Untangle blocking only 1 VLAN

[tperic]

Hello UTM users I hope someone can answer this really simple question.

I've find out about this software by doing google search, and I'm really interested in implementing it inside my network. Before I do investment in dedicated computer, I just need one question answered. I figured out that I won't be able to use UTM to filter all my VLANs in network, since obviously UTM doesn't support multiple VLANs, but I only need it to do filtering on single VLAN.

I would place UTM server between the switch that connects to VLAN1 subnetwork and router. My question is: Is that sort of configuration possible? Because I only need it to monitor and filter content on VLAN1 subnet.
Tnk u on the answers

[dmor]

Absolutely. It works that way out of the box (default install configuration). You can make the Untangle be your router & provide NAT for your VLAN1, OR you can run the Untangle in "Bridge Mode" (which is the "other" default configuration). In bridge mode, it just acts as a bridge (2-port network switch). All traffic will be scanned, and passed through unmodified, unless it is blocked by one of the UTM apps in your rack. Bridge mode would be the simplest in your situation. You'll get the same protection either way.

One word of advice I'd give is that you should probably configure the network port on your switch (the one that will be connecting directly to your Untangle box) as an "Access port" (as opposed to a "Trunk port"). I don't know if you're using a Cisco switch for your VLANs, or a different brand. But those terms are pretty well standard for those who work with managed switches.

Kudos.

[sky-knight]

It isn't that Untangle supports only a single VLAN, it's that Untangle's UVM strips VLAN tags. Untangle will also not bridge any packets it deems are not local, and it requires layer 3 configuration to know how to deal with layer 2.

So if your IP spaces to pass through the Untangle don't need VLAN tags to function, and they are in contiguous blocks making an Untangle bridge work for all of it is a matter of finding an appropriate place to "wire it" in, and widening the mask on Untangle's external IP until all appropriate address ranges are covered. Got a range that isn't' contiguous? No problem, ad an alias for it on the external interface.

[dmor]

Clever.

[tperic]

@dkm: Tnx. VLANs are already configured for use in access mode and yes, I intend to configure it in bridge mode. I already have Cisco router, which is quite good.
@sky-knight: I think I understand what to do, but for now, I think this config with protecting only one VLAN is quite sufficient. But thanks for this idea