Page 1 of 2 12 LastLast
Results 1 to 10 of 20
  1. #1
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    12,619

    Default 9.2 overview and details

    We've been working hard on making 9.2 the best version of Untangle yet.
    I wanted to create this thread to tell you about some of the high-level changes being made in 9.2, as well as some of the gotchas to look out for, and some of the stuff going on behind the scenes.

    Here are some of the high-level changes to be aware of when moving to 9.2:

    - Application Control
    Application Control is a new app that is an awesome tool to help identify and control traffic, protocols, and applications running on your network.
    Application Control will be a part of the premium package, so we're thrilled to announce that after 9.2 all of our current
    Premium Package subscribers will get Application Control at no additional cost. Thank you for supporting Untangle!
    Be aware that Application Control does scan and classify all traffic, so it uses a lot of CPU. If your server is already overworked as it is, I would no add this into the mix until you have everything stable on 9.2

    - IPsec VPN
    We're happy to announce that we're adding this app to the Standard Package. All standard package subscribers will have access to IPsec in 9.2 at no additional cost.
    Again, thanks to our standard package subscribers for support Untangle.

    - Protocol Control
    It has now been renamed to Application Control Lite. There are no other changes.

    - Performance
    In 9.2 we did a real world performance analysis that focused on large sites, mostly schools, with large servers (4 or more cores, 4 or more gigs RAM).
    There are many improvements in 9.2 and testing has shown that it performs far better in real-world data sets than 9.1 and prior.
    Huge thanks to all those sites that participated in the performance analysis study!
    We made a large set of changes which have help immensely.
    We changed the memory and garbage collector parameteres.
    We avoided and removed the use of certain expensive system calls.
    We changed/optimized the DB event table processing.
    We changed/optimized several of the expensive apps like Virus Blocker(s) and Web Cache

    - Source Interface matchers
    Source Interface matchers in port forwards, bypass rules, and packet filter rules (anything in config->networking basically) in 9.1 and prior do not function properly.
    Some example:
    A matcher with External checked matches External, DMZ, Interface 5, Interface 7, etc.
    A matcher with Internal checked matches Internal, Interface 4, Interface 6, etc.
    A matcher with DMZ checked, matches Interface 6, Interface 14, etc. (but not DMZ)
    A matcher with External and Internal checked matches DMZ (but not External or Internal)
    This has been fixed in 9.2. Be aware that theoretically you could construct rules which should not function in 9.1 and prior but do, and they will function correctly (but not as you want) in 9.2 and after.
    If you have custom port forwards, bypass rules, or packet filter rules that rely on source interface matchers I would examine them closely to make sure they are logically correct.
    Also in 9.2 the checkboxes are now radio buttons so only one may be selected because matching multiple interfaces never worked and should not be allowed in these rules.
    Despite working correctly in 9.2 it is still my advice to not use Source Interface matchers. Unless used correctly, they add little value but very real complications and confusion.

    - WAN Failover
    WAN Failover has a new implementation and new status screens, and many bugfixes.

    - Event Logs
    Event logs have a major cleanup. There is now a "Full Refresh" to force events to the DB, and all events should appear immediately after a full refresh. There is now an "export" ability to export to CSV files.
    Event logs that did not function properly were fixed (Spam Blocker, WAN Failover, etc)

    - Architectural changes
    In line with our recent work, we continue to simply and consolidate the underlying implementation of Untangle and the apps.
    We continue to move settings out of the postgres DB to files. This is both simpler and more efficient, but it also allows us to
    work towards "Command Center" functionality where you can standard on app settings and push them around to different servers from a central location.

    In 9.3 we will continue this work and explore similar efforts for the networking implementation for that eventual migration (and move to full support of IPv6).
    Also, we'll be moving to extjs 4.0, which should pave the way for some nice new features in the UI as well.

    - Rollout changes
    We are going to be doing a different roll-out schedule this time. Usually we switch the default download approximately half way through the upgrades being available to everyone (which we do gradually). This time we will make the default download 9.2 much earlier and do a slower roll-out. This will give us more time to incorporate changes from the performance study being conducted described above into newer builds.
    Last edited by dmorris; 02-23-2012 at 12:35 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #2
    Master Untangler jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    709

    Default

    ExtJS 4 and not jQuery 1.7? :P

    Seriously, though, nice work.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 8GB with Untangle 10.1-1 to protect 60+40Mbits for 450+ residential college students and associated staff and faculty

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,030

    Default

    I've said the same thing in the past... why use ExtJS and not jQuery like everyone else?

    I assumed it was one of those personal preference choices and moved on.

    Thanks for the heads up on the packet filter stuff Dirk. I haven't used source interface on much of anything consistently in recent history except the packet filter rule required to protect SSH.

    This now means that I need to create a packet filter rule per WAN interface as opposed to one that can do every WAN. Or I could just block all SSH and make a pass rule for Internal... Going to have to play with that, figure out which is easier in terms of total clicks and update the SSH defense procedure.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,465

    Default

    Nice work!

    Looking forward to the webinar on wednesday!

  5. #5
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,063

    Default

    Quote Originally Posted by WebFooL View Post
    Looking forward to the webinar on wednesday!
    Glad you said that, somehow it wasn't on my calendar... Fixed now!
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  6. #6
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,136

    Default

    There are many improvements in 9.2 and testing has shown that it performs far better in real-world data sets than 9.1 and prior.
    Huge thanks to all those sites that participated in the performance analysis study!
    We made a large set of changes which have help immensely.
    We changed the memory and garbage collector parameteres.
    We avoided and removed the use of certain expensive system calls.
    We changed/optimized the DB event table processing.
    We changed/optimized several of the expensive apps like Virus Blocker(s) and Web Cache

    The world is divided into 10 kinds of people, who know binary and those not

  7. #7
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,575

    Default

    i cant wait!
    Churchill | UT 10.0 | Dell R610 Server | Dual Xeon 2.8Ghz Quad Cores | 16Gb DDR3 ECC | 1 Intel Dual Port NIC | Integrated Broadcom | Dell Perc 4i | 4 x 73G 2.5 15k SAS raid 5 + 1 hot spare | 100mb/100mb

  8. #8
    Newbie
    Join Date
    Sep 2009
    Posts
    5

    Default

    great work !

  9. #9
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,136

    Default

    Megaupload can be deleted from the signatures database
    The world is divided into 10 kinds of people, who know binary and those not

  10. #10
    Newbie
    Join Date
    Aug 2008
    Posts
    14

    Default

    Good news on the performance from. Our box has been a real slug at times since upgrading to 9.1

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2