What hardware do you all think I would need? This box sits between the firewall and core switch protecting 1600+ users with all the opens source modules except for OpenVPN & Firewall. Routing is installed to make some static routes but does not do DHCP or NAT. We will be logging almost EVERYTHING.

Thanks!

What is your WAN connection? When you say 1600+, how many at the same time? Also, are you planning on using the SPAM blocker module, if so, what is your typical email numbers?

Untangle might not be your best solution, pending on your answers to these questions. If you have a really beefy box, something like justinault's box, it might work.
http://forums.untangle.com/showthread.php?t=748

This box is at the county office of a school system. The box will sit between the firewall and core switch. On the public side there is a 9 meg connection via 6 T1's. On the private side there is a WAN connected to the core switch that provides a gig connection to the schools. As I said, it is only a 9 meg internet connection now. As for email numbers... I am not sure but will check. A large percent will be on at all times, though not all going to the internet... a lot of the traffic will stay internal.

Does that answer your questions? I have a 1.5 gig P4 Dell GX400 with 512 ram and 40GB IDE hard drive now that can do only the web filtering without choking... I know this is too small.

From your statement above, looks like the Untangle will be in a bridgemode, passing the traffic to your firewall. Only concern I have is the SPAM numbers. If you have an exchange, I suggest doing this to keep your bogus emails out of your exchange.
http://forums.untangle.com/showthread.php?t=68

also, does every student have an email address from the school? Or only the staff and faculty members.

Hey Gliverman,

I will say this: For that number of users, I'll build a better box. But, you know what, why don't you give it a try:

. Put your Untangle box in the middle in Bridge mode
. Leave it there for 2-3 days, just passing traffic, no module installed at all and check performance. If you want to see live/graphic performance, install gkrlem,
. The start installing modules, one by one, one every 2 or 3 days and see how it affects your system.

By the way, if you want, send me a PM, I'm curious where do you work. I work for a State College.

also, does every student have an email address from the school? Or only the staff and faculty members.

No student email addresses

Hey Gliverman,

I will say this: For that number of users, I'll build a better box. But, you know what, why don't you give it a try:

. Put your Untangle box in the middle in Bridge mode
. Leave it there for 2-3 days, just passing traffic, no module installed at all and check performance. If you want to see live/graphic performance, install gkrlem,
. The start installing modules, one by one, one every 2 or 3 days and see how it affects your system.

By the way, if you want, send me a PM, I'm curious where do you work. I work for a State College.

Question time...

I have used Linux before but am not sure on this distro how to install stuff... please advise on how to install gkrlem. I also would like to install nano since I do not use vi.

We actually have the GX400 in bridge mode now running only web filtering.

From your statement above, looks like the Untangle will be in a bridgemode, passing the traffic to your firewall. Only concern I have is the SPAM numbers. If you have an exchange, I suggest doing this to keep your bogus emails out of your exchange.
http://forums.untangle.com/showthread.php?t=68

We could eliminate spam filtering if needed, but I do not want to. They have a Barracuda filtering spam now.

SPAM and the IPS module uses the most resources. Since you might offload these services, I am leaning towards supported configuration. You still might need to have at min. 1GB of RAM.

SPAM and the IPS module uses the most resources. Since you might offload these services, I am leaning towards supported configuration. You still might need to have at min. 1GB of RAM.

I think I would like to keep IPS turned on... how much more resources would that need?

I don't have the exact numbers. Since memory is cheap, you can get 2GB of ram for under $75, I would just have 2GB of RAM on the system. I rather be safe than sorry.

Just to clairify, are these the specs we are talking about?

2GB RAM
80+ GB 7200 RPM SATA hard drive
2 - 3 NIC's
Dual Core CPU (what speed?)


Thanks

If you would like, we can send you our XD+ for a 30 day trial.
Untangle XD+ Server features added memory and processor speed for companies with heavy network use.
Processor
Intel Pentium D (dual core) 2.8 GHz

http://www.untangle.com/index.php?option=com_content&task=view&id=80&Itemid=467

If you would like our 30 day trial, please click here.
http://www.untangle.com/index.php?option=com_collect&task=requestTrial&Itemid=1135

How much do those cost with a rack kit?

List is $1195 for the XD+ and $125 for the rack kit. Most likely, you will get your education discount. I am not a sales guy, so, I dont have the exact discount info. From your info, I can refer you to our SE rep Dave Barber for more pricing discount info.

So, what do you think of this hypothetical setup? Seems like it should work quite well:

Corsair XMS2 2GB(2 x 1GB) DDR2 675 PC2 5400 Dual Channel System Memory Kit, 240-Pin, Unbuffered, Non-ECC. Model: TWIN2X2048-5400C4 $53.99 x 2 = 107.98 (4GB Total RAM)
ASUS P5L-VM 1394 LGA775 mATX Motherboard, Intel 945G Chipset, Supports Intel Core2 Duo CPUs, Dual DDR2 667 $84.99
Intel Core 2 Duo E6320 LGA 775 Conroe Dual-Core CPU BX80557E6320, 1.86 GHz, 4MB L2 Cache, 65 nm $179.99
WD Caviar SE16 250GB SATA Hard Drive WD2500KS, 300 MB/s, 7200RPM, 16MB Cache. $67.99
Black Pioneer 18X SATA DVD Burner DVR-212, 10X DVD+/-DL, 8X DVD+RW, 6X DVD-RW. $28.99
Black Ultra MicroFly Aluminum Micro ATX Computer Case ULT33117 w/ Clear Side Window. $65.99
Black CoolMax 500W EPS Computer Power Supply M-500B, 20+4 pin, Supports SATA & PCI Express, w/ 120mm Silent Fan & Fan Control $39.00
Intel PRO/1000 GT Desktop Low-Profile Network Adapter $28.99 x 2 = $57.98

Total cost would be $650.27 w/ shipping

If CPU is changed to
Intel Core 2 Quad Q6600 Kentsfield 2.4GHz LGA 775 CPU BX80562Q6600, 8MB L2 Cache, Quad-Core

The price goes up by $99 for a total of $749.27

I would do a search in forums for the word "ASUS". I don't remember seeing anyone getting that flavor motherboard working with Untangle. Poke around to be sure.

I would do a search in forums for the word "ASUS". I don't remember seeing anyone getting that flavor motherboard working with Untangle. Poke around to be sure.

Some other Asus boards show as having been used in the forums plus http://linux-tested.com/results/asus_P5l_vm1394.html shows this as a good linux board. All the chipsets are supported in linux, the only thing that may cause a problem is you have to manually install the driver for the onboard NIC.

Some other Asus boards show as having been used in the forums plus http://linux-tested.com/results/asus_P5l_vm1394.html shows this as a good linux board. All the chipsets are supported in linux, the only thing that may cause a problem is you have to manually install the driver for the onboard NIC.
you need FAST hard disks and SATA is not it. Go with 15k SAS drives and a 3ware hardware raid card with a BBU installed. Go with at least 4 gigs of ram. Also the 945G is a desktop chipset and not designed or validated for the level of traffic you are going to throw at it. If you want specific advice let me know..<G>

Please, by all means hescominsoon, advise on... :) I do not pretend to know it all and am not accustomed to building non-desktop machines so I welcome your knowledge. Oh, as a side note, what's a BBU? :confused: That is not a term I am familiar with. Thanks!

No, you don't need SAS drives for this setup, I'm 100% sure. A sata disk will be more than enough.

AS for ASUS, Untangle may not recognize your NICs and I think you don't want that. You told me you don't use 'vi' so you don't have a lot of experience at the shell command.

I built our Untangle servers on SuperMicro superBarebones, with nice CPUs, Sata Drive and fast memory.

I'll send you the specs tomorrow. The SuperMicro barebone I selected comes in a nice 1U small case for telco racks.

Thanks for the info juank. In my own defense though, I was introduced to Linux via Gentoo and the default editor in it is nano. That is what all the manuals and guides are written for. Beyond that my Mac's have always had pico... which as you may know is basically the same as using nano (at least for what I have done) so I have never felt the need to learn vi. I know some people swear by it and that is fine... I just have not ever had a reason to use it.

On the hardware side, I was not sure if Untangle would recognize the on-board NIC but figure everything would know the Intel Pro 1000 NIC's I added. I am not attached to Asus particularly, it is just a name that I have heard good things about that had Intel chipsets, onboard Intel video, and 4 DDR2 slots in a micro-ATX form factor.

Thank you for offering those specs, I look forward to seeing them. A 1U case sounds like a great setup and should still be portable like the case I had been looking at.

Thanks again for everyone's input.

Does anyone see a problem with using this setup?


Case: Supermicro Barebone SuperServer 5015M-MR+B
HDD: WD2500JS 250GB Caviar SE SATA 3Gb / s Internal Hard Drive
RAM: 2 x Kingston KVR667D2E5/2G 2GB PC2-5300 667MHz 240-pin ECC Unbuffered CL5 DDR2 SDRAM DIMM
CPU: Xeon QC X3220 2.4GHz, 8MB L2 Cache, 1066MHz FSB, 105W, Boxed
Optical Drive: LG Electronics GSA-T20N Slim DVD Super Multi Drive

Does anyone see a problem with using this setup?


Case: Supermicro Barebone SuperServer 5015M-MR+B
HDD: WD2500JS 250GB Caviar SE SATA 3Gb / s Internal Hard Drive
RAM: 2 x Kingston KVR667D2E5/2G 2GB PC2-5300 667MHz 240-pin ECC Unbuffered CL5 DDR2 SDRAM DIMM
CPU: Xeon QC X3220 2.4GHz, 8MB L2 Cache, 1066MHz FSB, 105W, Boxed
Optical Drive: LG Electronics GSA-T20N Slim DVD Super Multi Drive

I have to say..go sas 10k rpm. I two firewall mahcines here that i use for testing. One is a p-4 celey 2.8 ghz machine with 512 megs of ddr2 and a 60 gig sata hard drive. Heavy log analysis(yearly tables) take 3-5 minutes with the hard drive getting hammered and the cpu maxed. My other machine is a p-3 1.266 ghz box with 512 megs of pc-133 and one 74 gig scsi 10k rpm drive.(sas is the updated scsi in a nutshell). the same operation takes half the time. Transferring files from the proxy hard disk is also faster..the sata disk averages @50 megabits/sec and the p-3 box averages 85 megabits/sec. Mind you this isn't untangle but Astaro which is a heavier resource user than untangle.

Trust me you'll see the difference with that many users..go with sas..don't go the cheap way here..you'll get bitten. You are talking about enterprise level userbases here..don't use SMB or desktop drives with it.

What hardware do you all think I would need? This box sits between the firewall and core switch protecting 1600+ users with all the opens source modules except for OpenVPN & Firewall. Routing is installed to make some static routes but does not do DHCP or NAT. We will be logging almost EVERYTHING.

Thanks!
with that many users it will be an enterprise install. I really doubt that the procurement department will complain about paying for enterprise-level equipment. But if your SAU has a tight budget, I suggest using multiple boxes cloned out so that each box will cover each school, rather than one box to cover all of them. You can place all of them in the central location if you like. Maybe have each system installed into rack mount 4u cases, you can get them cheap these days, and install regular ATX stuff inside. Athlon 64's or P4's would do the trick along with 2GB or so per box, and you wouldn't need an expensive SAS storage solution. This will also allow each box to have a separate report, too, for easier per-school administration. And if one box fails, it doesn't take down ALL the schools! That's my $.02!:p

I spoke to Supermicro and they said that since I am wanting to use a single hard drive that SAS is a waste of money. They said that without an array that the speed increase would be negligible. I am gonna try and generate a PO this week and will post back once I have more news. Thanks again for everyone's input... keep it coming. :)

They did say, though, that later I can add a card to the server with an external SAS connecter and then connect it to a case with a SAS array if I need to in the future.

I spoke to Supermicro and they said that since I am wanting to use a single hard drive that SAS is a waste of money. They said that without an array that the speed increase would be negligible. I am gonna try and generate a PO this week and will post back once I have more news. Thanks again for everyone's input... keep it coming. :)

They did say, though, that later I can add a card to the server with an external SAS connecter and then connect it to a case with a SAS array if I need to in the future.

Let us know how it's going. I'd like to see how a single machine will handle 1600 users. Are you going to use filtering for WWW and protocols only? When you get into spam/virus/etc filtering (gateway security) it will get very loaded and possibly backed up trying to keep pace with that many users. I guess you don't want to split the load on a per-school basis. That would still be the best bet, and each school prolly has a spare PC powerful enough to do the job. Good luck, and yes I do hope it works for you with one system handling the whole load.

Let us know how it's going. I'd like to see how a single machine will handle 1600 users. Are you going to use filtering for WWW and protocols only? When you get into spam/virus/etc filtering (gateway security) it will get very loaded and possibly backed up trying to keep pace with that many users. I guess you don't want to split the load on a per-school basis. That would still be the best bet, and each school prolly has a spare PC powerful enough to do the job. Good luck, and yes I do hope it works for you with one system handling the whole load.

I will let you know how it works. I am building this as a demo box basically and that is why I need it to be able to do it all. If they like it they will most likely put one at each school and then have one that just does some light-weight stuff at the county office.

I spoke to Supermicro and they said that since I am wanting to use a single hard drive that SAS is a waste of money. They said that without an array that the speed increase would be negligible. I am gonna try and generate a PO this week and will post back once I have more news. Thanks again for everyone's input... keep it coming. :)

They did say, though, that later I can add a card to the server with an external SAS connecter and then connect it to a case with a SAS array if I need to in the future.
honestly? They're stoned. Just look at my post above with 5 users between a SATA and SCSI drive. ignore them..SAS is your best bet..the speed difference will be noticeable..you throw 1k users at a sata drive and your system will go to its knees waiting for the sata drive to dig itself out from under the pile.

I'm interested to know how this goes. Keep us updated!

We have seen some sites running just fine with 1000-2000 users. Some even on rather questionable hardware. Some even on vmware!

I ordered all the parts today and should have them before week's end... will update asap.

Just waiting on one more part to show up then the fun will start :)

Thank you Dr. Frankenstein!

Got all the parts put together today and Untangle 5.03 installed flawlessly. I am hoping to put it into service in the next few days.

Congrats! Lets name it "sho nuff"

Sho'nuff: Am I the meanest?
Sho'nuff 's Goons: Sho'nuff!
Sho'nuff: Am I the prettiest?
Sho'nuff 's Goons: Sho'nuff!
Sho'nuff: Am I the baddest mofo low down around this town?
Sho'nuff 's Goons: Sho'nuff!
Sho'nuff: Well who am I?
Sho'nuff 's Goons: Sho'nuff!
Sho'nuff: Who am I?
Sho'nuff 's Goons: Sho'nuff!
Sho'nuff: I can't hear you...
Sho'nuff 's Goons: Sho'nuff!

gliverman, just as a curiosity, approx price for your "Sho'nuff" box?

gliverman, just as a curiosity, approx price for your "Sho'nuff" box?

Total cost = $1095.69

http://haacked.com/images/ShoNuffFullSize.gif

edit: you should turn on remote support - just in case! :)

you should turn on remote support - just in case! :)

How do I do that?

First, go to TERMINAL on the Untangle box itself and define a password.
Second, inside the Untangle GUI, go to CONFIG -> SUPPORT -> ACCESS RESTRICTIONS and check the "Allow" box.

The combination of the two turns on SSH access to the box.

The box is running as of a few minutes ago but the page that comes up when a site is blocked is only showing text... no logos, no background, not anything. Also, when we do a speedtest from behind it the upload part of the test does not work... tried speakeasy.net and speedtest.net and had the same result on both.

Any ideas?

if you have the web blocker module on, block porn, and then try to goto playboy.com

Your screen should look like this:
http://wiki.untangle.com/images/d/d6/Playboyblock.jpg

Could you check your NICs. Goto config tab, support, network interfaces, and see if they are full duplex.

Could you check your NICs. Goto config tab, support, network interfaces, and see if they are full duplex.

They are on auto now which should be getting them full. As for the other response, I know that is what the page should look like but I am only getting the text in the center, none of the graphics or background, and not the link to click on... it is like a plain text file is being displayed instead of the page that is reading the info from said file (I have no idea if this is how it really works, but that is what it looks like)

You are in a bridge mode. Could you unplug one of the NICs and hit refresh. I am wondering if you have the NICs flip flopped.

You are in a bridge mode. Could you unplug one of the NICs and hit refresh. I am wondering if you have the NICs flip flopped.

Sadly, I think it will be Monday before I can do that... building is locked now. Does the fact that I can get to the web interface to login make any difference?

I think you may be on to something with the backwards NIC thing... email coming in shows in the spam filter as going out and vice versa... THANKS

First, go to TERMINAL on the Untangle box itself and define a password.
Second, inside the Untangle GUI, go to CONFIG -> SUPPORT -> ACCESS RESTRICTIONS and check the "Allow" box.

The combination of the two turns on SSH access to the box.

For some reason, ssh seems to still be off. Do I start it manually via /etc/init.d/ssh like other distro's? Do I need to do anything special to ensure it start automatically next time I restart the box?

Shouldn't need to be started manually....
Have you accessed it previously at the machine?
If you are behind a firewall you would need to forward ssh traffic to the Untangle box....

Shouldn't need to be started manually....
Have you accessed it previously at the machine?
If you are behind a firewall you would need to forward ssh traffic to the Untangle box....

ssh has not worked yet. I can not access it from inside or outside the network. I have the traffic forwarded through the firewall so I can access it from outside too, but like I said, it does not work from inside either.

Just to review, what have you tried to do with SSH?
It should just be those steps that MDH talked about, that you have to do physically at the console......

Just to review, what have you tried to do with SSH?
It should just be those steps that MDH talked about, that you have to do physically at the console......

Well, the first part of my problem was user error... I checked the wrong box under Support. Now I have fixed that and can ssh from a computer behind the firewall with no problem, however, I get this message when ssh'ing from off site:
Genes-MBP:~ gliverman$ ssh root@remote.site.address
ssh_exchange_identification: Connection closed by remote host

Ahh.........the old genes-mbp guy. . . lol
Umm.........is that what first comes up when you open the connection?
I would guess that it's an issue with the firewall................just a guess... are the redirect/forwarding rule working?
I don't know that this would have anything to do with it.......but in the remote admin under access and public address do you have your public address put in?

I don't know that this would have anything to do with it.......but in the remote admin under access and public address do you have your public address put in?

No, I do not... I was not really sure what that was for so we left it blank. The remote java interface works fine, just not remote ssh.

Yeah, it's mainly for emails, so that users don't get sent an internal IP and get the public address for when Untangle is in bridge mode. It just lets Untangle know how to let people get back to it................

I set it to the public IP but it did not change anything. Do you know if this has to be an IP address or can it be a fqdn like somebox.somewhere.org?

You know, we determined that one of my other issues may be due to the nics being reversed... could that be my issue? I plan to fix that tomorrow.

I corrected the positions of the network cables today. The page for blocked content shows up correctly now. I have a few questions though...

Is there a way to lock the screen on the console?
Any more ideas on why ssh is not working from off site?
The Untangle server can send emails within the internal network but is not able to send mail to accounts in the outside world... any ideas?

No current method to lock the console...

Unless I missed it, you didn't say which address you were trying to ssh to from outside.

If port forwarding is enabled on your firewall, you should use the firewalls outside address.

Have your checked the Wiki about the email setup?

http://wiki.untangle.com/index.php/Email#Configuring_Server_Email_Traffic

I am ssh'ing to the public address and yes, I have read the wiki on email... more ideas?

We are running the box with every feature but firewall turned on and it working great! We are logging almost everything! The filters are working so well that it has dramatically increased the available bandwidth on the internet connection!

I will post some stuff from the Daily report tomorrow.

Below is the daily report from our fist day of full use.


Untangle Platform Report

Vital Statistics:
Average data transfer rates
Per second 203.929 KBytes/sec
Per day 16.820 GBytes/day

Data transferred 16.820 GBytes
Outbound 1.167 GBytes 6.93%
Inbound 15.652 GBytes 93.07%

Sessions created 678,876
Outbound 442,488 65.18%
Inbound 236,388 34.82%

Administrative logins 10
Successful 9 90.00%
Failed 1 10.00%


Spam Blocker Report

Vital Statistics:
Scanned emails (SMTP) 33,493
Spam connection rejected using DSNBLs 28,457 84.96%
Spam & Quarantined 1,611 4.81%
Spam & Passed 38 0.11%
Clean & Passed 3,387 10.11%

Scanned emails (POP/IMAP) 0
Clean & Passed 0 0.00%


Phish Blocker Report

Vital Statistics:
Scanned emails (SMTP) 5,045
Phish & Quarantined 5 0.10%
Phish & Blocked 0 0.00%
Phish & Marked 0 0.00%
Phish & Passed 0 0.00%
Clean & Passed 5,040 99.90%

Scanned emails (POP/IMAP) 0
Phish & Marked 0 0.00%
Phish & Passed 0 0.00%
Clean & Passed 0 0.00%

Web logged violations: Phish & Blocked 0


Spyware Blocker Report

Vital Statistics:
Potential spyware communications detected 50,355
Blocked cookies 5,494 10.91%
Blocked activeX 0 0.00%
Blocked URLs 18,677 37.09%
Logged subnet accesses 26,184 52.00%

Clean communications detected 1.417 M


Web Filter Report

Vital Statistics:
Filtered web traffic 27.679 GBytes

Scanned web visits 1.200 M
Logged web visits 254,196 20.27%
Passed web visits 999,718 79.73%


Virus Blocker Report

Vital Statistics:
Virus Definitions 5163 -- Mon Dec 17 19:29:09 2007

Scanned Web downloads 179,253
Infected & Blocked 0 0.00%
Clean & Passed 179,253 100.00%

Scanned FTP downloads 334
Infected & Blocked 0 0.00%
Clean & Passed 334 100.00%

Scanned emails 2,388
Infected & Blocked 0 0.00%
Clean & Passed 2,388 100.00%


Intrusion Prevention Report

Vital Statistics:
Total Scan Events 2.654 M
Matched & Logged 1,149 0.04%
Matched & Blocked 4 0.00%
Unmatched 2.653 M 99.96%


Protocol Control Report

Vital Statistics:
Detected protocol sessions 612,906
Blocked sessions 1,929 0.31%
Passed sessions 610,977 99.69%


Router Report

Vital Statistics:
Total redirections 670,696

TCP redirections 429,555
Inbound 24,279 3.62%
Outbound 405,276 60.43%
UDP redirections 240,733
Inbound 185,477 27.65%
Outbound 55,256 8.24%
PING redirections 408
Inbound 0 0.00%
Outbound 408 0.06%

NAT outbound sessions created 0
DMZ Host inbound redirections 0


OpenVPN Report

Vital Statistics:
User logins 0
Client distributions 0


Attack Blocker Report

Vital Statistics:
Resource requests 5.768 M
Accepted 5.748 M 99.67%
Limited 9,009 0.15%
Dropped 9,014 0.15%
Rejected 1,905 0.03%

Resource allocation selectivity
Normal 100.00%
Increased 0.00%
High 0.00%
Defensive 0.00%

So are these results with 1600 users behind it?

You gotta love how that Spam module dropped almost 30,000 emails before they ever reached the mail server.:D

So are these results with 1600 users behind it?

You gotta love how that Spam module dropped almost 30,000 emails before they ever reached the mail server.:D

That's right, there are about 1600 users in the school district that this is sitting in front of. Just as a refresher, this system is built for less than $1100 with

Case: Black Supermicro Barebone SuperServer 5015M-MR+B
HDD: WD2500JS 250GB Caviar SE SATA 3Gb / s Internal Hard Drive
RAM: 4 1GB Kingston PC2-5300 DDR2
CPU: Xeon Quad Core X3220 2.4GHz, 8MB Cache, 1066MHz FSB
Optical Drive: LG Electronics GSA-T20N Slim DVD Super Multi Drive


I am wonderfully impressed by it's performance so far and cannot wait to see the weekly report that will be sent out Sunday. Yesterday morning (Monday) the processor was not even breaking a sweat... spamd (the spam filter, for those who do not know) was using about 1 full core, but over all the processor was between 45% & 65% idle during one of the peak usage times!

I am ssh'ing to the public address and yes, I have read the wiki on email... more ideas?

I setup port fowarding for SSH to my untangle box ( in bridge mode) with no public IP on the remote admin page.

Not sure if having that makes a difference :confused:

That's right, there are about 1600 users in the school district that this is sitting in front of. Just as a refresher, this system is built for less than $1100 with

Case: Black Supermicro Barebone SuperServer 5015M-MR+B
HDD: WD2500JS 250GB Caviar SE SATA 3Gb / s Internal Hard Drive
RAM: 4 1GB Kingston PC2-5300 DDR2
CPU: Xeon Quad Core X3220 2.4GHz, 8MB Cache, 1066MHz FSB
Optical Drive: LG Electronics GSA-T20N Slim DVD Super Multi Drive


I am wonderfully impressed by it's performance so far and cannot wait to see the weekly report that will be sent out Sunday. Yesterday morning (Monday) the processor was not even breaking a sweat... spamd (the spam filter, for those who do not know) was using about 1 full core, but over all the processor was between 45% & 65% idle during one of the peak usage times!

Hey Gliverman,

I'm glad you love the SuperBarebone!

just a heads up.
you may need to tune the untangle reports settings
as the database fills up, report creation may get slower and you'll have to turn off monthly reports

just a heads up.
you may need to tune the untangle reports settings
as the database fills up, report creation may get slower and you'll have to turn off monthly reports

Can you tell me what I might need to do or what to look for?

In the reports module you have quite a few options of what you can configure, check out the wiki:
http://wiki.untangle.com/index.php/Untangle_Reports#Specifying_When_Untangle_Server_G enerates_Untangle_Reports

i can imagine all those logs will build up. do they delete themselves after so many days after the reports?

I agree that the logs will build up, but how do I check to see if it will be too much? Is it merely a question of hard drive space?

if i remember correctly you can use the terminal commands to check hard drive space like "df -h" or "du -h"

it would be nice if there was a module for logs. maybe there is and im not seeing it.

if i remember correctly you can use the terminal commands to check hard drive space like "df -h" or "du -h"

it would be nice if there was a module for logs. maybe there is and im not seeing it.

You are correct, df -h will show the free space... but is this what dmorris was referring to? Also, all the logs are available in their respective modules. Plus there is the ability to send the logs to a syslog server.

Here is the first weekly report. Keep in mind that this was just as Christmas break started so I will post another one after school starts back up.


Untangle Platform Report
Vital Statistics:
Average data transfer rates
Per second 113.340 KBytes/sec
Per day 9.346 GBytes/day

Data transferred 65.376 GBytes
Outbound 4.778 GBytes 7.28%
Inbound 60.621 GBytes 92.72%

Sessions created 2.965 M
Outbound 1.821 M 61.23%
Inbound 1.144 M 38.77%

Administrative logins 23
Successful 21 91.30%
Failed 2 8.70%


Spam Blocker Report
Vital Statistics:
Scanned emails (SMTP) 225,028
Spam connection rejected using DSNBLs 197,289 87.67%
Spam & Quarantined 11,893 5.29%
Spam & Passed 225 0.10%
Clean & Passed 15,621 6.94%

Scanned emails (POP/IMAP) 0
Clean & Passed 0 0.00%


Phish Blocker Report
Vital Statistics:
Scanned emails (SMTP) 27,823
Phish & Quarantined 75 0.27%
Phish & Blocked 0 0.00%
Phish & Marked 0 0.00%
Phish & Passed 0 0.00%
Clean & Passed 27,748 99.73%

Scanned emails (POP/IMAP) 0
Phish & Marked 0 0.00%
Phish & Passed 0 0.00%
Clean & Passed 0 0.00%

Web logged violations: Phish & Blocked 0


Spyware Blocker Report
Vital Statistics:
Potential spyware communications detected 187,161
Blocked cookies 15,134 8.09%
Blocked activeX 0 0.00%
Blocked URLs 70,905 37.88%
Logged subnet accesses 101,122 54.03%

Clean communications detected 5.775 M


Web Filter Report
Vital Statistics:
Filtered web traffic 105.437 GBytes

Scanned web visits 4.348 M
Logged web visits 947,523 20.82%
Passed web visits 3.447 M 79.18%


Virus Blocker Report
Vital Statistics:
Virus Definitions 5232 -- Sun Dec 23 20:52:51 2007

Scanned Web downloads 469,895
Infected & Blocked 30 0.01%
Clean & Passed 469,865 99.99%

Scanned FTP downloads 2,272
Infected & Blocked 0 0.00%
Clean & Passed 2,272 100.00%

Scanned emails 9,806
Infected & Blocked 2 0.02%
Clean & Passed 9,804 99.98%


Intrusion Prevention Report
Vital Statistics:
Total Scan Events 10.888 M
Matched & Logged 6,836 0.06%
Matched & Blocked 89 0.00%
Unmatched 10.881 M 99.94%


Protocol Control Report
Vital Statistics:
Detected protocol sessions 2.497 M
Blocked sessions 15,710 0.60%
Passed sessions 2.481 M 99.40%


Router Report
Vital Statistics:
Total redirections 2.845 M

TCP redirections 1.757 M
Inbound 143,125 4.83%
Outbound 1.618 M 56.76%
UDP redirections 1.068 M
Inbound 860,755 29.05%
Outbound 257,896 8.70%
PING redirections 19,468
Inbound 0 0.00%
Outbound 19,468 0.66%

NAT outbound sessions created 0
DMZ Host inbound redirections 0


Attack Blocker Report
Vital Statistics:
Resource requests 26.348 M
Accepted 26.280 M 99.75%
Limited 31,437 0.11%
Dropped 31,764 0.12%
Rejected 6,662 0.02%

Resource allocation selectivity
Normal 100.00%
Increased 0.00%
High 0.00%
Defensive 0.00%

sorry for the slow reply.

I was referring to the tables in the database getting too big and the report queries taking too long to complete. It may happen it may not.

In 5.1, you'll be able to turn down the time it keeps data to 7 days (previously only 30 days)
This will definitely increase report performance, but you won't have monthly reports.

sorry for the slow reply.

I was referring to the tables in the database getting too big and the report queries taking too long to complete. It may happen it may not.

In 5.1, you'll be able to turn down the time it keeps data to 7 days (previously only 30 days)
This will definitely increase report performance, but you won't have monthly reports.

How would I know if the tables are getting too big?

Be careful with what you do with logfiles... I'm not sure about Georgia, but in Ohio we have to keep logs of sites visited/emails sent/recvd for 7 years**. Also, I found out that the spam filtering based on "DNSBL" lists isn't 100% Accurate, and will often (10% or so) block perfectly legitimate emails... and getting your address removed from those DNSBLs is often more of a pain, and drawn out process than it really needs to be...


Just my input on the matter...

PS, how is the machine holding up?

Box has held up great. We do not have to keep that stuff so long as there is a local policy in place stating how long we are going to archive things for. Thanks for the input.

That's good to hear (And I'm envious)... I can't even begin to tell you the number of tape backups we have sitting in off-site storage for "security" reasons... Actually I can... one 40g tape per week, four per month, 208 per year... since feb.2001... 1,456 40gb tapes in storage...

That is insane!!!

56.875 TB of tape storage... just so we can keep track of email sent about homework assignments...


what a waste

I think I'm going to be sick. lol

There's probably another 12.255 TB of tape allocated to unexcused absences...

lol, not sure about that, but I do know the student records are part of the backup that is performed every friday night.

So, I just thought I would provide an update on this setup... the box is still running strong, :worship: now on 5.3. The Barracuda that was doing out of band spam filtering has now be removed because Untangle is doing a good enough job. Every now and then the box does seem to need a reboot but, in general, it works great.

Here is some info from the most recent weekly report:


Spam Blocker:
Scanned emails (SMTP) 302,682
Spam connection rejected using DNSBLs 264,666 87.44%
Spam & Quarantined 20,580 6.80%
Spam & Marked 20 0.01%
Clean & Passed 17,416 5.75%


Phish Blocker:
Scanned emails (SMTP) 38,686
Phish & Quarantined 632 1.63%
Phish & Blocked 0 0.00%
Phish & Marked 0 0.00%
Phish & Passed 0 0.00%
Clean & Passed 38,054 98.37%


Virus Blocker:
Virus Definitions 8316 -- Tue Sep 23 05:40:56 2008
Scanned Web downloads 70,191
Infected & Blocked 0 0.00%
Clean & Passed 70,191 100.00%
Scanned FTP downloads 1,198
Infected & Blocked 0 0.00%
Clean & Passed 1,198 100.00%
Scanned emails 13,930
Infected & Blocked 677 4.86%
Clean & Passed 13,253 95.14%


Intrusion Prevention:
Total Scan Events 8.700 M
Matched & Logged 0 0.00%
Matched & Blocked 25 0.00%
Unmatched 8.700 M 100.00%


Firewall:
Sessions examined 2.1010 M
Sessions blocked 0
Blocked by rule 0 0.00%
Blocked by default 0 0.00%
Sessions passed 2.1010 M
Passed by rule 0 0.00%
Passed by default 2.1010 M 100.00%
TCP sessions 1.690 M
Blocked 0 0.00%
Passed 1.690 M 56.05%
UDP sessions 1.320 M
Blocked 0 0.00%
Passed 1.320 M 43.95%
PING sessions 0
Blocked 0 0.00%
Passed 0 0.00%


Attack Blocker:
Resource requests 7.107 M
Accepted 6.897 M 96.77%
Limited 132,094 1.77%
Dropped 73,627 0.99%
Rejected 34,593 0.46%
Resource allocation selectivity
Normal 100.00%
Increased 0.00%
High 0.00%
Defensive 0.00%


Configuration Backup:
Successful backups 7
Failed backups 0


Untangle Platform:
Average data transfer rates
Per second 112.579 KBytes/sec
Per day 9.281 GBytes/day
Data transferred 64.948 GBytes
Outbound 4.489 GBytes 6.90%
Inbound 60.459 GBytes 93.10%
Sessions created 2.859 M
Outbound 2.463 M 86.39%
Inbound 405,183 13.61%
Administrative logins 15
Successful 14 93.33%
Failed 1 6.67%

Nice stats on the email, but it seems that the Intrusion Provention and Firewall sections are not doing anything at all...?

This box sits between the firewall and core switch

so I imagine those modules aren't active.

damn! :D

very cool to see the reports.

thanks for the update.

Nice stats on the email, but it seems that the Intrusion Provention and Firewall sections are not doing anything at all...?

The Firewall module is just for static routes across the WAN. the Intrusion Prevention one is active though. There is still, at the moment, a SonicWALL Pro 3060 on the edge of the network... maybe that accounts for the low activity.

damn! :D

very cool to see the reports.

thanks for the update.

Always glad to help, you all, along with these forums (this thread in particular), have been so much help to me!

And they say UT isn't ready for the Enterprise... ;) Great work man!

I wanna bump this up.. Curious to see how it's still doing..

:) The server is doing great! The school system that uses it actually just replaced the box specified in this post that I had loaned them with a spare Dell PE 2850. They use the entire Pro Package integrated with Windows Server 2003 Enterprise and Active Directory.

That is freaking awesome.. Thanks for the update!

Hello all,

I was worried that UT might not like the 2850 with SCSI RAID. So far so good. I have turned off the auto update option (due to issues in the past). This way we can image the server before an update and revert if needed.

I have created a read only account for those who are interested in seeing our configuration. Please feel free to look at the reports or email me with any questions.

~ https://hcss-untangle.gaettc.org
~ user : untangle
~ password : %untangle%

Chris Pope
Network / Systems Engineer
Haralson County Schools
chris.pope@haralson.k12.ga.us

:) The server is doing great! The school system that uses it actually just replaced the box specified in this post that I had loaned them with a spare Dell PE 2850.

Any chance of a network diagram to see how you are dealing with that many internal users?

Thanks for the look, but Error: Username and Password do not match


~ https://hcss-untangle.gaettc.org
~ user : untangle
~ password : %untangle%

the 1st page is the portal login for our AD users.

Click on the link at the bottom that says "Untangle Server Administration ".

----------

Our UT server is in bridge mode. NAT is performed by our firewall. Our core switch handles the routing to the subnets. Is this what you wanted to know?

Any chance of a network diagram to see how you are dealing with that many internal users?

I have attached a diagram.