Results 1 to 10 of 10
  1. #1
    Untanglit
    Join Date
    Jun 2012
    Posts
    24

    Default Is upgrading to NG Firewall worth it?

    Hello everyone. I have been using Untangle for some time now, and I am currently on version 9.4.2~svn20130830r35759release9.4-1lenny. My question is whether or not I should make the jump up to NG Firewall or not? Are there any specific pros vs cons in doing so?

    My apologies if this has been answered before. I did a search for it, and found no results, so I thought I would ask for some expert opinions.

    Thanks, in advance, for any information you can provide

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,728

    Default

    Networking has improved dramatically in v10. Also v9.4 will not have anymore upgrades. V11, which v10 can upgrade to, has a new anti-virus engine and has support for more hardware.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,229

    Default

    The only downside is that OpenVPN does NAT now. That can cause issues if you're not expecting it. Everything else is an upgrade.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untanglit
    Join Date
    Jun 2012
    Posts
    24

    Default

    Thank you for your replies, I appreciate it

    So if I do the upgrade, what is the simplest way to do so? Is it to do a config backup of my existing system, then a clean install of the NG Firewall and a config restore?

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,728

    Default

    Backups are not compatible. You have to manually configure V10. The easiest way is to have another box to configure V10 on or take many screenshots of the V9 settings.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,229

    Default

    Yeah there is no "upgrade".

    Your only path forward is format C: and reconfigure. Having the existing setup running side-by-side is helpful, but in some cases it's best to just start from nothing and see where you end up. Current versions of Untangle think very differently than older ones. And if you've got an install that's been kicking around for five years, it's time to clean out the cob webs!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,708

    Default

    Quote Originally Posted by sky-knight View Post
    The only downside is that OpenVPN does NAT now. That can cause issues if you're not expecting it. Everything else is an upgrade.
    So is openvpn always a NAT interface?

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,229

    Default

    Yes, there's a hack to turn it off. But any traffic traversing an OpenVPN interface on Untangle is always going to have the address of the nearest Untangle interface. This goofs with all sorts of stuff.

    However, it also opens the door for OpenVPN to be a mesh style configuration instead of star, which makes things easier for road warriors. It only really sucks if you're using for a site-to-site tunnel specifically. And, the IPSec module while paid, performs a ton better. So jumping over is a solid idea anyway.

    I'm not saying it's bad, or it's good. It's just "different" and it can really catch you if you're not paying attention.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,708

    Default

    Quote Originally Posted by sky-knight View Post
    Yes, there's a hack to turn it off. But any traffic traversing an OpenVPN interface on Untangle is always going to have the address of the nearest Untangle interface. This goofs with all sorts of stuff.

    However, it also opens the door for OpenVPN to be a mesh style configuration instead of star, which makes things easier for road warriors. It only really sucks if you're using for a site-to-site tunnel specifically. And, the IPSec module while paid, performs a ton better. So jumping over is a solid idea anyway.

    I'm not saying it's bad, or it's good. It's just "different" and it can really catch you if you're not paying attention.
    ick why was that done? how do you turn off the auto-nat of openvpn?

  10. #10
    Untanglit
    Join Date
    Jun 2012
    Posts
    24

    Default

    Awesome, thank you very much for your help and information! I really appreciate it.

    And my apologies for the lack of replies; I've been quite busy as of late, and I haven't had a chance to respond. I did manage to do a complete hardware upgrade on my Untangle server, so my plan is to have both machines up and running at once so that I can mimic my settings onto the new version. Thanks for the suggestions

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2