LinkBack URL
About LinkBacksI believe you are correct. Especially, this could be a VM (or maybe even just the container?) in a cloud where running full Untangle could be awkward.Originally Posted by solvonex
I believe you are correct. Especially, this could be a VM (or maybe even just the container?) in a cloud where running full Untangle could be awkward.
Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty
OK, we have use cases for multiple scenarios:
1.) Smaller client with UT Firewall (I would probably want at least a Z12 or Z20 to run additional workload) with web servers in back so having a WAF app add-on that could run inline with DMZ segment would make sense.
2.) Larger client where a WAF VM on-site works since they have a VM environment and more resources.
3.) Cloud hosted WAF VM similar to number 2.
Number 1 would be nice but sort of get the direction here.
Did anybody test running it on UT appliance hardware out of curiosity in R&D as a standalone? That would be an interesting combination and would be something we could sell...
Not exactly... my understanding is right now a single WAF can only protect a single web server. So if you have multiple web servers in back you need multiple WAF instances, which can quickly get out of hand for both pricing and management. Additionally, if I were a small client already running UT I would instead use UT to setup a DMZ for the web servers on their own vlan, where all traffic (whether from inside the network our out) has to route through the UT uvm to reach that vlan.
I see the current scenarios more like this:
1.) Small client without UT -- maybe using a competitor or even (yikes) nothing but the ISP-provided NAT gateway -- and just one or two web servers on site. They can add a VM per web server, perhaps a guest on the same host as the web server.
2.) Small to medium customers just figuring out the cloud, and not comfortable setting up full UT in that situation, can instead setup cloud WAF VMs per public resource.
3.) Larger client using containers (whether cloud or local) and managed with something like Puppet, where they figure out how to provision WAF as a container automatically with each web server deployment with a consistent/predictable set of rules.
Possibly a later version will have support for multiple servers per WAF instance, but I really think #3 is the direction they are moving, and instead expect to see more features making it easier to deploy automatically.
Last edited by jcoehoorn; 11-03-2021 at 08:08 AM.
Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty
Will this be available for Home users?
Can i use this as a reverse proxy? So i can get a wild card cert *.miguel.xxx and reverse proxy to my servers?
Yes on adding a wildcard cert. But sadly currently you can only forward one* site with the WAF implementation.
See my post here:
https://forums.untangle.com/web-appl...tml#post253464
So i can have a.miguel.com pointing to 10.0.0.3 with cert *.miguel.com and b.miguel.com pointing to 10.0.0.7 using same * .miguel.com cert?
All have all my dns *.miguel.com pointing to my untangle server?
As long as you want to forward to one internal server or a cluster that all have the same content.
the WAF will not be able to split b.miguel.com to server 1.1.1.2 and c.miguel.com to 1.1.1.3 so if all your sites are on the same backend/upstream server then yes.
In my case I always have multiple servers so I would need 1 WAF for every internal server.
Yeah thats kinda pointless
So... it's a wiff?
Rerouter 2.0?
I'm not ready to write it off yet... but Untangle would be better served getting TOTP on the admin UI in both NGFW and SDWAN Router than mucking with this. But I'm sure someone thinks it's a good idea.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
I feels like a firewall/layer 7 team decided to do ha WAF but none of them have used or worked with a Loadbalancer (Or done so in modern time)
But I am afraid that some design elements will be connected to the license model so it might soon all be clear why it is the way it is.
And just to be clear!
I Like the GUI!
I Like the WAF part!
The parts why I can't use it is all LB or Redundancy connected.
So if you just have One web server or One Site than This WAF might be something for you.
Last edited by WebFooL; 11-23-2021 at 07:05 AM.
Posting Permissions
