Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Aliases?

  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,494

    Default

    Quote Originally Posted by xinny View Post
    pfSense-like? I've used pfSense, Fortigate, Cisco ASA, SonicWalls, Meraki, and Sophos in my career and they all have Grouping in the form of aliases or address objects. Untangle is the only Firewall I've come across that does not have this functionality.
    Yes, but pointing out policies isn't entirely wrong because they address the organization of security policies within the firewall utterly differently than every competing product.

    We just lack the ability to make our rules aim at variables for certain value types, so we can maintain a list of variables used throughout the entire system and make our rules simultaneously easier to read, as well as easier to maintain.

    There is however, one massive rub to that statement...

    I've been supporting Untangle in production networks for 12 years now. In that 12 years, I've found only 3 environments where the use of aliases would have helped. In all of the rest, they wind up accidentally reinforcing habits from other platforms that do not translate well to Untangle, which results in worse configurations...

    So I'd love to see aliases, but I also recognize they're likely to be a support nightmare given the dataset I have to work with.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Default

    Ah, thank you! TIL

    I am not an IT professional. The pfSense part came from your previous posts, sorry.
    And I wasn't paying attention to the fact that you were the O.P. on THIS thread, either.
    Again I apologize for the 'third-party' approach.

    Have you up-voted it?

    https://untanglengfirewall.featureupvote.com/suggestions/27449/aliases-and-groups

    my suggestion:
    Add a comment with specific use cases, and how the two approaches differ. That is the first time I have seen a moderator in the features/suggestions site comment, and there might be some misunderstanding. A screenshot might even be useful.
    sell it!
    Last edited by Jim.Alles; 05-21-2020 at 11:17 AM. Reason: speeling, clarity

  3. #13
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Quote Originally Posted by sky-knight View Post
    Yes, but pointing out policies isn't entirely wrong because they address the organization of security policies within the firewall utterly differently than every competing product.
    I think this and documentation is the main issue.

    I like that Untangle does things differently, but when your all of your competitors have the same feature then obviously people moving to Untangle are going to be looking for it.

    You can combat this with great documentation, which I feel is something Untangle lacks. For example, if I search for "Untangle Aliases", imagine if documentation came up that says, "Untangle Replaces Aliases with Policy Manager" and it goes on to explain ways to use Policy Manager to achieve something similar to an alias.

    pfSense does great in this arena, you can find How-To documents or YouTube videos for just about anything pfSense does, and there's no way in hell they'd have remotely the same success they do now without it. Could you imagine people trying to switch from "Toggle it on, and walk away" Web Filters and IPS to pfBlocker and Snort/Suricata without great documentation?....wouldn't happen.

    Look at my previous post on this Firewall Forum for example, I could not find any documentation that fully explained that the firewall rules used OR operators for the Source/Destination Interface conditions, this information is important when Untangle manages Firewall Rules completely different than everyone else.

    In short, I think it would be a FANTASTIC idea if Untangle had documentation that transitioned people from how Firewalls typically handle things, to how Untangle does it....with tons of examples =)
    Last edited by xinny; 05-21-2020 at 11:18 AM.

  4. #14
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Default

    100% agreed!

  5. #15
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Default

    I am on mobile right now, expect terse.
    Something to look at are _tags_, not universal, but they work in rules for hosts.

    Another thing not well documented.
    Last edited by Jim.Alles; 05-21-2020 at 02:13 PM.
    If you think I got Grumpy

  6. #16
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Lightbulb Tags as aliases

    These tags are not derived from underlying tech, like dnsmasq.
    They are not related to 802.1q VLANs.

    They are "the tags attached to the session (inherited from Hosts, Devices, and Users)"

    https://wiki.untangle.com/index.php/13.0.0_Changelog#Tags

    I think this comes as close to a group of IP addresses as you are going to get, for now. There is no listing or management, you enter them right on the Hosts, Devices, Users pages respectively. Type in a field of the Tags column (not using Edit) and don't forget to save. It is free-form, and speeling matters!

    tags in.png


    A Tag applied in a firewall rule:

    tag applied.png

    Thats it.
    Last edited by Jim.Alles; 05-21-2020 at 03:48 PM.
    Armshouse likes this.

  7. #17
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020
    Last edited by Jim.Alles; 05-21-2020 at 03:50 PM.

  8. #18
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Thanks Jim, I'll play with the Tags and see what I come up with =)
    Jim.Alles likes this.

  9. #19
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,749

    Default

    Quote Originally Posted by sky-knight View Post
    We just lack the ability to make our rules aim at variables for certain value types, so we can maintain a list of variables used throughout the entire system and make our rules simultaneously easier to read, as well as easier to maintain.
    This is true, but it's much less painful now that we also have tags. You can write the policy (rules) you want, set up a rule in policy manager to dump things with a specific tag into that policy, and then apply the tag to anything you care about. Swap out some web servers? Just tag them.
    Last edited by jcoehoorn; 05-21-2020 at 08:30 PM.
    Jim.Alles likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2