Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Apps

When you go to the Apps panel, you'll find a look similar to prior versions of Untangle before the new Dashboard page. Untangle continues to use an equipment rack as its user interface model. Untangle's “Rack” is much like a server cabinet / equipment rack. Each app shows up like a 1U "pizza box" appliance in the rack. So each rack looks like it has a collection of servers / network appliances in it. Untangle has a section where you can change skins for different appearances.

Since Untangle is a Layer 7 firewall, traffic flows through down the virtual pipe, enters an app, is processed and passed on to the next app. So that stack of apps in the rack is what traffic passes through between the WAN and LAN sides of your network.

You install virtual functions into the rack from the Untangle App Store. Untangle allows you to build multiple “Racks” / sets of Policies. Clicking onto the Apps page shows the Default Rack / Policy set.

Notice in the partial screenshot of the Apps page below, you’ll see the dropdown menu for Policies in the upper left corner. This example has three Racks defined: Default Policy; Staff and Library. You can install, remove, and configure each App in the Rack. Apps are added from the App Store.

Untangle Apps in Rack

Untangle Apps in Rack

By default, when you first build Untangle, the default Rack has no apps installed. At this point, Untangle is running just like any plain NAT router. The advantage of a full fledged UTM firewall such as Untangle is you get to install additional Apps to create a custom firewall based on your needs. Once you’ve installed your apps and optionally done any configuration changes, what you’re looking at is the default Rack / policy.

The apps you can install are determined by the Untangle subscription you have and what your needs are. You can also purchase apps à la carte from the collection shown below. Untangle for Home includes access to all Untangle apps, which is quite a bargain.

Untangle App Collection

Untangle App Collection

You can set Untangle to auto update or manually update it. Individual apps that require frequent updates also automatically update themselves, such as antivirus and intrusion detection.

Racks / Policies

As noted earlier, you can create additional racks via that dropdown menu in the upper left corner. You install and configure Apps for each new Rack you build. You typically do this so you can create different policies and rule sets for different groups of users. In this example, I have created Racks for office staff, students (the default), and the Library computers. The web filter, bandwidth control, and application control is set much stricter for the student Rack and more relaxed for Staff.

You use the Policy Manager App to place users into their racks. This can be done via quite a few ways, such as by IP address, or by active directory objects, host name, MAC address, quotas, etc. It is not hierarchical, it is simply…rules based on how you want to define clients.

The Config page is where you get a bit more of the setup of the primary firewall features.

Untangle config

Untangle config

The Network tile brings you to where you manually set Ethernet interface settings. Here is where you set the address type, external or internal, additional aliases, DHCP, port forwarding, VLANs, QoS, DNS, filtering rules, UPnP, and many other advanced network settings.

Configuring Untangle Network interfaces

Configuring Untangle Network interfaces

The flexibility you have here really lets you easily build a rather complicated network. The interfaces shown above are on an Untangle system I've installed at a school. Untangle at Home can also support all these interfaces; you just need hardware that has all of them! You can now drag-and-drop interfaces to move them and rename them so you can better manage the Interface section.

The ASUS RT-AC88U Untangle is supporting as the first consumer hardware for Untangle at Home can support all the above interfaces. You can see I have two WAN connections. One is a DSL connection that the school has used for years. I added the second WAN connection a few months ago with a faster cable connection.

Untangle has load balancing and failover capabilities. I usually have 100% of the traffic on the AirFiber WAN, since that supports 170 Mbps download. But if AirFiber drops for any reason, Untangle will seamlessly route traffic over the slower 3 Mbps DSL connection, automatically flipping traffic back over to the AirFiber link once that’s restored. I can also balance those WAN connections with a 50/50, 75/25 or whatever ratio desired in increments of 1%.

On the LAN side, I have three internal networks. The 192.168.1.0/24 primary network is the main school network. I have a WiFiGuest network (192.168.254.0/24) on the last interface, for smart phones, tablets and guests. Finally, I have a little NUC computer and some other hardware tucked behind another interface at 10.50.3.0/24 for remote management.

If your hardware has wireless network cards that are supported by Untangle, you’ll have the standard wireless settings you can manage in this section. Untangle at Home supports all the RT-AC88U's wireless settings.

Untangle directly supports VLANs. You can even add a virtual VLAN interface to an existing interface and create your IP network within that virtual VLAN interface. I typically spread network clients to their appropriate interfaces on Untangle using VLANs from a managed switch. I’ll untag a VLAN on an uplink port on the switch and uplink it to the appropriate interface on Untangle.

Untangle also supports multiple IP aliases per interface. So if you have a block of public IP addresses, you can add them to the WAN interface. Or if you run multiple subnets on your LAN, all of which you want to access, just add multiple internal IPs to the internal interface. An example, our main network at my office is 10.50.1.0/24. But I set up quite a few devices on other common IP ranges, such as 192.168.1.0/24 and 192.168.2.0/24. So I’ve aliased those IPs on the internal Ethernet port of our Untangle firewall at our office to make life easier. I can just reach them from my computer right across the network without having to change the IP address on my workstation. Untangle takes care of all the routing.

Closing Thoughts

Untangle has really grown and matured over the years. It has turned from a little-known firewall distribution that a small enthusiast community used, to a solid competitor in the SMB and even enterprise market. It holds its own against well-known names like Sonicwall, Fortinet, Watchguard, Sophos, Juniper, and others. Stability, performance, and hardware compatibility has increased, as well as features have been updated or added.

Since my earlier review, the secondary antivirus scanner changed from Kaspersky to Bitdefender. In some recent updates towards the end of 2016, Untangle introduced UPnP, and blocking by GeoLocation. UPnP addresses complaints from home users about problems with online gaming. UPnP support enables Untangle to automatically open ports needed by many online games.

Geo Blocking is important for businesses to help secure their networks. Businesses often have ports open to their network for services like mail servers and remote access portals. So being able to deny traffic originating from certain countries is a big boost to security, potentially reducing attempts to break into the network.

The Geo Blocking rules are nicely done. You simply create rules for “is” or “is-not”, with check boxes listing countries….and whether traffic is going “to” or “from”. With over 40% of hacking attempts coming from China,…just a couple of clicks of the mouse in Untangle can block any traffic coming from there or anyplace else.

The availability of all Untangle's features running on a widely available consumer wireless router costing less than $300 is a big step forward for Untangle. Up until now, Untangle's u25w at $419, based on an Intel dual-core Atom processor, was the cheapest way to get Untangle at Home with Wi-Fi support and it has only three Gigabit Ethernet ports.

Although I didn't run formal performance benchmarks, my impression was the performance of Untangle at Home running on the RT-AC88U was quite similar to small Atom based systems we've deployed several dozen of. Prior to this Untangle at Home image for the ASUS, the least expensive hardware you could install Untangle on were Atom based systems, which still cost a decent amount of money (hard to find anything decent under $600).

Note that the RT-AC88U has only a dual-core Broadcom BCM4709C0 processor, which uses an ARM Cortex-A9 core with only 512 MB of RAM and 128 MB of flash. If Untangle ported at Home to a more powerful (and expensive) router like NETGEAR's R9000 Nighthawk X10, it would be interesting to see how it would perform with a quad-core processor. At this point, however, Untangle has not announced support for any other Wi-Fi routers.

There are other recently-released security firewalls for the residential market looking for their share of the market. But Bitdefender's own Box appliance, Norton/Symantec's Core, or the new Cujo Smart Internet Security firewall have higher annual subscription costs, and don't have nearly as many features as Untangle does.

Untangle adds a very effective UTM layer to antivirus packages you may already run on some devices and provides protection you need to have for IoT and other devices that are poorly or not at all secured. Combined with safe DNS services instead of your ISP's DNS, these layers of protection are relatively easy to implement and help protect you from the ever increasing number of internet-based threats.

For $5 / month or $50 / year, plus around $300 for an ASUS router you may already own, Untangle at Home brings enterprise grade firewall features to the home user at an affordable price that's hard to match!

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Which router do folks recommend that would work well in mesh mode with the GT-AX11000 which I'm using as my main Router.Obviously I don't want to spen...
Hi everyone. I've had a Blue Cave for a few years now and despite what seem like mixed results for some its been rock solid for me and better performi...
Hi, I am new here. I found some valuable info in the forum, including the article on what to look for when buying a new router. Seems there's some peo...
I saw these in several posts regarding firmware updates between 384.13 and 384.14 but I never saw an answer. I'm running 384.15 on an AC88 and these s...
Didn't noticed this until after installing a few scripts through amtm (skynet and diversion) so I'm not sure if its something that was implemented or ...

Don't Miss These

  • 1
  • 2
  • 3