Untangle between LAN segments

madasecurity · 07-09-2009, 01:42 AM

I am now testing Untangle, so far it is a very smart product. I couldn't figure out how to deploy Untangle between LAN segments, e.g. between the user LAN and the server farm. Is it possible? would it be fast enough?

WebFooL · 07-09-2009, 02:03 AM

Hi and welcome to the forum,

What hardware is it runnig on and how big are the lan segments?

ex 5 servers and 20 users
or 100 servers and 500 users.

madasecurity · 07-09-2009, 02:38 AM

Let's say 100 users on one side, and 5 servers (DC, DNS, SQL, Exchange) on the other. The DMZ is a seperate segment. The users are students, and I must take into account that someone from the user LAN may try to hack my servers.
I have a Checkpoint firewall as a bridge at the entrance to the server LAN, and want added protection of an IPS.
The UT will run on an HP Proliant ML110, quad, 4GB ram, w mirrored disk. If that is not enough, I can go to HP Proliant ML350 2 CPU, 4GB, SAS disks.

madasecurity · 07-09-2009, 06:36 AM

OK, I guess that if the two segments have different address ranges, and connected by a router, then $External_Net with the default value ("any") should be interpreted as the user LAN. In other words, the UT server should be deployed in the standard manner, between the router and the server LAN.
If, on the other hand, both segments are a single address range we should have a problem. The users IP's should be interpreted as internal, resuting either in the UT ignoring the users (not good), or else interpereted as spoofed addresses (also not good).
In the lab I simulated the second scenario, and in the variables defined External_Net
as the IP of my hacker platform. I have begun attacking a PC behind the UT. So far so good.
Does what I wrote make sense? Suggestions?

07-09-2009, 01:42 AM	#1 (permalink)
madasecurity Untanglit Join Date: Jul 2009 Posts: 10	Untangle between LAN segments I am now testing Untangle, so far it is a very smart product. I couldn't figure out how to deploy Untangle between LAN segments, e.g. between the user LAN and the server farm. Is it possible? would it be fast enough?

07-09-2009, 02:03 AM	#2 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 2,173	Hi and welcome to the forum, What hardware is it runnig on and how big are the lan segments? ex 5 servers and 20 users or 100 servers and 500 users. __________________ "Of all the things I've lost, I miss my mind the most" Video Showing 7.1 Alpha: http://fakenews.se/ut/

07-09-2009, 02:38 AM	#3 (permalink)
madasecurity Untanglit Join Date: Jul 2009 Posts: 10	UT betwixt LANs cont Let's say 100 users on one side, and 5 servers (DC, DNS, SQL, Exchange) on the other. The DMZ is a seperate segment. The users are students, and I must take into account that someone from the user LAN may try to hack my servers. I have a Checkpoint firewall as a bridge at the entrance to the server LAN, and want added protection of an IPS. The UT will run on an HP Proliant ML110, quad, 4GB ram, w mirrored disk. If that is not enough, I can go to HP Proliant ML350 2 CPU, 4GB, SAS disks.

07-09-2009, 06:36 AM	#4 (permalink)
madasecurity Untanglit Join Date: Jul 2009 Posts: 10	OK, I guess that if the two segments have different address ranges, and connected by a router, then $External_Net with the default value ("any") should be interpreted as the user LAN. In other words, the UT server should be deployed in the standard manner, between the router and the server LAN. If, on the other hand, both segments are a single address range we should have a problem. The users IP's should be interpreted as internal, resuting either in the UT ignoring the users (not good), or else interpereted as spoofed addresses (also not good). In the lab I simulated the second scenario, and in the variables defined External_Net as the IP of my hacker platform. I have begun attacking a PC behind the UT. So far so good. Does what I wrote make sense? Suggestions?