Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Aliases?

  1. #1
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default Aliases?

    Are their any plans for Aliases? I'm very strict with my networks, which has never been that much overhead until I tried to replicate it in my lab with Untangle and realized I don't have Aliases to work with. Huge bummer.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,754

    Default

    What do you mean by aliases?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Aliases create a 1 to Many relationship for IP Addresses, Ports, URLs, FQDNs...etc.

    For example, I could create an Alias (like "File Servers") for (10) IP Addresses and instead of typing those (10) IPs every time I need to use them in a firewall rule, I could simply use the Alias name "File Servers".

    Also, if those IP Addresses change, instead of updating each firewall rule where they're used I would only need to update the (1) Alias.

    Imagine if you wanted to create a firewall rule for each Office 365 IP Address and repeating that multiple times, or I could add them to an Alias (1) time and then use that alias multiple times for my rules.

    Then imagine if Microsoft changed their IP Addresses, all I would have to change is the alias. So much easier to manage.

    Edit: Also, it would be amazing if the Aliases integrated into the command center and I could change them from their and then apply it to multiple appliances. That would be awesome.
    Last edited by xinny; 05-20-2020 at 06:29 PM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,494

    Default

    He wants the ability to define variables for various things, and then reference those variables in rules.

    So you can have 2 firewall rules, and a port forward using a destination address of "web server", and a varible list that contains the name webserver mapping to an IP address.

    So in the future if said web server's IP address changes, he has 1 thing to change... not 3.

    Many other platforms have them, Untangle does not, and at larger scale configurations this creates a massive time sink for administrators... They are also generally referred to as aliases in the products that support them.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,754

    Default

    This can be done on Untangle using Policies to group a set.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Can you provide an in-depth example of how this should be setup in Policy Manager? Given the following network to allow Staff Networks to Print, this is how I would set it up in Policy Manager versus Firewall with Aliases. (forgive any errors and I’m trying to type this while chasing my 3 year old this morning).

    Staff VLANs <--> Print Server <--> Printers

    Workstation VLAN 10: 192.168.10.0/24
    Staff Wifi VLAN 11: 192.168.11.0/24
    IT Management VLAN 12: 192.168.12.0/24
    Print Server (VLAN 13): 192.168.13.10
    Printers (VLAN 14): 192.168.14.20 – 25
    Print Ports: 631, 515, 9100,9101, 9102, 139, 445, 135, 137, 49152:65535

    Policy Manager:
    Default Policy (Firewall Installed with a rule set to default deny)

    -Print Server Sub-Policy (Firewall Installed)
    -Policy Rule:
    -Source: 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24
    -Destination: 192.168.13.10
    -Firewall Rule
    -Allow Ports: 631, 515, 9100,9101, 9102, 139, 445, 135, 137, 49152:65535

    -Printers Sub-Policy (Firewall Installed)
    -Policy Rule
    -Source: 192.168.13.10
    -Destination: 192.168.14.20 – 25
    -Firewall Rule
    -Allow Ports: 631, 515, 9100,9101, 9102, 139, 445, 135, 137, 49152:65535

    I might be setting up Policy Managers completely wrong, and If I am please show me the correct way because I do see the power behind it, but it does require a different mindset to use.

    If I did this with firewall aliases, I would create Aliases and put all the staff networks under (1) alias called “Staff_Networks” and I would put Print Ports under an Alias called “Printing_Ports” and another for my printers called “Network_Printers” my firewall rules would look like this.

    -Firewall

    -Rule #1:
    -Source: “Staff_Networks”
    -Destination: 192.168.13.10
    -Ports: “Printing_Ports”

    -Rule #2:
    -Source: 192.168.13.10
    -Destination: “Network_Printers”
    -Ports: “Printing_Ports”

    To me that is a lot easier than using the Policy Manager, and I also see how Aliases could benefit Policy Manager. If I’m doing Policy Manager wrong then please let me know as I need to learn it and there’s not a lot of information/examples to go off on for these type of scenarios that don’t involve schools and filtering web traffic.
    Last edited by xinny; 05-21-2020 at 07:43 AM.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,494

    Default

    I'd like to know too, because the short answer in my view? Policy manager isn't aliases, it doesn't accomplish the same things... it's not even close...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Quote Originally Posted by sky-knight View Post
    I'd like to know too, because the short answer in my view? Policy manager isn't aliases, it doesn't accomplish the same things... it's not even close...
    I 100% agree.

  9. #9
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,020

    Default

    I interpret it as the right answer from UT corporate.

    The correct answer is no. Untangle's road-map just isn't going to have "pfSense-like" on it.
    Of course, as always, I am not speaking for Untangle officially but come on.

    Any of us could have pointed the O.P. to making his desire known here:
    https://untanglengfirewall.featureupvote.com/
    If you think I got Grumpy

  10. #10
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Quote Originally Posted by Jim.Alles View Post
    I interpret it as the right answer from UT corporate.

    The correct answer is no. Untangle's road-map just isn't going to have "pfSense-like" on it.
    Of course, as always, I am not speaking for Untangle officially but come on.

    Any of us could have pointed the O.P. to making his desire known here:
    https://untanglengfirewall.featureupvote.com/
    pfSense-like? I've used pfSense, Fortigate, Cisco ASA, SonicWalls, Meraki, and Sophos in my career and they all have Grouping in the form of aliases or address objects. Untangle is the only Firewall I've come across that does not have this functionality.

    And the recommendation for Aliases is actually on the "User Suggestion page"...twice (1) from Nov 2018 with 87 up votes and the other from Jan 2019 with 83 up votes.

    And Untangles response to those suggestions is that the feature is not needed because it can be done via Policy Manager and I just don't see that.
    Last edited by xinny; 05-21-2020 at 09:40 AM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2