Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    May 2017
    Posts
    9

    Default List of steps to convert from inline to firewall mode?

    Guys,

    I'm running Untangle inline but would like to switch to a firewall'd nat'd config. I tried changing this morning but traffic wouldn't pass. Is there a list of steps somewhere I should follow?

    Here's what I did:

    1. Switch the "External" interface to addressed, DHCP.
    2. Mark external as "Is WAN Interface"
    3. Set internal interface to IP of current firewall/gateway/router.
    4. Re-route cables
    5. Verify that External received a valid IP address from provider router
    6. Verify I could reach Untangle on the internal interface


    At this point, Untangle wouldn't pass traffic from my internal hosts, nor was it able to connect to the internet itself. I don't really have any funky rules set up, as I've been using this inline so far.

    Additional things I tried after realizing it wasn't working:
    1. Set "NAT traffic coming from this interface (and bridged peers)" option on the External interface
    2. Reboot


    So, my questions:
    1. What have I missed? Is there another step I need to take?
    2. Is there a predefined config or series of screenshots for Untangle out of the box configurations (inline vs NAT FW) I could examine to see what I've missed
    3. With my current FW (pfSense) it's easy to troubleshoot these sorts of things, because I can basically tail -f a log file and watch the packets get dropped, assuming the fw is doing this. Flat files are generally easier than a GUI to work with in troubleshooting situations...does such a log file exist for Untangle?

    Thanks guys.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    5,757

    Default

    Without access to your box (support ticket), it might take hundreds of questions. I suggest just running the setup wizard again, Config -> Support -> Setup wizard.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,267

    Default

    The only real differences between bridge, vs router mode...

    Internal is now static instead of bridged, and it has a DHCP service enabled.
    External has NAT Traffic exiting this interface checked, it should have had IS WAN before.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    May 2017
    Posts
    9

    Default

    Quote Originally Posted by sky-knight View Post
    The only real differences between bridge, vs router mode...

    Internal is now static instead of bridged, and it has a DHCP service enabled.
    External has NAT Traffic exiting this interface checked, it should have had IS WAN before.
    Ok, thanks. So I mostly had it right but probably missed something. I'll check it tonight.

  5. #5
    Newbie
    Join Date
    May 2017
    Posts
    9

    Default

    Quote Originally Posted by jcoffin View Post
    Without access to your box (support ticket), it might take hundreds of questions. I suggest just running the setup wizard again, Config -> Support -> Setup wizard.
    Ok...but will Setup Wizard blow away my other App settings (web filter, captive portal, etc)?

  6. #6
    Newbie
    Join Date
    May 2017
    Posts
    9

    Default

    So, to answer any one who has the same question: no, it doesn't seem to blow away all your settings.

    Ultimately it didn't help though....I determined my problem was actually arp cache on the switch...rebooting the switch let traffic flow again.

    Thanks,
    d1rewolf

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    5,757

    Default

    Thanks for the update!
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2