Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Jul 2020
    Posts
    4

    Default Untangle Configuration Help

    Need some confirmation assistance with a few config questions: Attached a pic of Interface setup.

    I have the Untangle z4w installed as a router to my modem. --- Interface 1.
    I have my work Aruba device plugged into Interface 2.
    I have Interface 3 wired to a desktop computer.
    I have my asus ac3100 router as a switch and Synology NAS installed wired via the switch. --- Interface 4.

    Most of the Interface ports minus the modem and Aruba will only function in Bridged to Internal mode.

    Is this the correct setup or should those connections be Addressed or "bridged to External" mode?

    I am also having some challenges attempting to route my Synology NAS to my domain. I can access Synology via quickconnect.to however unable to redirect DDNS hostname to my domain. Think something on ports for Untangle setup is required.

    I also activated Web Filter and Web Monitor - However did not activate SSL Inspector and want to block child unfriendly sites i.e. adult. I have application control activated.

    I noticed when I login to my Untangle admin gui wirelessly from my computer the padlock "connection is not secure" is showing; How do I fix this or is this an issue? Isnt Untangle by default HTTPS secured? What steps do I need to take to make it so?

    Interface Configuration.PNG
    Last edited by shalgum; 07-11-2020 at 09:08 AM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,906

    Default

    Quote Originally Posted by shalgum View Post
    Most of the Interface ports minus the modem and Aruba will only function in Bridged to Internal mode.

    Is this the correct setup or should those connections be Addressed or "bridged to External" mode?
    Yes, LAN interfaces should be bridged to Internal. The best layout in your case is just to use a simple switch off the Internal Interface otherwise Untangle is bi-routing the other interfaces to the Internal. It works but not as simple as it could be.

    Quote Originally Posted by shalgum View Post
    I am also having some challenges attempting to route my Synology NAS to my domain. I can access Synology via quickconnect.to however unable to redirect DDNS hostname to my domain. Think something on ports for Untangle setup is required.
    What is the goal here? To allow access to the NAS from the Internet?

    I also activated Web Filter and Web Monitor - However did not activate SSL Inspector and want to block child unfriendly sites i.e. adult. I have application control activated.
    [/QUOTE]

    There is no reason to have Web Filter and Monitor. Only use Web Filter. Web Monitor is a report only version of Web Filter. Having both will case issues.

    Quote Originally Posted by shalgum View Post
    I noticed when I login to my Untangle admin gui wirelessly from my computer the padlock "connection is not secure" is showing; How do I fix this or is this an issue? Isnt Untangle by default HTTPS secured? What steps do I need to take to make it so?
    On the Internal network, HTTP or HTTPS can both be used. It's up to you. Since the Internal IP is used, those IPs can not have a certificate issued so you will have the "not secure" flag even on HTTPS.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Jul 2020
    Posts
    4

    Default

    Quote Originally Posted by jcoffin View Post
    Yes, LAN interfaces should be bridged to Internal. The best layout in your case is just to use a simple switch off the Internal Interface otherwise Untangle is bi-routing the other interfaces to the Internal. It works but not as simple as it could be.



    What is the goal here? To allow access to the NAS from the Internet?

    I also activated Web Filter and Web Monitor - However did not activate SSL Inspector and want to block child unfriendly sites i.e. adult. I have application control activated.
    There is no reason to have Web Filter and Monitor. Only use Web Filter. Web Monitor is a report only version of Web Filter. Having both will case issues.



    On the Internal network, HTTP or HTTPS can both be used. It's up to you. Since the Internal IP is used, those IPs can not have a certificate issued so you will have the "not secure" flag even on HTTPS.[/QUOTE]

  4. #4
    Newbie
    Join Date
    Jul 2020
    Posts
    4

    Default

    Thanks for the quick response -- yes NAS to be accessible from Internet via a domain i setup.

    Are there any additional settings I need to manipulate for web filter to be effective?

  5. #5
    Newbie
    Join Date
    Jul 2020
    Posts
    4

    Default

    I also have Application Control activated and Captive Portal; do I really require those.
    Also I noticed my Untangle sets my Interface 2 at 100 Mbits and not 1 gig. That is my work Aruba ethernet connection. Any idea how I can improve that connection speed?

  6. #6
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    86

    Default

    Quote Originally Posted by shalgum View Post
    Thanks for the quick response -- yes NAS to be accessible from Internet via a domain i setup.
    Ok, as a Synology NAS owner let me take a stab at this aspect. In order for Synology QuickConnect to work you have two options:
    • Activate UPnP in Untangle. That should allow QuickConnect to automatically open and forward all ports on your Untangle that it needs. However this is not a good idea (see below).
    • Forward the necessary ports from Untangle to your Synology NAS. For this to work, your Synology will need a fixed IP address, which you can either set directly within the DSM interface or - better IMHO - leave the Synology in DHCP mode and configure the fixed IP address in Untangle under Config -> Network -> DHCP Server. This fixed IP address should be outsite of the DHCP range that you have configured on your Internal interface.


    I strongly advise you to NOT turn on UPnP as this service seems regularly to have new security flaws. Also I prefer to have more control over which ports are open to the world on my network. So the second option is closer to what I am using.

    In fact I am not even using Synology QuickConnect to connect to my NAS from the outside, but rather I am using Synology's DDNS service. That service allows you to choose a subdomain in a given domain, e.g. in the diskstation.me domain, for example something like shalgum.diskstation.me. With this identifier you can connect to your router from outside your home network. The nice thing about Synology DDNS is that they also generate (and automatically renew) a Let'sEncrypt certificate, so you can establish secure connections from the outside to your NAS and don't have to deal with those pesky certificate errors. So in my setup QuickConnect is turned off on the NAS and Untangle's UPnP is also turned off (which is the default setting IIRC).

    And finally I only allow connections from outside my home network via a VPN and - since I use Untangle as my OpenVPN server (instead of Synology's OpenVPN) - I don't even need to forward any ports to the NAS. But I still have configured a fixed IP addressj for my NAS on my network, since it makes connectivity so much easier.


    Are there any additional settings I need to manipulate for web filter to be effective?
    SSL inspector might make it more effective, since it allows Untangle to do a deep content inspection of encrypted websites (these days pretty much any website), but I've never bothered with this, so I can't really say more about it.
    Last edited by tangofan; 07-16-2020 at 09:45 PM.

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,306

    Default

    Quote Originally Posted by shalgum View Post
    Also I noticed my Untangle sets my Interface 2 at 100 Mbits and not 1 gig. That is my work Aruba ethernet connection. Any idea how I can improve that connection speed?
    I would start troubleshooting this by replacing the patch cable with a factory fresh CAT 5e or CAT 6 cable.
    Don't crimp your own connectors.
    If you think I got Grumpy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2