Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Untanglit
    Join Date
    Dec 2021
    Posts
    23

    Default Predefine Objects

    Is there a way to keep track of objects in the Untangle Firewall. Like a local DB that I can store Mac/hostname. Not using a directory service?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    The Devices tab stores things based on MAC, but that sort of tracking only works if Untangle is directly to the network in question. Any routers between Untangle and the target device at all prevent it from populating. Which is why Untangle prefers to manage things in the host tab instead, which sorts by IP address. That approach has its own weaknesses too.

    So what exactly are you trying to accomplish?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    Dec 2021
    Posts
    23

    Default

    Build policies for Devices on the network. Many children have many devices so want to tie each device to each kid and make a policy per kid, but trying not to have to remember all the individual IPs

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,488

    Default

    Ahh, then hit up your devices tab, find the device in question and fill in the username box with the kid's name. Then you can set policies based on the kids' names.

    Beware... all mobile devices have a MAC address randomization feature in the name of "privacy", you'll have to turn that off on each device if you want any of this to work.
    Last edited by sky-knight; 01-13-2022 at 06:57 PM.
    DarthKegRaider likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untanglit
    Join Date
    Nov 2016
    Posts
    15

    Default

    I have used what sky-knight suggested for over 5 years with great success.

    I use the 'username' field, that way if the kid gets smart and renames the PC/Laptop then they are still tied to the policy of "username=*childname* : Time of day = 7PM to 8AM : Target Policy = No Internet"

    I haven't struck a MAC changed device as yet.

  6. #6
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    708

    Default

    Quote Originally Posted by DarthKegRaider View Post
    I have used what sky-knight suggested for over 5 years with great success.

    I use the 'username' field, that way if the kid gets smart and renames the PC/Laptop then they are still tied to the policy of "username=*childname* : Time of day = 7PM to 8AM : Target Policy = No Internet"

    I haven't struck a MAC changed device as yet.
    I've used the Mac address \ network name on a time based policy with 100% Success too.
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  7. #7
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    708

    Default

    I did a video of this for those who want to see it !

    https://www.youtube.com/watch?v=3g7wNFGn2rQ
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  8. #8
    Untanglit
    Join Date
    Dec 2021
    Posts
    23

    Default

    Why is it not possible to make address objects or object groups based on similar properties? If I had a server farm with statics and I want only those statics to be able to talk I have to remember all the IPs. Seems most firewalls can have objects predefined and saved for future use, why is this not a feature?

  9. #9
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,935

    Default

    Quote Originally Posted by Stevenjwilliams83 View Post
    Why is it not possible to make address objects or object groups based on similar properties? If I had a server farm with statics and I want only those statics to be able to talk I have to remember all the IPs. Seems most firewalls can have objects predefined and saved for future use, why is this not a feature?
    If you have a server farm, I would hope the network is sophisticated enough to also have those servers in their own vlan, so you can segment them apart for different policies via subnet.

    The other thing you can do is tag objects, and then target policies based on the tag.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

  10. #10
    Untanglit
    Join Date
    Dec 2021
    Posts
    23

    Default

    Servers can be on a separate subnet and isolated from other networks, but that doesn't mean I want to allow that whole subnet to the internet. For compliance reasons we don't allow all servers to internet at my work. But I guess I am curious why predefined objects cannot be done? I can't think of one firewall that hasn't allowed this type of feature.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2