Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untanglit
    Join Date
    Apr 2017
    Location
    California
    Posts
    26

    Default Setting up my Home network - Again

    So I have been using untangle for a while now with the home license. I really like it and want to tweak it better. As this is for home i am looking for a few things and want to make sure i have everything i need turned on but not overkill.

    Internet Connection: 225 / 15
    Host: Server hyper-v 2016 - I7 3.5 Ghz - 4 cores to VM
    NIC: Intel quad NIC card with SR-IOV available for the VM and 2 ports of Untangle

    I need the following and just want to make sure i enable but not over enable things:
    1. Monitor kids and household - block sites
    2. Block ads
    3. Block virus and prevent spyware (as far as the FW can do)
    4. QOS
    5. Block attacks from outside

    Not as worried about internal hacks out to be honest compared to the opposite.

    My current VM is setup with :
    Firewall
    IPS
    Virus Blocker
    Ad Blocker
    Application Control
    Web Filter
    Bandwidth Control
    (tried Web Cache but had some issues)

    I know the CPU can be overkill but i also use as a media server in another VM. Have 4 CPU and 6 GB of RAM allocated.

    I am still learning network level software as my expertise has always been windows servers.

    Thanks for the advice!

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,293

    Default

    It's confusing, but with Hyper-V you don't allocate cores from the physical machine, despite what that drop down seems to mean. Instead, by default you should probably just assign all cores to all VMs, and then only back off from there when you observe contention.
    Last edited by jcoehoorn; 07-17-2017 at 06:57 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 8GB with Untangle 12.2 to protect 200Mbits for ~400 residential college students and associated staff and faculty

  3. #3
    Untanglit
    Join Date
    Apr 2017
    Location
    California
    Posts
    26

    Default

    Totally get it. I use the limit on v-cpu for keeping it from fighting with the media server and so on. In my current setup i have an older dell workstation with a xeon 6 core CPU that is running quite a few VMs for the house (kids gaming servers and such). I am moving it to the new hardware of the i7 as i want the FW and Media server to be separate for a few reasons. Having 4 cores allocated with 5 GB of ram was plenty before for my house. I just want to make sure my FW is not setup with overkill or i am missing something from the installed apps listed.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,403

    Default

    That's an entirely wrong headed way to handle your CPU cores, and I'll go as far as to tell you that it isn't just Hyper-V that does this, it's also Citrix and VMWare.

    But specifically with Hyper-V the vCore setting defines how many threads a given guest can ever produce. So if you have six hyperthreaded cores, if your guest cannot have 12 vCores it'll never saturate the CPU. Which is a great way to keep your CPUs bored. Hyper-V doesn't just push other threads into unused cores all the time either... it's annoying like that.

    So if you want to keep things from complaining, you max out your core counts on all VMs, and then set your priorities.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Apr 2017
    Location
    California
    Posts
    26

    Default

    Ahh I had issues on my other system with Untangle having some slow downs when i over allocated the V-CPUs. This system has 4C/8T and the other VM is a media server setup with 4 Cores and 8 GB of RAM. I figured between the 2 would be fine as i want this system on all time and using the old server for Game servers. 4 Cores seems to make the internet I have work quite well as the speed is able to handle my 220 /12 with no problem and 30 or so clients (dam gaming consoles and TVs)

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,403

    Default

    The key is to forget the idea of a core, Hyper-V is EXACTLY what it's named. It's a hypervisor, a supervisor made to manage supervisors. Supervisors manage threads. Another word for supervisor is operating system!

    So you're dealing with an OS that's been modified to manage OSs, and at the end of the day it flat doesn't care about cores, it just cares about threads. If you give every VM the ability to saturate the CPUs of the host, then you'll actually use the host. Untangle isn't very nice about this, it needs resources now, so you set your prioritization slider to add more weight to Untangle.

    The same approach should be used for every other HyperVisor on the shelf as well for the most part. If you need to dedicate resources, that's what bare metal is for.

    Anyway, when it comes to Hyper-V, the priority weights work much better when every VM has 100% CPU access, then you control from there. Then the host can kick VMs to the curb and make them wait when needed, but when not get the work done yesterday. Just like task manager lets you set priority on individual threads or applications if you want.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untanglit
    Join Date
    Apr 2017
    Location
    California
    Posts
    26

    Default

    I see. Completely different from what I learned years ago. I will research the best method of wieght for the game server and the untangle media server. Thanks for the info. What do you think about the app list for my house.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,403

    Default

    I'm not a fan of ad blocker, I think browser plugins do a far better job. I know it's not network wide... but many apps on both Android and iOS won't function properly without ads. Then there is the issue of pages that won't work or render properly and there isn't an easy button in the browser to fix it. But, if you've got some kids like mine that just won't listen, it's handy in small specific doses. My kids have their own desktops, those units are pushed into their own rack so I can do various things. I've got a child rack that does nothing but block YouTube for example... my 12 year old doesn't like it!

    It looks like you've discovered why I don't like Web Cache, I just want to point out this experience is mirrored with other transparent proxies, I don't think the module is defective it's just the nature of using a proxy.

    The rest is simple enough, Firewall seems redundant some days but the logs in there are quite useful even if you never block anything with it. The thing logs EVERYTHING now, so you just dig in and filter and you can find everything you could ever want.
    f1assistance likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untanglit
    Join Date
    Apr 2017
    Location
    California
    Posts
    26

    Default

    I have tuned the ad blocker to block the big stuff and browser for rest. I was thinking of doing ssl inspection too but was not sure if for home use it is a good idea. I like the ability to virus scan https files and such. I love the logs in general. I trust my 12 and 15 year old but I always check once in a while so they know dad is monitoring. Keeps them honest. Had the previous setup going for 4 month and it went well. It was funny that I switched back to my net gear router while I get everything wired and I have heard nothing but complaints of internet issues.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,403

    Default

    I haven't ever used the SSL Inspector outside of a lab, the nature of the thing bothers me. I find Web Filter does a fantastic job all by itself. But there are certain things you just cannot do without it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2