Moving to Untangle....Overkill server? Concerns...

M

marley1

Supreme [H]ardness
Joined
Jul 18, 2000
Messages
5,447
Well YeOlde sent me over to his Untangle partner and I had a good talk with Steve @ Untangle.

Little background on what happend.... I have been using Freedom9 Freeguard 100 UTM firewalls for the last year with great result, cheap price, great performer, and great support.....yesterday had a talk with my Freedom9 Rep and he mentioned that the company is leaving this crowded market of SMB Firewalls and going to content filter, monitoring, etc...

So I need to fill my $550-650 market for a UTM Firewall.

So after a little talk with Steve, I got the go ahead from my boss, to go ahead and setup Untangle and test out the spam on our domain compared to Postini.

I am a little hesitant because I have a feeling that Postini will do a better job of spam but I will see.

Anyway server to use:
Dell Poweredge 2650
Dual 2.4 Xeon
2GB
Raid 5 SCSI will change to Raid 1

Is that overkill? Am I just wasting electricity?

So concerns are spam, I haven't dived into there forums yet, but any how to to configure spam to keep up with Postini in accuracy and spam removal?

I will be taking up a reseller, to be honest I think the only thing I would use is the support, but may get a Pro Package for my office and see what I use..... inputs on this?

Look forward to hearing from ya guys, probably bug you more 2morrow YeOlde =p
 
Tough call, it would probably depend on the amount of bandwidth you will have available when taking your mail filtering to a third party vs to doing it on site.
 
Forgot to mention, our office is 2 users, myself and my boss....a dog is in the office but hes bad at emailing =)
 
2 users, yes I'd say dual Xeons are overkill. I run a prebuilt Untangle XD, it has a 2.8 pentiumD and 2GB of memory I believe and it serves 20 or 30 students just fine.
 
I'd go with an Intel Core 2 Duo, 2GB of DDR2 Memory, and 160GB SATA2 HDD.
That server is overkill for two users :)

You could even get away with an Atom and 2Gb of memory.
 
Way overkill. This is just a firewall appliance. Most of my setups are just single PATA hard drives, a gig of RAM, and some mid-range P4. On the clients that can afford it, I'm installing on nicer 1U servers, such as the Dell PowerEdge R200. Pair of 80 gig SATA drives RAID 1, Intel Duo Core, 2 gigs of RAM.

I have one client on a 20 meg pipe, their Untangle is on a small form factor business desktop PC, a P4 2.4GHz, 1 gig of RAM, 80 gig PATA drive, about 70 nodes on their network. Yup..20 meg pipe. And they can hit it all, Untangle never gets pushed hard. Lots of mail flow, sometimes a dozen VPN clients coming into their Juniper box at the same time.

People go overkill with horsepower on their *nix routers. All e-penis comparing here. Honestly..for a small 2 man show, a 1 GHz with 512 megs will do OK. It's more about RAM than processor though. So RAID 5 is a waste, Xeons are a waste, dual processors are a waste.

Sidenote....it will not be as effective at spam removal as Postini or Appriver or a barracuda device. It's a free product (the SPAM component is, plus 13 others). I highly highly doubt your Freedom boxes are either. I have one client that has pre-existing Fortinets (which you said are the same as the Freedom9 boxes)...and they get quite a bit of SPAM through. So don't expect it to go toe to toe with Pos or App or a Cuda. It will, however, make a maaaajor dent in spam (combined with IMF in Exchange..and you have 2x FREE solutions that together...take care of most of the SPAM). Also it will help protect web traffic from viruses and ad/spyware.
 
Def. overkill, but since it seems like you're in the buisness of buying a Lambo when all you really need is a civic, send the Lambo to my house.
 
^ i have the power edges for sale if you want.

What I have to work with, Poweredge 2650, Dell's with somewhere arounda 2.8 P4, have a Dell T server (opteron, raid 1, 4GB).

/me doesn't like SPAM
 
Honestly, I would just use the Dell with a 2.8 P4 and toss another NIC and 1GB of RAM in it. At home I run a whopping Athlon XP2500+ with 1.5GB RAM and a 20GB HDD that I pulled out of a Dell OptiPlex about 4 years ago. :)
 
Captain Colonoscopy said:
Honestly, I would just use the Dell with a 2.8 P4 and toss another NIC and 1GB of RAM in it. At home I run a whopping Athlon XP2500+ with 1.5GB RAM and a 20GB HDD that I pulled out of a Dell OptiPlex about 4 years ago. :)
Click to expand...

I have a similar setup I'm about to use for an Untangle box. Hows that working for you? I'm going to have 512 MB of RAM, though, but the same 2500+ Athlon XP.

I'm going to use it for a small home office network (~10 PC's, laptops) and gaming systems.

I'd use the big Poweredge for a good server and demote another lower powered one to the Untangle box.
 
Ur_Mom said:
I have a similar setup I'm about to use for an Untangle box. Hows that working for you? I'm going to have 512 MB of RAM, though, but the same 2500+ Athlon XP.

I'm going to use it for a small home office network (~10 PC's, laptops) and gaming systems.

I'd use the big Poweredge for a good server and demote another lower powered one to the Untangle box.
Click to expand...

Honestly, it runs just fine for me. I have about 1-4 computers and an xbox360 using it at any given time and it seems to run well. No hiccups that I have noticed. I was worried about chipset compatibility but it seems to be okay. :D
 
The box you've got sounds like a good candidate to run Untangle and several other servers for whatever you need via virtualization.
 
Just deployed another one today at a nursing home of 50x nodes, Dell Optiplex <something>...medium form factor, P4 2.8, 1 gig of RAM...heavy e-mail flow, gotta implement the content filtering well, block all instant messengers and social websites 'n reporting.
 
yeah im still going back and forth on this.

if the spam protection isn't going to be good or close to postini it serves no point for me. most of my clients really only care about reliable email and no spam/false positves.

the other features are great, but i have yet to have a client ask me to set up content filtering or block websites.

i think what i should do is stick to postini for spam, and then find a reliable firewall unit that doesn't need to be restarted and can handle the load.

yeolde ill be bugging ya on aim =p
 
What kind of power is needed for 20-30 users, doing the untangle reports, spam/antiviurs stuff?

I have a few celeron 2gig-ish boxes, and maybe 1 p4 box thats about 2.6. All single cores. Might have an HT p4 around...
 
sc0tty8 said:
What kind of power is needed for 20-30 users, doing the untangle reports, spam/antiviurs stuff?

I have a few celeron 2gig-ish boxes, and maybe 1 p4 box thats about 2.6. All single cores. Might have an HT p4 around...
Click to expand...

You'll be fine with any of those. Also depends on the speed of the internet connection, what other types of "loads" are going through the Untangle box. High e-mail volume...lots of mail to scan? All 20-30 users hitting the web at once? Like I mentioned a few times...I have mid-2.x range P4s with 1 gig of RAM doing the job just fine.
 
The system may be over kill but if that is what you have that is what you have. What I don't understand is the comparison between UTM and Postini. Isn't Postini Software as a Service? You will still be using Postini for your email but protecting your network and internet usage with Untangle. A protected network should be far more important in a business network than just the aggravation and annoyance of Spam.

IMO the two can't be compared.
 
YeOldeStonecat said:
You'll be fine with any of those. Also depends on the speed of the internet connection, what other types of "loads" are going through the Untangle box. High e-mail volume...lots of mail to scan? All 20-30 users hitting the web at once? Like I mentioned a few times...I have mid-2.x range P4s with 1 gig of RAM doing the job just fine.
Click to expand...

The untangle box will be put on the network behind the servers and the router. Mainly after this for the anti-virus/spam type stuff along with the untangle reports. So guessing would want gigabit going in/out as people would be need to go through the box to get to the servers. 20-ish people using the network internally for the shop software on the servers, and not too worried about the net We have a 1.5/768 adsl connection.
 
if your going to run that Xeon with 2gigs .. then you need to run F@H client on that box with username ThreeDee and team 33 .. :p



...or not

I ran an XP +1500 with 1gb mem , 20gb 5400 hd with Smoothwall Express 3.0 , Advanced Web Proxy , and Dansgaurdian with 3 different filter groups with 50+ users surfen all day , streaming music , me downloading large files and a constant flow of email coming in without a hitch .. sooo , I'd imagine , as already stated ..you ain't gonna need to much for your work to keep things "protected" ..



[F]old|[H]ard
 
sc0tty8 said:
The untangle box will be put on the network behind the servers and the router. Mainly after this for the anti-virus/spam type stuff along with the untangle reports. So guessing would want gigabit going in/out as people would be need to go through the box to get to the servers. 20-ish people using the network internally for the shop software on the servers, and not too worried about the net We have a 1.5/768 adsl connection.
Click to expand...

I wouldn't worry about having gigabit NICs on the UT box..if your DSL speed is under 2 megs. Honestly a 10 base T ISA NIC wouldn't be a bottleneck in your case.
 
marley1 said:
yeah im still going back and forth on this.

if the spam protection isn't going to be good or close to postini it serves no point for me. most of my clients really only care about reliable email and no spam/false positves.

the other features are great, but i have yet to have a client ask me to set up content filtering or block websites.

i think what i should do is stick to postini for spam, and then find a reliable firewall unit that doesn't need to be restarted and can handle the load.
Click to expand...

I look at it this way....the old saying..."Jack of all trades, master of none" may apply here...but...

More and more...I'm wanting to have my bigger better clients have more protection from the many threats out there. Just a single antivirus product on the PCs, and the network behind a plain old NAT router, is no longer enough.

Ad/spyware is really becoming annoying (refer to the frequent virtumonde/smitfraud/zlob posts). Due to having several new variants of ZLob released each day, they're staying ahead of the antivirus companies...you'll see some new variant make it past all the brands at one point or another...even Kaspersky and NOD32 and AntiVir.

In my opinion...an added layer of protection is desirable for a business network. Just the desktop antivirus is no longer enough. When I implemented Untangle at the nursing home yesterday...I expanded the spyware blocker application..and the logs were filling up fast. The amount of traffic that it logs as being blocked..coming from browser plugins and cookies from PCs on the network...it's insane. Because all of this usually unseen background traffic is being stopped...the internet pipe becomes less utilized, more efficient. Does it guarantee no PCs will not be infected by a trojan? No...but it's one more layer you can add to protect the PCs.

The "free" engine uses ClamAV as its antivirus scanner. Kaspersky subscription for top notch protection is free. The Spyblocker component is free, and utilizes several different mechanisms. Those components alone...is one of the primary reasons I've been starting to use it more and more for clients.

The spam feature is an added bonus, but yes it's not as accurate at top notch services such as Postini or Appriver...or a 'Cuda appliance. But it's pretty decent..and they are improving it constantly. Not bad for free.

However...it's overkill for a lot of places, that may not have a spare PC kicking around, or the room for some PC sitting in the corner. In the cases where I just need a stable NAT router...I've found the Linksys/Cisco RV0 series to be the best bang for the buck product to fit my needs. Fast CPU and lots of RAM. (rv042 266MHz/32 megs, rv082 533MHz 32 megs, rv016 533MHz 64 megs). Very stable firmware. Handles many concurrent connections from larger business networks very well. Built in PPTP VPN makes for good remote support options for IT. (granted their software IPSec VPN client stinks). Site to site IPSec VPN tunnels is decent. Whenever I have needs for wireless..I prefer to hang an access point, instead of using a combo router/wireless.
 
YeOldeStonecat said:
I wouldn't worry about having gigabit NICs on the UT box..if your DSL speed is under 2 megs. Honestly a 10 base T ISA NIC wouldn't be a bottleneck in your case.
Click to expand...


What about local traffic going through the machine?
 
that should be on a switch =)

untangle box into switch into computers
 
sc0tty8 said:
What about local traffic going through the machine?
Click to expand...

Just reading your original post... "So guessing would want gigabit going in/out as people would be need to go through the box to get to the servers. "

The Untangle box does not sit between the workstations and the servers. It sits between the central switch...and the internet. Workstation <==>Servers flow does not go through Untangle (except for remote VPN users).
 
unless your servers were on a different subnet and you needed to route traffic from workstations to servers...

but you'd have a couple of nics on the lan side then... completely different setup
 
You must log in or register to reply here.
Back
Top