We're looking at switching from Mikrotik over to Untangle. Mikrotik currently has layer 7 firewalling (in RC right now), SPI, vpn, routing, shaping, etc..etc..etc.. We have been using it for about 4 years. The only thing it seems to be missing is the anti-spam stuff. I like it mainly because its very quick in only 64 megs of memory, and around 64 megs of HD space.

On the other hand, Untangle is huge, even with 1 computer behind it, it would not work with 256 megs of ram, the GUI (running on another machine) kept disconnecting, and I could not install packages. Increasing to 512 seemed to fix this. I think the main problem is Java running on the server. Is there any way around that?

Currently, we have two internet connections; two class C networks on one, and just a NAT on the other (backup link). We use policy based routing to send traffic out the correct links depending on who the customer is, and of course if the main link is down. Not sure if Untangle can do this, as I'm just playing with it in bridge mode at the moment.

The "rack" type view is rather interesting, but a bit too flashy, and non-functional when wanting to actually see all the rules in the various modules, and do some changing. I never did like GUIs, and would much rather lean twards the text side of GUIness.. such as a table type view of the firewall list, with a "modules" pulldown menu to select which module to edit. Or just integrate them all into the same list. As it is now, I find the "Firewall" in the rack, click show settings, enlarge, save, shrink, hide settings... also, where is the layer7-ness in the firewall? I think protocol control and firewall should be in the same module. Rather than allowing/denying raw ports, I want to allow/deny protocols based on to/from addresses...

Its nice to have all the packages on the same box, but I dont think of that as "integrated", as they are still working independant of eachother. Can they truely be tied together?

I would also like to see a text-only install option. If I can administer the system via command-line/menus then Untangle earns many mucho points.

Being able to NOT install the GUI and not use the GUI to run it saves resources too.

We're looking at switching from Mikrotik over to Untangle. Mikrotik currently has layer 7 firewalling (in RC right now), SPI, vpn, routing, shaping, etc..etc..etc.. We have been using it for about 4 years. The only thing it seems to be missing is the anti-spam stuff. I like it mainly because its very quick in only 64 megs of memory, and around 64 megs of HD space.

On the other hand, Untangle is huge, even with 1 computer behind it, it would not work with 256 megs of ram, the GUI (running on another machine) kept disconnecting, and I could not install packages. Increasing to 512 seemed to fix this. I think the main problem is Java running on the server. Is there any way around that?

Currently, we have two internet connections; two class C networks on one, and just a NAT on the other (backup link). We use policy based routing to send traffic out the correct links depending on who the customer is, and of course if the main link is down. Not sure if Untangle can do this, as I'm just playing with it in bridge mode at the moment.

The "rack" type view is rather interesting, but a bit too flashy, and non-functional when wanting to actually see all the rules in the various modules, and do some changing. I never did like GUIs, and would much rather lean twards the text side of GUIness.. such as a table type view of the firewall list, with a "modules" pulldown menu to select which module to edit. Or just integrate them all into the same list. As it is now, I find the "Firewall" in the rack, click show settings, enlarge, save, shrink, hide settings... also, where is the layer7-ness in the firewall? I think protocol control and firewall should be in the same module. Rather than allowing/denying raw ports, I want to allow/deny protocols based on to/from addresses...

Its nice to have all the packages on the same box, but I dont think of that as "integrated", as they are still working independant of eachother. Can they truely be tied together?
java is memory intensive..but that's also what gives it it's speed.

java is memory intensive..but that's also what gives it it's speed.

I see the memory intensive bit, but wheres the speed again? I agree with JoeShmo the interface is too nice. I have a P4 2.6Ghz machine with 1GB Ram and Untangle is so slow. Its slow despite the fact that most people are bypassing the filters by manually specifying an external proxy address.

Is there no way to run a stripped down shell based GUI, similar to the way you can use YAST from the command line in SuSE or you can use the windowed GUI if you have a super computer. There seems to be a sizable gap in between Mikrotik and Untangle for an easy to configure but fast and more extensible system.

Untangles great and I can set it up quickly, but once its setup I cant just leave it and expect it to carry on working like I can with other servers. :o

I have a P4 2.6Ghz machine with 1GB Ram and Untangle is so slow. Its slow despite the fact that most people are bypassing the filters by manually specifying an external proxy address.

How many users? I have mine running on a P4 2GHz 768 MB Ram NEC powermate desktop serving roughly 100 users with SSL VPN, web filtering, AV, protocol control, intrusion protection in bridged mode.

Works fine. Had no performance issues.

We have no performance issues reported at any of our sites. Machines range from 1.5ghz 500mb to 4+ghz, with most sites having 40+ users.

I have a 1.5ghz laptop running 500mb for testing purposes, and I consistantly kick the tar out of it with no performance hits.

Sorry to post on an old thread, but I had to address something.

Although I do have experience of various system plus Operating System (Windows, Linux, BSD), I also run a business that caters to Small Businesses and homes. Please emphasize homes.

A lot of *geeks* would prefer a text based GUI but I really find it refreshing to see this product actually have one. Its wonderful that I can show my clients how easily managed and navigated it is. An easy sell if you would.
So, if the people who develops Untangle keep the GUI, just know it is much appreciated. I can see that you guys and ladies(?) wanted to produce a product that was designed to be user friendly and *understood*.

Also to add, install WILL NOT work with 256 MB of RAM.

^^^ so very true, and even in some buisnesses everyone prefer a GUI interface, you dont need someone who is cisco certified or certified in X and familair with X command shall to say, add a port forward to a router, routers can be just as powerful and have a purdy GUI, it is why i like it so much, it is why our cisco 1700 is doing nothing more then converting our fiber line to an Rj45 jack.

I love the ease of use of Untangle, but I would like to see version 6 depart from Java. Java is very convenient, but I really think it adds far too much weight to the system. An ugly UI built in C++ would be incredibly lightweight and just as easy. Just more ugly... ;)

Well a C/C++ management app wouldn't do all that well for most people I would think. Granted on the firewall itself would be fine, but for remote use you never know what kind of box they're using to access it. Plus the guts of the code for everything is in java. Java is a pretty good language as long as the developers are good. :) I know a few people who run their whole businesses on java based code and it's perfectly fine and not too heavy. And I also know people who have java code that can't run for more then a week cuz it's buggy. :)

Fortunately the Untangle guys seem to know what they're doing. :)

--Chris

Reading this thread makes me think that a possible feature request would be the ability to skin the GUI?

For the record, my Untangle box is an Intel 1GHz twin (yes, two procs) with 4GB of RAM and it works very well with 10 to 15 heavy use systems in behind it on multiple platforms (Win32, Win64, OS X, *nix, an XBox360 and a Wii)

I agree that the GUI "Rack" has a lot of "fashion over function".

There are some very nice GUIs out there, such as m0n0wall, that combine fashion and function. (IMHO, ClarkConnect missed the mark, the GUI is neither fashion nor function).

I would like to see Untangle's interface easier to use at the expense of the flashy graphics rack. To dig in and really view operating parameters needs lots of mouse clicks and scrolling ("expanding") to find what I'm looking for. A simpler interface would go a long way to solve this.

(Note: with today's memory availability and prices, increasing memory shouldn't be a problem, unless you still have 72-pins. I run an energy-efficient Pentium M with 2GB of DDR. Works great. With a 2.5" hard drive, it uses little over 30 Watts.)

Please DO NOT remove the GUI from Untangle or strip it down to the point that it is useless. It makes everything so easy for those who aren't as savvy with command line.

Having the ability to install a command line only version or the currect GUI version would please everyone, I think.

One of the important features of Untangle is that it is simple to use. The one thing that makes Untangle easy to use is the GUI. Removing the GUI would make it difficult to use for many Untangle administrators, including myself.

I do not think they are trying to get the GUI removed as much as asking for an alternative w/ less overhead.

Scott.