Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Lightbulb Rant about Untangle

    Hello to all,

    I just want to vent some steam about Untangle...

    >>><<<>>>DISCLAIMER-START<<<>>><<<
    1. I am not responsible for damaged Hardware / Software of any kind
    2. I do not own or am affiliated to the company / developers linked here
    3. This is not a sponsored thread and do this as part of my hobby
    4. Have fun and share your findings / experiences
    >>><<<>>>DISCLAIMER-END<<<>>><<<

    How does something work?! - Just to be plain and simple - Some Vendors not all of them 1st Have a Architectural Explanation about the appliance, Video or a help file in the Firmware.

    I got in with allot of commonsense think i could master the Untangle Firmware and have to say in one part it is very intuitive in the other ??? How does it work ????

    Example:
    Something super simple -> THE FIREWALL -> for a NG Appliance (Next Generation) what Firewall does what and how far does it block - In what direction does it block 1st or are there hidden default policy's that can not been seen?!

    I found out thru reading the Forum and WikiDocs that the Application "Firewall" is a Layer 7 and that Block Rules can be unconditional for a Default Deny Policy... This should be there in the first place anyway Not active but there to show how Rules can look like or like mentioned before a real help file.

    The Layer 3 Firewall under Config... and so on... does not protocol blocked traffic I had to resort to Software Analytics to find what Port needed to be open to what host for a application to work properly. Under the reports I could not find any indication what was causing the issue. (TCP Dump would be great - Or is there one?!)

    ---------
    The Webfilter Rule section... I could not find a Documentation about how to configure the values properly that specific Tagged devices could visit a blocked site but others do not...
    ---------

    Help???!!!
    I needed help with why I could not remote connect anymore to my Untangle device from the internet and posted a topic some time ago. Could not get any help. What the case was is that it worked once and after that not anymore... I was very disappointed coz I felt that the community is dead and that I could receive help! Maybe it is a incentive to get the 270$ License!

    -------------
    What now?

    I will change my network again to test something first - as a front line Router Mikrotik RB4011GS and behind it a Untangle in Bridged mode. Like this I can offload the Layer 3 Firewall to the Router and the rest gets handled by Untangle! <- Behind that another Bridged Router with the Dude Server Running to check bandwidth and stability.

    Sincerely
    Val.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,111

    Default

    There's a ton to unpack here. But I'm going to start with your claim you couldn't remotely manage your Untangle, posted about it, and didn't get help. I'm sure you're aware, forums keep tabs on posts. Your post count is rather small, so the list is really short. And yet, I do not see, in all the posts you've made, a request for assistance on this issue. If you buried your request inside someone else's thread, and I didn't find it... well you should take that as a lesson to never attempt to hijack someone else's thread. That behavior isn't recommended on any forum for precisely this reason.

    Also, the technical assistance of this forum is operated on a volunteer basis. No one here is under any obligation to respond to anything at all. Much less under any sort of time constraint.

    To further complicate matters you reveal you're using Untangle in bridge mode, beyond another router. Remote administration in these cases won't work without Untangle being configured to allow for remote administration (a bad idea, and off by default for a reason), as well as appropriate port forwarding rules. If you want to make things "Easy" you eliminate the Mikrotik, and you use Untangle as a router.

    Now onto your concerns about Web Filter and the Firewall module, because both of them behave similar to other products you've used, but they're wrapped in something greater you're not aware of which is why you're not finding the features you want while looking at both modules.

    When you look at the apps tab, you see a list of Apps, and below that a list of Service Apps. Service Apps can only have 1 instance of that app on any given Untangle server. Anything listed as simply an App, can have multiple instances running on any given server. Without Policy Manager however, the policy drop down in the top left corner doesn't appear, so you cannot see this. The free Untangle Platform lacks the Policy Manager. You may also see the word "rack", instead of "policy". Just be aware the two names are interchangeable, rack was the old word for this feature, policy is the new.

    Why does that matter? Well Policy Manager is the feature you need to configure policies. Policies are simply stacks of Apps configured differently to meet different objectives. You then use policy rules to select what traffic is subject to what Policy. In your case of wanting to use Tags to change how Web Filter specifically behaves for a given tagged device, you must have different instances of Web Filter configured differently in separate policies, and then create the policy rules you need to push traffic into the correct policy, under the correct circumstances. Policy Rules can be based off many things, time of day, username, tag, machine name, IP address... That feature is critical to success in the circumstances you're describing.

    Oh, and word of warning, don't get me started on the insanity of a default block rule in the Firewall, If you think this post is long... Let's just say Untangle used to be default block, and then there was that "example rule" that showed a default block, and then it was gone. And those of us that have been here awhile sung and danced in the streets because that rule being there caused so many more problems than it solved. It would have caught you too, and you'd be in here screaming about a very different set of problems that's far more difficult to solve. You cannot take the logic from other UTMs and expect Untangle to behave correctly. Nor do you WANT Untangle to behave like other UTMs. You may think you want that now, but you won't later... once you get your head around how insanely flexible policies are... you'll never use another UTM ever again, they feel like they're made out of straight jackets and razors.
    Last edited by sky-knight; 06-04-2020 at 08:02 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    There's a ton to unpack here. But I'm going to start with your claim you couldn't remotely manage your Untangle, posted about it, and didn't get help. I'm sure you're aware, forums keep tabs on posts. Your post count is rather small, so the list is really short. And yet, I do not see, in all the posts you've made, a request for assistance on this issue. If you buried your request inside someone else's thread, and I didn't find it... well you should take that as a lesson to never attempt to hijack someone else's thread. That behavior isn't recommended on any forum for precisely this reason.
    @sky-knight if you want to here is my post nobody reacted to it, or wanted more information - Here you go -> https://forums.untangle.com/intrusio...nd-center.html

    Also, the technical assistance of this forum is operated on a volunteer basis. No one here is under any obligation to respond to anything at all. Much less under any sort of time constraint.
    I know that is why I mentioned that I needed to buy a 270$ License to get assistance in the first place...

    To further complicate matters you reveal you're using Untangle in bridge mode, beyond another router. Remote administration in these cases won't work without Untangle being configured to allow for remote administration (a bad idea, and off by default for a reason), as well as appropriate port forwarding rules. If you want to make things "Easy" you eliminate the Mikrotik, and you use Untangle as a router.
    I do not at the moment and that this is a my feature approach - plz read the topic again... -.-

    I will not further comment to you @sky-knight since it clearly shows me that there is no interest on helping a fellow IT-Guy - I do not need to get bullied in such manner I do not deserve this. Since I clearly stated my situation as Feedback in this forum..
    [Edit]

    Ok ill take it back I was blind with rage that you tried to help in a different way but the Policy Manager is not the solution here.



    Sincerely
    Val.

    P.S. Policy Manager is known and documented but I did not even go that way - I use the Policy manager to separate the instance of my Work Notebook and Private IoT / PC Stuff... But to be fair I do not need a policy for every pc I run in my network
    Last edited by Valvaris; 06-04-2020 at 08:22 AM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,111

    Default

    I'm not bullying you at all, just pointing out how this product is designed to work. It is HUGE, and it is different than everything else you've ever worked with. The documentation is there... but if you've been in this industry any real length of time you'll know for yourself how deficient all documentation is. I'm personally not convinced that documentation can ever be "good". It's always way too much or way too little, or just flat incorrect.

    I apologize if my post came off as hostile, it most certainly isn't intended that way. If you dig back into my posts from the dark old days a bit... you'll find clear examples of Rob hostility. Trust me, it isn't pretty. These days I simply don't respond, it's easier on everyone. I'd like to think I've learned a few things in the last decade or so.

    Now, given the context of your previous post that I flat missed in your history. Which was on me, I'm half blind on the best of days so sorry about that. It seems to me that you've already found and fixed your issue. Intrusion Prevention is a... tough module to master. I don't generally recommend its use, and yes it does interfere with the Command Console, it also interferes with Unifi and Datto's consoles that perform similar cloud login functionality. Tuning the module to fix that can be... difficult, and the specifics of it are unique to install which only makes that process even more murky. Command Console access is also relatively new, and separate from "remote administration". I recommend getting OpenVPN working so you can VPN to the device, and use normal administration from there. It'll give you the management surface you need to beat Intrusion Prevention into submission. It's also a handy emergency access point, you'll need that too if you plan to use the product in production.

    But, you'll note that Untangle gives itself no preferential treatment to avoid these circumstances, that's not a bug, it's a feature! And one of the design ideologies that drew me to Untangle to begin with. Untangle doesn't trust itself, which is critical in a security platform.
    Last edited by sky-knight; 06-04-2020 at 08:27 AM.
    f1assistance and Valvaris like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    Quote Originally Posted by sky-knight View Post
    I'm not bullying you at all, just pointing out how this product is designed to work. It is HUGE, and it is different than everything else you've ever worked with. The documentation is there... but if you've been in this industry any real length of time you'll know for yourself how deficient all documentation is. I'm personally not convinced that documentation can ever be "good". It's always way too much or way too little, or just flat incorrect.
    100% True I needed to confirm that!!! There are some Docs. out there that point to a total different function or it does not exist anymore...

    Best regards
    Val.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,111

    Default

    Quote Originally Posted by Valvaris View Post
    100% True I needed to confirm that!!! There are some Docs. out there that point to a total different function or it does not exist anymore...

    Best regards
    Val.
    No functionality has been removed, but the names on some of them have changed. The one that catches me frequently is Policies, they used to be called Racks. My install still has a UI reference to a "Default Rack", which is the thing all the apps are installed into by default. But it should be a "Default Policy" these days, and perhaps it is... my installs are all older and such labels don't just change on upgrade. Nor should they, such could break things.
    Valvaris and f1assistance like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    Valvaris likes this.

  8. #8
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default

    resist we much self sensor, shhh... my tongue bleeds, hard-bitten!
    Valvaris and Jim.Alles like this.
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  9. #9
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    This is not to make Untangle feel bad or such - It should be feedback to make Untangle better - Feedback should be brought in if positive or negative.

    Like mentioned above I would like to test out a little more with my Untangle since even with all the Rant from my part - I would love to see it succeed

    Sincerely
    Val.
    f1assistance likes this.

  10. #10
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,059

    Default

    Quote Originally Posted by Valvaris View Post
    ...even with all the Rant from my part - I would love to see it succeed

    Sincerely
    Val.
    <perspective>One of the valuable ways to help make an Untangle rant productive is to remember that Untangle isn't an "it" but a who. Untangle is people. Without them, there is no it. We can disagree with them, but expressing that disagreement as a conversation has advantages.

    My biggest frustration is when there's a one-sided conversation or a community rut; I have other things I can do. I'm appreciating the uptick in staff engagement.

    Sincerely,
    Sam</perspective>
    csherman likes this.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2