Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25
  1. #11
    Master Untangler mozerd's Avatar
    Join Date
    Nov 2008
    Location
    Nepean Ontario Canada
    Posts
    253

    Default

    Quote Originally Posted by tezgno View Post
    I guess I should be more specific as to why I am considering UT. The issue that I have with the Zywall isn't about its features or how it does things. The issue is strictly with the fact that the unit does not provide enough throughput with its functions turned on.

    I'm not so much looking for free as much as I'm looking for better. But, if that "better" costs more than something else that is also "better," it becomes hard to justify.
    The ZyWall UTM USG series [regardless of model] cannot and will not provide you with the throughput and protection that Untangle UTM can and will under heavy load assuming that Untangle is running on an appropriate hardware platform --- there is absolutely no comparison from a performance and protection perspective. Yes, Untangle UTM will be more expensive but from a Value Proposition perspective Untangle cannot be beat.

  2. #12
    Newbie
    Join Date
    Nov 2010
    Posts
    13

    Default

    Quote Originally Posted by mozerd View Post
    The ZyWall UTM USG series [regardless of model] cannot and will not provide you with the throughput and protection that Untangle UTM can and will under heavy load assuming that Untangle is running on an appropriate hardware platform --- there is absolutely no comparison from a performance and protection perspective. Yes, Untangle UTM will be more expensive but from a Value Proposition perspective Untangle cannot be beat.
    That isn't the argument. This isn't about Zywall versus Untangle. As I have stated before, I am looking to replace the Zywall with something much better for the exact reasons you stated above. The issue at hand is regarding having to purchase the Policy Manager to accomplish what I do today using simple firewall rules. If that is truly the case (in which I'm still not sure because I'm seeing different answers to the same question; I won't be totally sure until my hardware arrives and I throw UT on it) then Untangle, with just the purchase of the Policy Manager in my environment, would be more expensive than alternatives to BOTH the Zywall AND Untangle. This is because the Untangle uses a "per device" licensing model. If I purchase the entire suite, then Untangle blows even my most expensive alternative to the Zywall out of the water. That is what I can't justify.

  3. #13
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    To obtain high performance in the inter lan routing in untangle, you MUST use bypass rules and lose the UTM functionality. Of course you can try with a quad xeon grade server, a lot of gigabytes of ram and of course intel nicīs.
    Always think in untangle as a linux box with basic conectivity and a virtual machine at top, the UVM, this manage the rack and the aplications inside.
    I ever make my design finding the best device (price/performance), but not ever can fit in only one, some times is better let a UTM work in was designed and some real gigabyte device for manage the core lan.
    From my poor knowledge the only device that is near to fit all your needs is a cisco asa 5520 with the ips and trend micro modules >10000 U$S + annual suscription. Upsss, I forget the anti spam module, add the ironport
    The world is divided into 10 kinds of people, who know binary and those not

  4. #14
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    I think you can probably manage this with the Lite and just firewall and packet filter rules. You'll just have to be diligent and careful about setting up the correct rules.

    I'm assuming you separated those networks for a reason and would likely want to have different policies (in regards to Web Filtering, Bandwidth Control, etc) for different networks, thats where Policy Manager comes in.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #15
    Newbie
    Join Date
    Nov 2010
    Posts
    13

    Default

    Quote Originally Posted by dwasserman View Post
    To obtain high performance in the inter lan routing in untangle, you MUST use bypass rules and lose the UTM functionality. Of course you can try with a quad xeon grade server, a lot of gigabytes of ram and of course intel nicīs.
    Always think in untangle as a linux box with basic conectivity and a virtual machine at top, the UVM, this manage the rack and the aplications inside.
    I ever make my design finding the best device (price/performance), but not ever can fit in only one, some times is better let a UTM work in was designed and some real gigabyte device for manage the core lan.
    From my poor knowledge the only device that is near to fit all your needs is a cisco asa 5520 with the ips and trend micro modules >10000 U$S + annual suscription. Upsss, I forget the anti spam module, add the ironport
    I think that there is a language barrier here because you are really not understanding what I am needing. I'm not looking for high performance inter-lan. What I am needing is strictly this:

    1. Better performance WAN--> LAN
    2. Better performance WAN--> DMZ
    3. Better Performance DMZ--> LAN


    The only inter-lan communication that has UTM functionality in my environment today is the DMZ--> LAN. And, if I can achieve performance of about 100Mbps or so, then that's a win for me (today, I can't even get 10). That's also a concern as well because when I switch ISPs, my internet bandwidth alone will make the Zywall useless for the WAN--> LAN communications.
    The only internal

  6. #16
    Newbie
    Join Date
    Nov 2010
    Posts
    13

    Default

    Quote Originally Posted by dmorris View Post
    I think you can probably manage this with the Lite and just firewall and packet filter rules. You'll just have to be diligent and careful about setting up the correct rules.
    Thanks.

    Quote Originally Posted by dmorris View Post
    I'm assuming you separated those networks for a reason and would likely want to have different policies (in regards to Web Filtering, Bandwidth Control, etc) for different networks, thats where Policy Manager comes in.
    Sort of. Web filtering, bandwidth control, outbound blocking (i.e. SMTP except for the mail appliance) etc., are the same over all of the networks. The primary reason for the separation of each is:

    1. DMZ - Devices on this network can be accessed from the Internet. Essentially, I do not want a compromized box on this network to talk back to the internal network where we have critical data. So, all communication from the DMZ to the Internal network is blocked with the exception of specific IP-to-IP traffic.
    2. Dev Network - Devices on this network are all test machines testing software or testing server builds. Essentially, I do not want any traffic on this network coming back to the internal LAN so all traffic back to the internal network is blocked.
    3. Guest Network - This network is essentially the same setup as the Dev network. The only thing that I would like to do here is setup a Captive Portal so that when users connect, they login (don't have this today).


    The network isn't like many businesses in which you have separate networks for separate departments or groups of users (we are not that kind of company or that large; we are an IT consulting company). Maybe at some point in the future, we may need the type of separation that is typical in many businesses. But today, our needs are not that complex.

  7. #17
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    Can be a language barrier, my natural lenguage is spanish and can misunderstund some thing.
    But in your last post you delete the guest and development lans, and better is not a technician description. With the apropiate hardware sure can be better. How improved, really I dont know, maybe some partner with dedicated apliances can answer this.
    The world is divided into 10 kinds of people, who know binary and those not

  8. #18
    Newbie
    Join Date
    Nov 2010
    Posts
    13

    Default

    Quote Originally Posted by dwasserman View Post
    Can be a language barrier, my natural lenguage is spanish and can misunderstund some thing.
    But in your last post you delete the guest and development lans, and better is not a technician description. With the apropiate hardware sure can be better. How improved, really I dont know, maybe some partner with dedicated apliances can answer this.
    Yes, I didn't mention those lans in my post because those lans, today, do not have any UTM between them. The only UTM functionality that I have today is between the WAN--> DMZ, WAN--> LAN, and WAN--> Internal LAN. I would like to do it between the other networks, but I cannot afford to do it with my current system only able to actually push 5-10Mbps through it with UTM turned on. By "better," I'm referring to my problem... performance. I want something that offers me better performance than what my current unit can provide. As I also stated, if that better can be 100Mbps, then it's a win for me. Better, in terms of features, is subjective to the person. For me, UT offers better features than does my Zywall, but I'm not looking at UT for features alone as much as performance and cost.

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Untangle will do as you ask.

    Also, I will point out that the appliances Jim and I designed, that are displayed at www.untangleappliances.com are capable of operating at near wire speeds with the UTM features enabled.

    Make no mistake, I have no reservations about saying that Untangle Lite will do what you're asking of it. It will provide you a superior feature-set to your current solution. However, I encourage you to take a hard look at the subscription offerings, they will not only give you even greater defenses, but save you a world of time while doing it. The premium subscription has paid for itself in every network I've deployed it on. Why? Simple, those networks don't get viruses anymore. PERIOD!

    Get good well designed hardware, and Untangle will open the door to possibilities you didn't think were possible. I've been pushing this product past its limits for almost 3 years now, I have yet to find a real wall.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #20
    Newbie
    Join Date
    Nov 2010
    Posts
    13

    Default

    I have no doubts that the subscriptions would be an awesome enhancement to the system. For me, it's more about the performance of the unit, how easy it is to work with, and how affordable the unit is. Being in the IT consulting world, we have a lot of partnerships with various vendors including a couple in the firewall space. But, the problem that we have is that most of those units come with features that, in our current environment setup, we would never use and it becomes hard to justify paying for those features if we are never using them. We are in a similar boat with the Zywall in that we are paying for features that we can't use because of performance issues.

    I guess what I'll do is download the software, give it a go, and see how well it works before making a decision. I did check out the Untangle Appliance site and saw some of those offerings. That site is good because it helps me to compare the performance needs to the type of hardware needed. For example, it shows a Dual-core Atom at being good for about 20 users or so and the NG25 and NG50 being good for about 50 or so users (I'm assuming that those units are either running on high-end Dual-core Atoms or ULV Core 2 Duos). If that is the case, then what we would be using would be overkill in comparison (likely would be a Dell R610 or R710 with 8-16GB of ram and 143GB 15K SAS disks on a RAID 1) although I haven't actually made a decision on what hardware to purchase just yet.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2