Untangle Newb questions

[emets31]

First, I'd like to say thanks in advance for any help you can provide. It is most appreciated!

I have finally gotten around to finishing my Untangle box, and I am ready to get started with it. I have it installed and running, so I know the hardware is working. There are 3 ethernet ports that I have configured like this:

Port 1 - Mb external port
Port 2 - Gb DMZ port
Port 3 - Gb internal port

My questions are hopefully something that a newb to Untangle, and networking in general, like me can understand and implement. Basically, I was wondering what my best option would be - bridge mode or router mode? I want the security of the firewall, so does bridge mode eliminate that feature? Some of the great people on this Forum have already clued me in as far as turning of DHCP on my router and using my Untangle as the DHCP router, but I am afraid I may run into issues if I have it set up as my router. My next questions is about the DMZ. Would I be correct in assuming I can place network devices in this zone to prevent any firewall issues from affecting performance? I have my TV, Roku XS, blu-ray player and PS3 all networked (wired), so should I place all of them in the DMZ so as to prevent any issues? Or did I interpret the functionality of the DMZ? What I want to have protected by the firewall are my workstation (Windows 7), family PC (Ubuntu based Linux), Boxee PC (still building) and the various wireless devices (Wii, 2 laptops (1 Windows 7 and 1 Ubuntu based Linux), 3 tablets, a 3DS and DSi XL, phones, etc.) that all connect to my wireless network. Is router mode my best option, with the aforementioned DMZ connections?

Again, thanks in advance

[emets31]

Anyone?

[dmorris]

Hi,

I'd start here:
http://wiki.untangle.com/index.php/U...o_your_Network

DMZ is just another interface. You can use it either a bridge or router configuration. The performance isnt any different. You can use firewall in either bridge or router mode, however I doubt you will need it in either:
http://wiki.untangle.com/index.php/F...#Firewall_FAQs

welcome to the forums.

[emets31]

Thank you, dmorris, for your help and the welcome

I read through your links, but I am still a bit confused. So if the Untangle firewall will work in bridge mode, it performs the same functions as it would in router mode, except for NAT and assigning IP addresses?

Also, so the Untangle DMZ isn't a true DMZ, just another connection interface? I thought that it would beneficial for my connections that don't need extra protection, like my consoles and the other items I listed from my network. Is this not the case?

Lastly, this is more a hardware question, but it has to do with the network, so I figured it is relevant. In my box, I have one Mb ethernet port and two Gb ethernet ports. I was going to use the Mb port as the External port, one of the Gb ports as the Internal port, and the second Gb port as the DMZ port. Is this a wise decision? Or, would I be better off not using the DMZ at all and just use the two Gb ports as Internal and External? Or, should I drop more cash and get a third Gb card to have Gb connections throughout?

Thanks in advance!

[dmorris]

NAT and network configuration has nothing to do with firewall in Untangle. Firewall is just an application that can be used to block or allow TCP and UDP sessions based on your rules and nothing more. My point was that since you are running NAT its likely not going to provide any additional usefulness to unless you want to limit outbound traffic.

My point was that DMZ can be configured however you like. You can setup a different policy if you like using Policy Manager, however that is not the default.

Using the non-gigabit card on external makes sense to me, since you'll likely be limited upstream anyway.

[emets31]

Ahh, ok. I understand, now. Based on your suggestion, I think I will use my Untangle box in bridge mode, and let my router handle the IPs.

I am going to have to read up on the Untangle DMZ, because I am still unsure whether I should use it or not. I would like to use it and have it configured so that it won't interfere at all with online gaming and movie streaming, with the idea that the other port would be more secure.

And thanks for the info on the card situation. I see what you mean.

Thanks for your continued attention, dmorris. I really appreciate it!

[keith_h]

I'd use the untangle box as as a router and get rid of the existing device. You don't need a second router at all.

I presume you have something like this in mind:

modem <> untangle <> switch <> lan devices

on my network the interface speeds look like this:

30Mbps <> 100Mbps (1Gbps port) <> 1Gbps <> 1Gbps which is why the speed of the external/WAN interface is not so critical as the inside/LAN interface.

DMZ is just another interface, you shouldn't need it for a small network. From what your saying, I'm going to ask do you have a LAN switch? Only because I'm not clear on the need for multiple DMZ ports or another router.

The firewall won't affect lan devices either so no need to worry about that.

[emets31]

Thanks for the info, keith!

The reason for me keeping the router is because it is for my wireless devices. So my options I had in mind were like this:

modem <> untangle <> switch <> lan devices behind FW
\> DMZ \> wireless router <> wi-fi network
or

modem <> wireless router <> untangle in bridge mode <> switch <> lan behind FW
\> wi-fi network \> DMZ

My intentions for the DMZ would be to keep my Untangle unit transparent for devices such as my Game Consoles and Roku, so as to prevent interference from the firewall.

Sorry, but I am a bit confused by your last statement, though. The FW will not affect LAN devices? Do you mean the Untangle FW? Based on dmorris' suggestions and other info that I have been reading, I was going to continue to use my router for DHCP and NAT functions to keep me behind that FW and use Untangle in bridge mode. Do you suggest something else?

[keith_h]

I'd use the untangle box for DHCP and routing and use your existing wireless router as an additional wireless access point if required.

modem <> untangle box <> switch <> LAN (wired/wireless)

That's how mine is setup and it work just fine although I've got dedicated N wireless access points. Disable the DHCP on your router and you should be OK to use it as a WAP.

I'm a competitive fps gamer and I'm having no issues with steam for example. Take a look at the QoS settings and you'll find you can set priority for gaming.

Config/Network/Advanced/QoS/QoS rules.

Regarding the firewall, as mentioned and stated simply it doesn't actually do anything unless you create a rule. I think what dmorris was saying is that the untangle box won't provide any additional functionality over your existing router from a NAT perspective but my view is just get rid of the existing device and let the untangle box do it all. Its just cleaner that way.

[emets31]

Thanks for explaining, keith

I will definitely consider this info when I try and set everything up this weekend. So, if I were to use my Untangle unit as my router, would it be too complicated if I were to use the one interface as my DMZ type interface with a Gb switch connected to all of my home theater type components, and the other internal interface connected to another Gb switch that would connect to my PCs and the wireless router acting as an AP? Since I am new to all of this, I am concerned that by plugging the Untangle server into the mix in router mode, I am making it too complicated and I am going to run into problems.