Untangle has way too many features for me to cover in detail. So I'll just try to summarize the key points of each application. I'll include a link to Untangle's web page for each application to make it easier for you to explore further.
Spyware Blocker works by checking web traffic against a few dozen community blacklists, combined with ClamAV. It also prevents known bad cookies and ActiveX programs from coming into the PC. You are allowed to customize this and make exceptions if you wish.
The Web Filter node allows content control based on URLBlacklist.com, allowing you to get quite granular in your rules and allowing passing or blocking as you see fit. You can create policies, and if you purchase the optional ($) Active Directory connector for Untangle, you will be able to create policies for separate users.
Spam Blocker is one of the big features many will enjoy. This will transparently scan mail traffic for spam, and based on your choices can block, quarantine, or mark spam. It is based on a collection of technologies: Spam Assasin; Vipuls Razor; Bayesian filters; DNSBL/RBLs; OCR for image based spam; tar pitting; as well as custom tools and constantly updated lists from Untangle.
You can manage your own per user and global safe lists and adjust the scan strength. End users have the option of being emailed a quarantine digest from which they can manage their own quarantine and release any false positives that were caught by accident.
Protocol Control allows you to block unwanted protocols from entering or leaving your network. Untangle includes a long list with pre-built definitions you can block many instant messenger and peer to peer file sharing applications. Since this works on Layer 7, Untangle claims it is able to keep up with users who think they are smart by changing default application ports. So it's able to keep up with "port hopping"and maintain the application blocks.
Virus Blocker starts with ClamAV in the free node and you can purchase additional protection through the Kaspersky add-on. The Kaspersky node brings the added protection of one of the best antivirus products out there. Common email protocols are scanned, as well as HTTP and FTP traffic. Kaspersky adds archive scanning, too, with a wide range of archive formats. Both nodes come with automatic updating.
The Phish Blocker node protects both email and web traffic. It is based on the ClamAV engine, combined with a constantly updated phishing signature database.
Intrusion Prevention blocks hacking attempts before they reach your network. Untangle created their own custom scanning engine which is based on Snort IDS and comes with automatic updates. It is able to identify malicious traffic patterns and exploits based on signature detection, and stop them before your servers get hit.
The Attack Blocker is Untangle's own proprietary creation. It examines the behavior of computers that access your network, and either passes them, or blocks them if it determines the behavior is malicious. Attacks detected include DOS attacks, SYN flooding, and port scanning.
The Firewall node allows you build additional firewall rules. Working alongside the port forwarding section, you can get much more granular than the basic port forwarding section allows. You can create a DMZ, build ACLs, control traffic by protocol and source / destination address and port.
In addition to the firewall, there is a separate Routing and QoS Networking component, which allows you to create additional NAT spaces, and tweak your QoS.
A common VPN option found on *nix distros is OpenVPN. Untangle includes this package, so you can use SSL VPN to allow remote users to securely access network resources, as well as build router-to-router VPN tunnels to create wide area connections.
With Untangle Reports (Figure 5), you can view reports from the management console, and/or have them emailed to you. Available in both HTML and PDF formats, Reports provide access to information in summary and detail levels (even per user), as well as information of each node that you run. Reports provides essential information for managing your network and tuning other nodes.
Figure 5: Untangle Reports
A very nice feature is that when new versions of Untangle are released, they show as an available update. You can set the server to either upgrade automatically, or manually (I always prefer the latter). Updates for nodes such as phishing, antivirus, spyware, are all automatic and continuous.