Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2011

    Default Just want Web Filter and Captive Portal

    Ok so I have what I believe to be a fairly unique setup, and have not been able to find exactly what I need in the forums.

    I have a network in place, functioning perfectly. There are several VLANS in use behind a Cisco L3 switch, which is acting as a router. The switch actually has 2 routed ports, one going through an ASA then to my ISPs router through dumb unmanaged switch, and out to the cloud. The second routed port goes through a vendor supplied Cisco 1841 which acts as a VPN endpoint that vendor. From the 1841, we go through that dumb unmanaged switch to the ISP router and then the cloud.

    I cannot make any changes to the 1841, or the ISP router.

    All but one of the VLANS is for corporate access, whereas on VLAN is setup for Guest access. I have several access points setup on this VLAN, and the users simply connect to the AP and go on out to the net. I have ACL's in both the ASA and the 3550-12G which ensure that the guest network can only get where it needs to go.

    Currently we are using Open DNS, with one set of rules for the corporate VLANS, and a different one for the Guest VLAN.

    This works ok, but limits my granularity within the corporate VLANS. Also, I have no Captive Portal for the guest VLAN in place. I just want to have the users read and agree to an acceptable use policy before browsing - no authentication is required.

    I'd like the web filter to be able to have different rules for each VLAN, and also be able to track users by IP (if possible).

    So I thought I'd use Untangle to handle my captive portal, and web filtering. Question is, how and where to I put the Untangle box? Or, if Untangle is not the optimal solution, what recommendations are there? I like Untangle a lot mostly for the interface. I am not onsite often, and the IT guy there is not really an IT guy - so the GUI makes things super nice if he ever needs to change a web filter policy or run reports.

    I have all my ACL's an the ASA and the Switch. I also have default routes for each VLAN defined in the ASA.

    Removing the ASA is not an option either - just one of those things

    See attached diagram to help make sense of this mess.

  2. #2
    Join Date
    Sep 2011


    The bridge mode seems to be your best solution. The problem is that untangle doesnīt support vlan tagging. The only solution you have is to put one ethernet on the untangle server to each vlan directly. Ex: if you have 2 vlanīs you will need two different nicīs on your untangle server, one for each vlan with a direct cable to each of them. After a lot of forum readings...this is the only solution.
    I think untangle is a very good product but your scenario is from a big enterprise and untangle is designed for soho enviroments. I have the same problem with my clients, and the only way to solve it was the oneīs iīve mentioned before, of course itīs not possible on every scenario.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2