Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28
  1. #21
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,058

    Default

    Quote Originally Posted by dmorris View Post
    I think many companies will start to do this for most user machines.
    only port 80 & 443 outbound. (dns must be resolved internally)

    sure it breaks tons of stuff, but its easier for IT to deal with.
    the problem is of course things that always use port 80 anyway, but I don't think utorrent is one of those although certainly many P2P protocols do.
    Thats what I did. I then waited for the complaints to come in and I decided whether or not they should be allowed at that time.

    Lannie

  2. #22
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    Same here, first thing i do with an untangle box is make a block all rule and log it.

    then i open items i know are needed and go from there for anything else, it does make life so much easier instead of trying to chase down ports to close cause something got through.

  3. #23
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    I do a default block and then a * allow + log. This will allow everything but log everything. Then a create another rule that mutes logging for common and acceptable ports. This way I don't have log spam. From there, you can see whats going on and deal with problem machines/users. It works very well and is one of my favorite capabilities of Untangle.

  4. #24
    Untangler
    Join Date
    Jan 2010
    Posts
    94

    Thumbs up

    Quote Originally Posted by far182 View Post
    I do a default block and then a * allow + log. This will allow everything but log everything. Then a create another rule that mutes logging for common and acceptable ports. This way I don't have log spam. From there, you can see whats going on and deal with problem machines/users. It works very well and is one of my favorite capabilities of Untangle.
    Interesting information right there.

  5. #25
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Talking

    Quote Originally Posted by ivanradisson View Post
    Interesting information right there.
    Yep. This ONE feature makes Untangle one of the most advanced solutions available in my opinion. The visability is amazing.
    Last edited by far182; 01-28-2010 at 03:51 PM.

  6. #26
    Master Untangler
    Join Date
    May 2009
    Posts
    152

    Default

    Quote Originally Posted by dmorris View Post
    I think many companies will start to do this for most user machines.
    only port 80 & 443 outbound. (dns must be resolved internally)

    sure it breaks tons of stuff, but its easier for IT to deal with.
    the problem is of course things that always use port 80 anyway, but I don't think utorrent is one of those although certainly many P2P protocols do.
    That's what my work does. PITA for a developer like me.

    Note: I don't condone torrenting or other p2p stuff at work.

  7. #27
    Master Untangler
    Join Date
    May 2009
    Posts
    152

    Default

    Quote Originally Posted by sky-knight View Post
    And don't forget that most application's don't have correct documentation for the actual ports used, or the direction of said use. So you end up spending time just figuring out what rules you're supposed to have.
    Yeah, that's really annoying. Especially the games. They all say they don't support anything other than your computer directly connected to the internet.

  8. #28
    Master Untangler
    Join Date
    May 2009
    Posts
    152

    Default

    Quote Originally Posted by tcsmith314 View Post
    Anyone know how to run DHCP for two interfaces - without bridging?
    If you turn on the advanced network options, the packet filter has an option to allow dhcp on dmz. There's information about being able to provide settings through a field, but I'm not sure which thread I read it in.

    What about routing controls between two interfaces? I asumme that you can bridge somehow?
    In the regular view it default to bridging the other interfaces to either external or internal. In the advanced view you have to click on the interface name.

    sigh... I love the untangle concept... but there are a few basic things that can't seem to be done, or aren't intuitive. I spent a day rearranging my network and configuring Untangle. If it could some of the things above, I'd buy it at twice the price. Without some of these things, I'll have to rip it out, and call that day I spent on this a part of my life I'll never get back, lol
    Same here. I've decided that I'm gonna use pfSense for my firewall needs since it's more flexible than Untangle and keep the Untangle box around to do UTM on my wired network.

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2