Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Untangler debhead's Avatar
    Join Date
    Jun 2010
    Location
    Chicago Area
    Posts
    66

    Default replacing old firewall w/ UT - best practice?? (bridge???)

    am replacing my old firewall - eventually - with UT 7.3.

    Am WANTING to setup UT (presumably) in bridge mode to get it setup, and test before setting it lose.

    I've read wiki, and am now a bit confused. wiki has VERY little info on bridging; NO info on best practices for replacing old firewall w/ UT.

    also - read about articles referring to a router in the rack - I selected bridge during install - how do I now add the router to the rack so I can explore what it does?

    in short -
    what's the best practice procedure for getting UT up & running / testing; before replacing an existing firewall with it?

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    Its easy
    First install in bridge, behind your firewall.
    When you finish to do all test you like/need, change the external interface of untangle to match your wan requirments. Also change the internal interface to be the actual default gateway.
    Thats all.
    (ok, you need to touch some thing in UT box to permit port forward, and other little things, depends on your environment)
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    Untangler debhead's Avatar
    Join Date
    Jun 2010
    Location
    Chicago Area
    Posts
    66

    Default

    TX, dwasserman - appreciate your reply...

    so what about converting from bridge to router... I was reading about ppl talking about a router app in the rack....
    obviously, i need to change the nic type from bridge to something else... but don't i have to install this router rack-app?

    also - so, I will have this: internet/router <> UT <> old firewall <> LAN ??
    I've seen SO many ppl talking about placing the UT btn the firewall and LAN... that does NOT make sense to me.... your suggestions DOES make sense... why are others placing UT AFTER the FW?

    and finally - which nic is bridged to which?

    i'm not 100% clear on how the whole bridging idea is supposed to work... again seems to be a lack of doc's....

    TIA again!

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    The old rack application doesn't work. That piece no longer exists.

    Router vs Bridge, isn't a "mode", it's just a relationship between adapters.

    config -> networking

    Select a non - external interface, and pull down that drop down. You have bridge to -> and any adapter set to static will list as an option. And of course you have static.

    If you set it to static, and give it an IP address, the interface will route to all other static interfaces. If you bridge an interface to another static, that interface will now bridge packets between the two interfaces. Same IP range, no routes, just layer 2 bridging but the packets go through the UVM.

    The documentation is there... but where do you draw the line? The wiki assumes you know what a bridge is, and what a router is, and how IP works around those devices.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    Dont confuse firewall app with firewall mode.
    The first is a packet filter rules for TCP/UDP inside the rack
    The firewall mode vs bridge mode is in networking tab as sky-night said, and define how work the box, NAT or Bridge.

    The scenario are

    Firewall:

    Internet---(external interface public ip)UT(internal interface private ip)-----LAN

    Bridge:

    Internet---Router-----(external interface private ip)UT(internal interface bridged same imp external)----LAN.
    The world is divided into 10 kinds of people, who know binary and those not

  6. #6
    Untangler debhead's Avatar
    Join Date
    Jun 2010
    Location
    Chicago Area
    Posts
    66

    Default

    TX to both DW & SK:

    your replies make perfect sense....

    I believe I started questioning my own understanding after reading other ppl's submissions, alongside entries in the wiki....

    the real answer is, that my "Plan A" was correct. nothing could make me happier :-)

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    Yeah don't over think it... Untangle is wonderfully simple in the way it hooks into a network. It's the troubleshooting when all that magic doesn't work that can get creative. UTMs by design hide details we need from time to time. Case and point, the lack of real-time monitoring. Sure we could get that easily... but most would still complain because each rack application, in each rack IS A SEPARATE SERVER! Even a basic setup would have you real time staring at what? 20-30 bars/needles/charts? Does that help? Really help?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangler debhead's Avatar
    Join Date
    Jun 2010
    Location
    Chicago Area
    Posts
    66

    Default

    ok - quick followup question:

    if my UT box is a bridge: inet <> UT <> old firewall
    then I have ext nic IP = static as assigned by ISP; int. nic is bridged to ext.

    how do I talk to the UT box via web browser in order to "play" with it??
    eventually it will have it's own IP address - but what is that IP now?

    my old firewall's ext. nic thinks it's the same IP that the UT box thinks IT is... ???

    TIA...
    Black holes are where god divided by zero; but god does not know math.

  9. #9
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    No, in bridge mode, the UT must be closest to the edge (router), but from inside.
    See the #5 post drawing.
    The world is divided into 10 kinds of people, who know binary and those not

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    Untangle bridges get an IP address assigned to External that fits within the IP segment defined by the border router.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2