|
|||||||
| View Poll Results: Should the Untangle Firewall configuration settings go back to the previous version? | |||
| Yes |
   
|
9 | 81.82% |
| No |
  
|
2 | 18.18% |
| Voters: 11. You may not vote on this poll | |||
 |
|
|
LinkBack | Thread Tools |
11-30-2011, 09:33 AM
|
#1 (permalink) |
|
Newbie
Join Date: Nov 2011
Posts: 2
 |
Firewall Change (Problem) Untangle 9.1
Untangle's firewall has continually improved over time (the ability to have both simple and advanced rulesets), however the latest build has broken all of that. The fact that the interface has now switched on how one configures rules is confusing. You don't have the ability to specify permit or deny statements (check box options are very confusing).
More importantly, the granularity of the firewall rule has now been lost. For example: I used to have SMTP (25) opened up to only allow SMTP traffic destined to my internal email server (10.10.1.2). The new untangle firewall update broke that and caused all of my mail to get blocked. Upon investigating this, I realized that not only did i have to reconfigure the rule, but the only way to allow the traffic was to do the following: Source Interface = External Protocol = TCP Destination Port = 25 Destination Interface = Internal Destination Address = removed (was 10.10.1.2) I had to remove my destination address (10.10.1.2). The reason for having to remove this last part of the rule is that for some reason, when I am very specific to the destination address, the MAIL traffic is blocked. I have the port forward working just fine. I have tested several times using MXToolbox externally to check my mail server. I am really disappointed as now we have to have less restrictive firewall rules in order to make hosted services work. Recommendations for Untangle Firewall: 1) Please go back to the previous build. Firewall rules in the previous versions were easy configure (having a simple and advanced option is perfect). Granularity is what made you great! 2) Port Forwarding - when port forwarding traffic, many firewalls give you the option to automatically create the associated firewall rule (usually done with a simple check box that says add firewall rule automatically). Please do this, it is a pain to have to go back and forth when port forwarding traffic to then have to get the firewall opened up as well for that same traffic. Thank you Untangle Team! Justin Last edited by jbalogwwf; 11-30-2011 at 09:40 AM.. |
|
|
11-30-2011, 09:40 AM
|
#2 (permalink) |
  
Join Date: Jul 2010
Location: sfba
URLs submitted: 1
Posts: 1,137
|
this bug has been reported and fixed in build5.
in build 4, you need to use Destination Address: <public IP> (rather than 10.10.1.2) for that Firewall rule. once build 5 is out, it will operate "old" way, however i don't think the new rule UI is going anywhere.
__________________
Attention: Support on the Untangle Forums is provided by volunteers and community members. If you need official Untangle support please call or email support@untangle.com. |
|
|
|
11-30-2011, 10:02 AM
|
#4 (permalink) |
|
Untangle Junkie
Join Date: Nov 2006
Location: San Mateo, CA
URLs submitted: 10
Posts: 10,611
|
Functionally of the rules are identical in 9.1 and 9.0, with the exception of now you can match on username also in 9.1.
__________________
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com |
|
|
|
11-30-2011, 10:13 AM
|
#5 (permalink) | |
|
Master Untangler
Join Date: Aug 2008
URLs submitted: 1
Posts: 946
|
Quote:
please correct me if I am wrong here. |
|
|
|
|
11-30-2011, 01:52 PM
|
#6 (permalink) |
 
Join Date: Apr 2008
Location: Phoenix, AZ
URLs submitted: 8
Posts: 15,454
|
The firewall has always been post-nat. Is it changing such that it matches both pre and post nat now?
I haven't done much with 9.1 other than install it. And the UI changes I've seen I like.
__________________
Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879 |
|
|
|
11-30-2011, 02:08 PM
|
#7 (permalink) |
|
Untangle Junkie
Join Date: Nov 2006
Location: San Mateo, CA
URLs submitted: 10
Posts: 10,611
|
It is not changing.
It will still be pre-NAT for source address and source port, and post-NAT for destination address and destination port.
__________________
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com |
|
|
|
11-30-2011, 02:11 PM
|
#8 (permalink) |
|
Join Date: Apr 2008
Location: Phoenix, AZ
URLs submitted: 8
Posts: 15,454
|
Thanks for the clarification. That's exactly the way I want it to work!
__________________
Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879 |
|
|
|
11-30-2011, 04:18 PM
|
#10 (permalink) |
|
Newbie
Join Date: Feb 2010
URLs submitted: 4
Posts: 13
|
Many Problems after rupgrading to 9.1
After overnight auto upgrade to 9.1, Untangle has become totally unstable.
1. System has become slow as avg load is now higher even at very low traffic and sessions. 2. Entire configuration has gone and site list in web filter are not restorable. 3. Report generation is not working. It is giving some Java error. java.lang.Exception Unable to run daily reports: Return code: 1 4. Event log view for any module takes lot of time and shows blank. It is contrary to the claim that new version will improve the performance. I am unable to use the system as the behaviour is just unacceptable. Quick Patches if any or upgrades are urgently needed or else roll back to previous version. Regards M.K.Gupta |
|
|
|
| Thread Tools | |
|
|
