Results 1 to 6 of 6
  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    638

    Default How to minimize Untangle chattiness

    Iím considering using Untangle NGFW at a remote site with a T-Mobile prepaid hotspot WAN (via the new WiFi WAN feature) using a Google Fi data-only plan. The only network client will be a Video Surveillance system. It will send us an email any time motion is detected in certain areas at certain times.

    The data service costs $10/GB up to $60/GB monthly.

    The cool thing about Untangle is I can create firewall rules to block all the chattiness of the device behind it which runs a full Linux OS and will be trying to check for updates, etc. regularly. By creating appropriate firewall rules, weíll be able to minimize its internet usage by only allowing the data that we care about (email notifications).

    The not-so-cool thing about using Untangle here is that it is fairly chatty itself by nature, due to checking for platform updates (I can disable auto-update though), A/V updates and other updates for the various apps.

    Iím wondering to what extent I can really quiet it down so that the Untangle box isnít really generating its own traffic.

    Of course this means I wouldnít install any apps that need to download updates.

    Would be nice to install the firewall app, but I could just as well use Filter Rules & be ok.

    Can someone who knows more about the under-the-hood inner workings of Untangle comment on the feasibility of eliminating most (if not all) of the firewallís own generated traffic.

    Iíd like to keep the data charges to $10-20/mo. and think I can if we can avoid Untangle being chatty.

    Would filter rules apply to traffic generated *by* the Untangle firewall?

    Thanks much.

    -
    Doug


    Sent from my iPhone using Tapatalk

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,509

    Default

    You can disable updates, but if you use the filter to do anything more you're going to neuter the system to the point that you'd be better off with a China junk router.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    638

    Default

    Quote Originally Posted by sky-knight View Post
    You can disable updates, but if you use the filter to do anything more you're going to neuter the system to the point that you'd be better off with a China junk router.
    I know. And honestly I'm not sure that Filter rules would work anyway. I believe those map to iptables FORWARD table, so they wouldn't apply to traffic source from the linux operating system. However, I believe the iptables OUTPUT table would be applicable for traffic generated by the Untangle firewall itself.

    We'd have to find a China junk router that can use a wireless client interface as its WAN. That's part of the allure here with Untangle.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,509

    Default

    The access rules in networking's advanced tab will control traffic to or from the Untangle server itself.

    Again, I think this is a horrible idea, but you can block communications in there to whatever you want, including Untangle's IP addresses.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    638

    Default

    Yeah. As it's not really a use-case Untangle is intended for (not being chatty), I decided on a different product for now.

    But Untangle might want to consider an option for "metered connections" that would cater to this. After all, the new WiFi-client-as-WAN feature's primary use case is using a cellular hotspot. Those are generally *way* more expensive per GB than a hard-wired internet service.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,509

    Default

    Yes, but that doesn't change the fact that UTM work requires that connectivity. The fact that the uplink is more expensive is irrelevant, the job Untangle must perform is the same, so the requirements are the same.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2