|At a Glance|
|Product||Untangle at Home [Website]|
|Summary||Home version of powerful open source solution for blocking spam, spyware, viruses, adware and unwanted content.|
|Pros|| Very full-featured UTM feature set
Runs on ASUS RT-AC88U
$5 / month for all Untangle features / apps
|Cons|| Might be too challenging for networking novices to set up
No other consumer routers supported yet
Untangle is a security software company that creates a firewall product currently called Next Generation Firewall (NG Firewall). They have been around since 2003, founded as Metavize and renaming to Untangle in 2007.
Untangle has created an open source firewall platform aimed at helping small to medium businesses secure and protect their networks. More than just a firewall, Untangle raises the job of the simple firewall to a much more advanced category, a Unified Threat Management firewall (UTM). Untangle NG Firewall can be installed on a PC hardware platform, there are 32 and 64 bit ISO downloads available, as well as be virtualized via an OVA download, or even an image for a USB stick, giving end users tremendous flexibility to the size of the network it will protect, as well as flexibility in budget.
I reviewed Untangle Gateway, an earlier version of NG Firewall, over eight (!) years ago. So when Untangle asked me to look at NG Firewall, I figured it was time. Specifically, they wanted me to review a version aimed at home and SOHO users, appropriately named Untangle at Home.
A little background first. While NG Firewall is based on open source, it pulls together hundreds of technologies, from open source, commercial, or in-house home grown, into a powerful platform that provides many different functions. These functions include such features such as web filtering, bandwidth management/QoS, application control, antivirus, antispam, phish blocking, ssl inspection, advanced firewall, ad blocking, VPN, intrusion inspection and detection, active directory connector to tie in with users, and policy management to define access and control by users or devices.
NG Firewall also has a very flexible routing component that supports multiple WAN and LAN interfaces, and virtual interfaces added to a physical interface including virtual VLANs. The applications, most of which run at layer 7 on the OSI model, can be individually installed from an “App Store”. This allows customizing your instance of NG Firewall to your needs and not waste compute resources on unused modules.
As a network professional, I often tinkered at home, and years ago I became interested in the many open source firewall distros available. I had downloaded, installed, and played with just about all the various Linux router distros out at that time. Since I am an IT consultant for SMBs for a living, I saw the need for firewall protection above what a traditional NAT router provided. I was a firm believer in “layered protection” before it became a trendy name in the IT consulting world. In the mid 2000’s I spent a lot of time playing with various *nix firewall distros, and then I discovered Untangle…back when it was around version 5.
Our SMB consulting group then had quite a few “MSP clients”, meaning clients on fixed monthly fees for unlimited support. I immediately saw the value of layered protection, since adding protection to a client should result in fewer malware calls, thus less time spent having to support the client, thus, the client is more profitable. So I started installing the base/free version of a few of the UTM *nix distro products, and I definitely saw a reduction in malware related calls to our clients.
Over time, Untangle developed nicely, had a great, active support forum, and I began using it as our “go-to firewall product” and became a reseller around the time of the previous review.
Untangle at Home
Today's homes have a lot more connected to the internet than computers. Home automation, security systems, appliances, media streamers and game consoles share your internet connection with computers, smart phones and tablets. These new devices increase the possible vectors of attack and raise your network's threat profile significantly.
Untangle has to date been aimed at small to medium businesses, so needed some “good horsepower” to run on. It likes at least a multi-core processor, a Gigabyte or more of RAM, and good hardware-based network cards to run on. Fortunately, some consumer routers now have quad-core processors, over a Gigabyte of RAM and USB 3.0 ports that enable storage expansion via SSD or hard drives.
So with increased need plus reasonably priced hardware, “Untangle at Home” was born!
Untangle at Home is a special package designed to be affordable for the home user at $50.00 per year or $5.00 per month! Compare this special “Home” price, to the normal NG Firewall Complete bundle for businesses that starts at $540.00 annually for up to 25 devices! So, for $50.00 per year, you can run Untangle at Home that provides the same features as the full Complete Package on a home-built or repurposed computer, any Untangle hardware appliance, or ASUS RT-AC88U.
Since Untangle has developed features for business networks, the services that a growing number of home users desire are already included in Untangle for Home. Features include:
- Parental control. Log or block websites based on category or specific addresses.
- Robust bandwidth control
- Guest device management
- Multiple layers of security, including dual antivirus engines (Clam and BitDefender), webfiltering, anti phishing, deep SPI and intrusion prevention.
- Reporting and a dashboard of their network
- It even has a darned good SPAM filter.
- Built in Ad Blocker….block ads at the edge, save on network traffic, and cut down on your exposure to malware since poisoned advertisements are widely used for drive by malware exploits/installs.
After building your Untangle firewall and booting it up for the first time, you run through a quick configuration wizard. You get to select your login credentials and how you want to use Untangle. You can use it either as your main router/firewall/gateway, or in bridged model (transparent proxy) behind your existing firewall. Usually you’re going to have it be your router/firewall/gateway, so you’ll configure the WAN connection type, internal IP and DHCP server. From there, you’ll select the default apps to install. More on apps later.
Let’s start by taking a look at the Untangle management page. Untangle currently maintains an online demo you can log into and poke around in. Username and password are already filled in. Just click Login and go ahead and look around. Clicking through this will allow you to better see what we’re talking about.
The new Dashboard page is greatly improved from prior versions of Untangle. You can manage widgets to customize it to your preferences. By default, the Dashboard provides a quick glimpse of your network, hardware resources being used (CPU, memory, disk), active sessions on interfaces, traffic flow on interfaces, overall bandwidth being used, global map showing where traffic is going, and some high level views of bandwidth usage per host and by application.