Page 10 of 10 FirstFirst ... 8910
Results 91 to 99 of 99
  1. #91
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,242

    Default

    Quote Originally Posted by Stamp View Post
    Wow, I noticed this only now XD

    Happy that my old license won't be affected, losing the branding manager would've actually made the installation look less home... considering it's Destiny themed!

    All in all I believe that the changes are fair as I do not _need_ the branding manager, it's just cool and I don't care HOW the AV works as long as it does. If I had to get a license now, the new home pro would still be a wonderful deal.

    Slightly unrelated, how is the whole SSL inspector "not worth it"? That and bandwidth manager are the biggest pull in favor of a paid license instead of the free one
    The most valuable module in that deal is Web Filter, Web Filter does a pretty darned good job without SSL inspector. SSL inspector is just work, buckets of it. But if you like tinkering... go for it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #92
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    712

    Default

    Buckets of work is right. I had 30+ apps I had to whitelist/bypass in SSL Inspector at my house before I gave up. It seemed like all I was ever doing is figuring out why some mobile app wasn't working for my kids... Over and over - they try new apps like it is their job.

    Even at work, we are seeing many enterprise apps that are hard coding certs now too. I review multiple a month at the Fortune ## company I work at...
    Last edited by JasonJoel; 02-14-2018 at 07:04 AM.

  3. #93
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    I jumped on the home license bandwagon as soon as they launched it, and so far all the "work" I had to do was deciding if I wanted the official Twitter app to work (caved in, even if I wouldn't wish that specific app on my worst enemy) and add a few options to the desktop version of Google Drive. https://i.imgur.com/ClhMjZY.png that's my phone btw.

  4. #94
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    I haven't had a to do a lot of work either. I think I had to accommodate Twitter and Facebook apps, and I don't use Google services much outside YouTube on the Web. I don't use SSL inspection on the guest network, so I do cheat a little. And I don't have professional app testers at home, either.

  5. #95
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    712

    Default

    You guys don't use the same mobile apps my kids do then.. Lol. I have a big ole list of apps that use hard coded certs...

  6. #96
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,242

    Default

    Quote Originally Posted by JasonJoel View Post
    You guys don't use the same mobile apps my kids do then.. Lol. I have a big ole list of apps that use hard coded certs...
    Something that's becoming more normal than less over time... which makes SSL inspection impossible.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #97
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    Can I ask for an example of such apps? Twitter is most surely just being a dick because with proper analysis they lose the ads, but for example Prime Video is always on the bleeding edge of "keeping content safe" with vpn checks, no audio, video or subtitles recordable, region locks... but no certificate whining.

    Still, if the future looks that much grim I'll have to set up a proxy to butcher with extreme prejudice all ads before things go through Untangle. I did use a configuration of Dans Guardian before Untangle, but that was annoying because I also needed to vpn in to get everything forcefully through it.

  8. #98
    Untangler
    Join Date
    Feb 2017
    Posts
    56

    Default

    I happen to know a bit about SSL inspection and Antivirus, allow me to weigh in.

    1) SSL Inspection will murder you. A SIGNIFICANT portion of mobile apps use hard coded certs. Popular apps, like Signal will simply fail to work. You'll be playing endless whack-a-mole to get this to function right. We deploy mostly Fortinet devices (about 20,000) where I work. If we turned on deep inspection of SSL we'd pretty much shut down almost everything. Sadly, this is the reality but realize that it's there because of why SSL is there in the first place!

    2) AV's are basically useless on the gateway in 2018 unless you have a mail server/incoming mail.. Prior to this we saw fairly good use with them as malware constantly traversed Port 80, which was fine and easy to spot. Now, even the most basic malware author uses 443. Remember, MOST people use Webmail these days, the AV won't do anything there for the most part. I've seen exactly 4 pieces of malware stopped in the last 12 months on my busy home network that wasn't over 443 and hence was stopped. This was a bit coin miner inbound to my Kodi. Every other inbound malware was 443 and bypassed my security with absolute ease. (Fortinet on Gateway, Untangle Transparent)

    In close, AV is largely useless on most networks except for mail scanning and the rare Port 80 served malware/malvertising. You'll be lucky to see anything stopped over a year by it. This is something the big boys like Fortinet won't tell you in all of their marketing papers.

    3) ZVelo is VERY GOOD. I've seen their backend, their customer portal and some internal stuff. They do source from a lot of different areas. But keep in mind they can sometimes be false positive prone but Zvelo will deal with it fast if you open a ticket or email them. Your best defense from threats on Untangle is the Web Inspection IMO. In fact, I feel this is the single best aspect of Untangle. Your $50 a year is well spent on this alone.

    So with all of the fancy marketing.. Talking about Sandboxing, APT detection technologies, Antivirus, etc. I feel Web Inspection and IPS are where the real protection is at this point. I rarely see any impressive activity outside of those two, and that includes on 20K+ Fortinet devices we've deployed. Even the IPS isn't getting lit up nearly as much now as it used to but when it does, it's usually something impressive.

    My 2c. Don't fret about the Untangle AV, you probably didn't need it anyway.
    Last edited by JamesHenderson; 02-21-2018 at 09:13 AM.

  9. #99
    Untangler
    Join Date
    Feb 2017
    Posts
    56

    Default

    To satiate any AV worries..

    He's a Fortinet log from 3 months at a Fortune 1000 transnational corporation with 920 endpoints.. Some guy brought his personal laptop in, reached out to his POP3 account and downloaded an XLS file that was a trojan..

    While I won't say AV's on gateway are useless, if you aren't serving a RCA and scanning that encrypted traffic it's not going to help you much (if at all). To be honest, we rarely even check the AV category on Fortinet anymore. It's all Web Filtration, Application Control and IPS. (with a strong emphasis on WF and AppC)

    troj.png

Page 10 of 10 FirstFirst ... 8910

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2