Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Apr 2016
    Posts
    1

    Default What jobs/tasks is untangle the best at?

    For example non OS:

    A hammer is the best to get in a nail. Could use a screw driver, but that is not the best tool for the job/task.

    Comparing untangle to other distros in the same category (not for example against pfSense - one of many distros designed for connection sharing), what jobs/task is it the best at?

    Thank you

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,263

    Default

    You can't compare Untangle to PFSense, if you try you're just illustrating your ignorance.

    Layer 2/3 devices with layer 7 features being matched up with layer 7 devices with layer 2/3 features? That's all apples and oranges. Though, I suppose that's part of the point... but they really are intended for two very different jobs.

    Please don't interpret this the wrong way, it's just that these are two really really different things!

    You would use PFSense when you need a traditional router, and have that router handle some advanced filtering as a side job. The primary purpose would be to act as a border guard, with VPN termination, but the AV filtration, Content Control, and those sorts of things while they work are no where near as powerful, or as efficient. That's just not where the product's strengths lie. This holds true for just about all of the router projects that have existed forever, think monowall, ipcop, smoothwall, etc.

    Untangle is a layer 7 filter, which means it focuses on all those toys like Content Control, Spam Blocking, etc. These features are the primary focus, so they work really well. Untangle specifically is aimed at ease of use, so nontechnical people have good success managing it. However, this ease comes at a reduction of complexity that can negatively impact its ability to do some of the more advanced things on layer 2 (bridging) and layer 3 (routing) that the aforementioned products can. Untangle cannot operate as a truly transparent bridge for example, PFSense can! However, Untangle's virtual pipeline means all the rack modules run concurrently, PFSense has to run them sequentially... the performance gap here is quite stark!

    In my experience, the SMB doesn't need PFSense. However, the SMB almost always needs something like Untangle, to provide the strength of defenses needed, while being easy enough for the office manager to take care of it when the IT guy is unavailable. Which is why, as a re-seller, I use it everywhere.

    *Edit*

    Sorry for the short post before, phone rang and I thought I left it here incomplete... ooops... and without those last three paragraphs, things sound like I'm yelling at you. I most certainly am not! This is a huge question, and one that needs spoken of at every opportunity. Oh, and full disclosure, I sell hardware that supports both Untangle and PFSense! I love both, for different jobs.
    Last edited by sky-knight; 04-18-2016 at 01:38 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Relax sky-knight.....
    Perhaps he doesn't know anything about Untangle and thats indeed why he is asking.

    Untangle is more focused on control and visibility of what happens on your network and security than traditional router/firewall solution.
    Its also designed to be very easy to use for the less technical user.

    PFsense is great, and if all you just need a connection to the internet it may be the best option.
    If you are looking for web filtering, application control, virus blocking, spam filtering, bandwidth control, and that kinda stuff, Untangle may be a better option.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    712

    Default

    Quote Originally Posted by dmorris View Post
    Relax sky-knight.....
    Perhaps he doesn't know anything about Untangle and thats indeed why he is asking.

    Untangle is more focused on control and visibility of what happens on your network and security than traditional router/firewall solution.
    Its also designed to be very easy to use for the less technical user.

    PFsense is great, and if all you just need a connection to the internet it may be the best option.
    If you are looking for web filtering, application control, virus blocking, spam filtering, bandwidth control, and that kinda stuff, Untangle may be a better option.
    It, of course, isn't quite that black and white. pfSense can do many (arguably MOST) of the things Untangle can do via various add-ons. It has some application layer filtering via Snort, it has web analytics through squidguard, has captive portal, ad blocking and country blocking via pfBlocker, etc.

    HOWEVER, both of the above posts are correct in that Untangle's main strength are its ease of use. In addition I would add that another couple of strengths for Untangle are its hardware compatibility, and reporting platform. Reporting / figuring out where your traffic is going in pfSense stinks. None of the available packages do a great job, pushing you to a 3rd party solution like nfsen.

    Both products can be a good enough firewall. Both can do some basic routing (pfSense may have the advantage if you have a complicated setup), both support VLANs, etc.

    One definite PRO for pfSense is that it has UPNP, which is required for many home uses.

    Jason
    Last edited by JasonJoel; 04-21-2016 at 01:56 PM.

  5. #5
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    427

    Default

    UPnP should always include 3 warning screens with the scenes from terror movies before you can enable it.
    Jim.Alles likes this.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,263

    Default

    I can take uPnP or leave it, I never use it here. I've got customers that should need it... but don't. Not everyone cares they can't host a game.

    Honestly, I'd rather get the world to just use IPv6 so we can stop with all these NAT shenanigans.
    Last edited by sky-knight; 04-21-2016 at 09:30 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    712

    Default

    Quote Originally Posted by TirsoJRP View Post
    UPnP should always include 3 warning screens with the scenes from terror movies before you can enable it.
    It isn't as bad as all that... BUT it should have warnings, and should be only allowed from specific devices/IPs and not anything on the network as well as monitored and use reported periodically.

    In households with multiple gaming consoles being used at the same time, you HAVE to have uPNP to make things work. Not optional in some cases.

    I agree uPNP has no place in most business environments though.

    Jason
    Last edited by JasonJoel; 04-22-2016 at 05:23 AM.

  8. #8
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    712

    Default

    Quote Originally Posted by sky-knight View Post
    I can take uPnP or leave it, I never use it here. I've got customers that should need it... but don't. Not everyone cares they can't host a game.

    Honestly, I'd rather get the world to just use IPv6 so we can stop with all these NAT shenanigans.
    IPv6 is a bitch though, depending on how you do addressing you may need to dynamically adjust firewall rules as client addresses float if your ISP/external connection changes your prefix (which has happened to me 5 times...). It isn't impossible, but managing the rules is very difficult in some cases because of the address float issue.
    Last edited by JasonJoel; 04-22-2016 at 05:24 AM.

  9. #9
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,798

    Default

    I'd love if Untangle could act as a kind of "UPnP Broker". Students would have to ask for a specific device to have UPnP allowed. I'd verify the device is a PS4, XB360, or XB1, and then set a rule somewhere that allows that device to make UPnP forward requests to that device only, with certain ports excluded. So it's mostly off, but for a certain class of user/device I can turn it in a limited way that's unlikely to result in abuse.

    I wonder if I could do this now via packetfilter rules or similar... enable UPnP generally in Untangle, but then set packetfilter rules that prevent most devices from using it properly.
    Last edited by jcoehoorn; 04-22-2016 at 07:44 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,263

    Default

    Quote Originally Posted by JasonJoel View Post
    IPv6 is a bitch though, depending on how you do addressing you may need to dynamically adjust firewall rules as client addresses float if your ISP/external connection changes your prefix (which has happened to me 5 times...). It isn't impossible, but managing the rules is very difficult in some cases because of the address float issue.
    I would expect that prefix float to go away once things settle down.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2