention, as well as a firewall, this would fit the bill. It contains all the applications you find in higher end systems from proprietary commercial companies without the high licensing fees. If you require the additional features provided in the professional version the prices seem reasonable.
I wouldn’t recommend this as the first line defense, just because it has too many moving parts. I probably would consider this as a secondary firewall, running it in Bridge mode, behind a simpler firewall, that doesn’t have so many possible vectors for exploits and vulnerabilities.