Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Mar 2016
    Posts
    4

    Question Transparent Firewall question

    Is there any reason why an Untangle NG firewall in transparent mode would not work if the network topology is this:

    Internet <-> UntangleNGFW-inTransparentMode <-> CommodityAP/FW(like Asus/Netgear with firewalling and NAT setup)

    I see in the documentation for Untangle where it shown the the Untangle unit is setup in transparent mode on the internal side of the the CommodityAP/FW.

    I would thing that the configuration noted above (where the UntangleNGFW is on the External side, between cable modem and CommodityAP/FW would work though.

    Thoughts?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    1.) You'd need two internet IPs, which means business grade cable and two statics generally.
    2.) Untangle will see exactly 1 PC, and everything else dies thanks to that.

    So yes it "can work", but it will never "work well".

    Besides... Why add the additional expense and headache? There is nothing in that commodity router Untangle cannot do as a router, all you're doing is making things hard for yourself. Make Untangle the router, then put that commodity crap box in WAP mode.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Mar 2016
    Posts
    4

    Default

    yeah, I agree, and that is what I am doing now. The issue is that there are features in the AP that are not enable-able because it is in WAP mode not firewall mode, like terminating or timing Internet time of devices. Some of this is possible in the Untangle box, granted, but it is not a feature that can be managed from a mobile platform. The use case here is to be able to disconnect a network node, or at least sandbox/quarantine a network node from a mobile phone management app. I can do this in the Untangle unit if I know how to use the untangle UI and I am connecting from a PC.

    Lastly, the security in layers, what one NGFW misses, another can potentially catch.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,241

    Default

    Then you put Untangle as a bridge behind whatever it is you want doing the routing, not in front.

    Untangle needs to be able to see your endpoint devices to function, and nothing you do will grant the ability to do that to two devices fully. You cannot "stack" network equipment.

    Besides, Untangle in and of itself is already multi-vendor layers, that's the entire reason you'd use it over everything else on the shelf!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2