Page 5 of 13 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 128
  1. #41
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,786

    Default

    Quote Originally Posted by donhwyo View Post
    If you want the update now you can get it.
    "If you like your update, you can keep your update."
    donhwyo likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  2. #42
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    Quote Originally Posted by donhwyo View Post
    If you want the update now you can get it. Backup your current settings. Download the iso and install. Restore your settings. Done! For bonus points get another hard drive so you can fall back easily.

    Just because you know your are paranoid doesn't mean they are not after you.
    Hello @denhwyo,

    I did not know if it was refered to my statement about "Sophos" if so I would like to clarify:

    Sophos XG was breached! -> Article: https://community.sophos.com/kb/en-us/135412

    I asked if something like this should ever happen to "Untangle" how would this be handled!

    Sophos has two ways to distribute the Updates / Upgrades:
    Hotfix - Autoupdate - Fixes things without changing the Firmware Version
    Firmware / Software - Admin Upgrade - True Firmware Upgrade Build Change

    I know that this Upgrade has nothing to do about a breach - but with a upgrade policy it self.

    What happens just in case?

    Thanks for reading
    Val.
    f1assistance likes this.

  3. #43
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    Quote Originally Posted by Valvaris View Post
    Sophos has two ways to distribute the Updates / Upgrades:
    Hotfix - Autoupdate - Fixes things without changing the Firmware Version
    Firmware / Software - Admin Upgrade - True Firmware Upgrade Build Change
    What happens just in case?
    Hi.
    The developers are not active here.
    I am speaking as a volunteer.
    Untagle NGFW is distributed as software. It is not firmware.
    The upgrade process is always the same. We might not see alpha/beta versions for minor fixes.

    But the process is what it is. And it very rarely compares with any other product in that respect.
    If there is an update that will be available, it will be announced.
    And upgrades commence by some algorithm. It takes time.
    There are two other methods, and others have mentioned them.
    Thats it. That's how it works.

    So, no worries. Untangle will take care of it.
    Valvaris likes this.

  4. #44
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    Quote Originally Posted by Valvaris View Post
    Hello @denhwyo,

    I did not know if it was refered to my statement about "Sophos" if so I would like to clarify:

    Sophos XG was breached! -> Article: https://community.sophos.com/kb/en-us/135412

    I asked if something like this should ever happen to "Untangle" how would this be handled!

    Sophos has two ways to distribute the Updates / Upgrades:
    Hotfix - Autoupdate - Fixes things without changing the Firmware Version
    Firmware / Software - Admin Upgrade - True Firmware Upgrade Build Change

    I know that this Upgrade has nothing to do about a breach - but with a upgrade policy it self.

    What happens just in case?

    Thanks for reading
    Val.
    I'm a volunteer here as well... but your question digs at one of the primary reasons why as an MSP owner / operator I use Untangle as my UTM of choice.

    When you buy a Sophos, you get a Sophos... A Meraki, a Meraki... a Sonicwall, a... Sonicwall.

    I know it seems like I'm repeating myself but consider each of those devices and associated product lines. Each one is produced by an entity attempting to create a vertical monopoly. That is, they produce custom software, they convert into firmware, which is flashed into as cheaply manufactured but also highly proprietary hardware.

    All of the above should be able to run each other's firmware... but due to artificial blocks created in the firmware published... they cannot.

    Untangle does NONE of this.

    Untangle sells an appliance that's just a small form PC in a box. Untangle uses the same hardware as above for SD-WAN, as separate product, but yet is based on OpenWRT and therefore also has an entire ecosystem of platforms available to operate the product. So even when you purchase this product, you can switch OFF Untangle on the platform and use it for something else.

    So under no circumstances, do we wind up in a place where Untangle branded hardware is "useless", because it can always be installed with something else.

    For Untangle NG Firewall the operating system, it's based on Debian Linux. And as such, it's UPDATED like Debian.

    Which translates directly into every evening, around 2am Untangle phones home to Untangle's APT repositories, to run the Debian equivalent of a Windows Update.

    So think of all the critical services on Untangle, Apache for web services, all the SSL libraries, all those little bits and pieces that make the platform possible. All of it, with the notable exception of the relatively few Untangle branded components get security updates from upstream from Debian itself, and those updates are slipped into our installations automatically once the back porting process completes.

    The firmware guys? They update their crap when they get sued. There was a busybox issue a few years back that existed in most firmware platforms for A DECADE. Untangle? It had the same problem sure, but it was fixed as soon as Debian fixed it. By the time the news caught wind of the busybox problem, Untangle had been patched for almost a decade. Because busybox on Debian got patched that long ago... that didn't save Ubiquity... or Netgear... or any of the other vendors that didn't bother to build a firmware out of software made anytime sooner than ten years ago. And NONE of this gear has an update mechanism that isn't manual, so I'm still patching this off my networks... and I will be so until the DAY I DIE. This is the basic risk of what's called IoT... which is an entire conversation all on its own.

    As for the Sophos issues that just cropped up, that was a SQL injection vulnerability in a portion of Sophos XG's web UI. A SQL INJECTION ISSUE! IN 2020!?!? How bad is that? Well... we're talking about a company producing a network security device that failed to meet a basic coding practice that was JOKED ABOUT by XKCD on 2007-10-10: https://imgs.xkcd.com/comics/exploits_of_a_mom.png

    Let that sink in... I graduated college in 2002, I took CLASSES that talked about SQL injection, and proper methodologies to avoid them in UI coding. THAT is how old this is... and a vendor that makes SECURITY SOFTWARE failed to perform these things in... 2020...

    If that doesn't sent you screaming away from any closed source, highly proprietary solution nothing will.

    Untangle isn't perfect, but it's built on an ecosystem supported by many vendors that each work to perfect their portion of the product we use. And as such, it's CONSTANTLY updating itself, every... single... day... And that software updating process is mission critical for any security product to do its job, to even be considered secure. Sophos just did us all a huge favor and showed us all in April why their entire model shouldn't be trusted. It's really too bad more of the market didn't bother to listen.

    And those bits of Untangle produced by Untangle themselves? Yeah... they're open source too, so everyone here on these forums can go read the code and learn, and help fix, or whatever if they want to. Untangle cannot hide bad code from us. That doesn't mean bad code doesn't happen, but it does mean they can't hide it from us. That's huge, and it puts pressure on Untangle to ensure their code isn't bad. Because it's a public embarrassment all the way around. They can't just patch it and run away with your money while giggling, like Sophos just did.
    Last edited by sky-knight; 05-23-2020 at 07:01 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #45
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    Hello @sky-knight,

    Out of that reason I left the Sohps XG Community.

    I am on the hunt for alternatives in the SMB / EDU / Non-Profit market and want to validate how Untangle does things. I am new here and all the Information until now shows me that ppl do care.

    What did I use on the Sophos line itself:
    - Open Hardware and Sophos XG Home (Private-Use) "With Ent. features" claimed by Sophos
    Commercialy
    - Sophos UTM (SG) and Sophos XG both Proprietary HW
    - Sophos APs
    - Sophos Endpoint (Intercept X Adv.)

    Like you mentioned: "Sophos Sophos Sophos - Meraki Meraki Meraki" - and so on... XD

    I want to go away from it and rebuild a concept based on trust and reliable security.
    Right now Untagle does a very good job and I am on the lookout to learn more... Training videos - courses to gain more knowlage efficiently about this product.

    Many thanks
    Val.

  6. #46
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    My current ideal network, is two Untangle's in VRRP configuration at the head of a complete Unifi stack of switches and WAPs.

    The Command Center, and Unifi Cloud Console combined work to create a level of visibility that's unmatched in the industry, while providing a 2nd vendor check on many things as well.

    As for getting up to speed with Untangle, that's one of Untangle's soft spots. There is the wiki, and there's a few videos out there but nothing that's really what I'd call training material ready.

    I've often thought about publishing such material myself, but it just seems to forever be on the back burner.

    But, if you want to dive in regardless of quality of content, the place to start watching is all the Webinars Untangle has done over the years: https://www.untangle.com/webinars/
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #47
    Newbie
    Join Date
    May 2020
    Location
    All around the world
    Posts
    4

    Default

    Has anyone notice Root (WAN) DNS Leaking after upgrading to 15.1?

    I have a DNS server that has external up stream servers for resolutions, before the upgrade to 15.1 leak test would report these external up stream servers (what I want to be reported), after going to 15.1 leak test now report the DNS for my WAN interface and not the up streams. Now, if I disable SSL Inspection this seems to clear up the issue and once more the up streams are reported.

    The simple answers would be to replace the WAN DNS with the up streams, but these are filtering DNS servers and that interferes with Untangles reputation filters (SPAM and AD blocker). I’m unable to find where the issue might be as to why there is this change in behavior.

    Any thoughts??

  8. #48
    Newbie
    Join Date
    May 2020
    Posts
    1

    Default

    Any update on when DHCPV6-PD will be available?

  9. #49
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,098

    Default

    Quote Originally Posted by supawiz6991 View Post
    Any update on when DHCPV6-PD will be available?
    Targeted for version 16.1
    Jim.Alles and Valvaris like this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #50
    Untangler
    Join Date
    Mar 2020
    Posts
    49

    Default

    Certainly interesting points re Sophos XG. I use Sophos XG and Untangle and I like both atm.

Page 5 of 13 FirstFirst ... 34567 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2