Introduction

More and more small business networks are desiring something more robust than just a plain old off-the-shelf NAT router. Years ago, many businesses enjoyed high speed Internet by utilizing a broadband router. This allowed them to share a broadband Internet connection, and give them basic hardware firewall inbound protection through its NAT.

As time went by, more and more demands were put on the small business network. Heavier loads, remote access, removing spam from e-mail, additional antivirus protection, basic content filtering along with the desire to limit some employee computer abuse. Enter Unified Threat Management (UTM) appliances. These have become relatively commonplace in big enterprise setups. But they often also come with big enterprise prices, thus remaining out of grasp of the smaller business networks (~ 10-100 nodes). Not only can the initial cost of the appliance be high, but the annual support/renewal costs make it a show-stopper.

For quite a few years, I had become interested in the many Linux distro routers out there. IPCop, m0n0wall, Smoothwall, PFSense; there are quite a few that I enjoyed installing and fiddling with. Now I’m a Windows guy (awaits the boos and hisses)…I really have no knowledge of Linux at all. So at first, that may have kept me from trying them out.

However, after I tried the first one, I found that they are wonderfully easy to set up. You download an ISO, burn it to CD, dig up an old PC that has two fairly standard network cards, boot from the CD, and follow the hand-holding install wizard. Once done, you log into the router using a web browser from another PC on your network. It is managed through this web interface, much like any other home-grade router you may be familiar with.

I soon stumbled upon an add-on for IPCop…called Copfilter. I thought it was pretty cool because it added antivirus and spam filtering to traffic running through it. I then learned of another package called Endian. Endian is built on top of IPCop with the Copfilter add-on, but in a much more polished package. I had a few small business clients who were complaining about spam and Endian helped shrink their Exchange server inboxes—for no cost!

A little over a year ago, at one of the network propeller-head forums I haunt, I learned of a new distro called Untangle Gateway. I quickly headed over to the site and was soon eagerly downloading the ISO and anxious to try it out. I couldn’t believe all the features it had:

• Webfilter
• Spam Blocker
• Spyware Blocker
• Protocol Control
• Virus Blocker
• Phish Blocker
• Intrusion Prevention
• Attack Blocker
• Firewall
• OpenVPN
• Reports
• Routing and QoS

All of these are based on existing open source products, which have been customized a bit by the Untangle crew.

There are also some additional components that you can purchase:

• Live Support
• Active Directory Integration
• A Policy Manager
• Kaspersky Antivirus as a second scanning engine
• PC Remote
• Remote Access Portal

Some of these are available in a "Professional Bundle", which includes support, the AD Connector, Policy Manger, and the Remote Access Portal. Or you can purchase features a la carte.

Requirements

I began my download and started reading the FAQs. The first thing I noticed was that Untangle had some rather steep horsepower requirements;this isn’t going to run on your old leftover P2 like IPCop does. But I had already anticipated that requirement, having previously worked with Copfilter and Endian.

I had found that UTM distros work harder and so require more horsepower under the hood. Untangle wants at least a 1.0 GHz processor, and a minimum of 512 MB of RAM to handle just a couple of clients. If you have a larger network with heavier loads, you’re going to want to start in the P4 range, with at least a 1 GB of RAM.

Untangle Gateway Platform runs on layer 7 of the OSI model. So each individual application (or "Node") that you have in Untangle is run virtualized within the Untangle server. Traffic routes through the virtual network, passing through a node, then re-entering the virtual network stream and moving on to the next node.

You can add and remove nodes as you wish, depending on how you intend to use your Untangle box. Its main use is as a primary firewall device, with its outside network card plugged into your broadband modem and grabbing a public IP address.

But Untangle can also be run in transparent bridge mode, since some businesses may already have a primary firewall/router and just want Untangle to, say, scrub inbound email before it reaches their Exchange server. Untangle is able to accommodate this (and for email you'd probably want to run the anti-virus and anti-spam nodes, too).

If you don’t want to build your own box, Untangle sells pre-configured units and will ship you an Untangle Gateway box ready to plug into your network.

Tags: open source, Untangle,

Related Articles: