Still Untangle? UTM Unified Threat Management router firewall?

Discussion in 'Networking & Security' started by Pocatello, Oct 12, 2018.

  1. Pocatello

    Pocatello DC Moderator and [H]ard DCOTM x3 Staff Member

    Messages:
    6,054
    Joined:
    Jun 15, 2005
    I have been using https://www.untangle.com/ the Untangle home built free linux firewall solution for 10+ years, IIRC. My current untangle box has died and I want to build something new. This is for my home and I have a typical usage at home with kids gaming and streaming video.

    Two big questions:

    1) Should I stay with what I know and keep using Untangle?

    2) I am getting Fiber to the home with synchronous 1gb up and down in the next few weeks. What UTM / Firewall can handle 1gb speeds?

    I'm near a MicroCenter this week in Tustin, California, and I am ready to buy some computer parts to build a new UTM. What suggestions do you have for me? I was thinking of AMD Ryzen but I don't know which one to get.

    If I stick with Untangle and want 1gb throughput what kind of CPU and memory should I be looking for? I would guess that hyper threading is not necessary, and 2x4gb= 8gb memory should be enough.

    Your thoughts?
     
  2. IdiotInCharge

    IdiotInCharge Not the Idiot YOU are Looking for

    Messages:
    7,511
    Joined:
    Jun 13, 2003
    I'm using an Atom-based unit that has AEX-NI- the common appliances with the Celeron J1900, also Atom-based, lack this. Pros for using the appliance include being completely fanless, and the better ones give you options like mirroring system drives with ZFS and the like, if you're using pfSense for example instead.

    I'm actually only using Untangle because I couldn't get Sophos XG to run on my appliance, and because pfSense/OPNSense did not support passive filtering as an IPS only, as they don't support filtering on a bridged interface, and beyond that setting up pfSense/OPNSense using a bridge seemed to be broken from an installation perspective. My Linux-fu is most certainly not up to the task of navigating that, and since none of these options (barring XG) are as slick and easy to set up and use as Untangle, I just went with that.

    Note that I'm using a passive filtering bridge because I have an Edgerouter 4 doing edge firewalling, routing, and DHCP; the Untangle appliance is just doing IPS and QoS. In this configuration it should be able to support 1Gbps, but I haven't bothered to step up to those linespeeds as I can only get that for downloads with Spectrum cable.

    Here is the appliance I'm using, which is basically a Chinese-sourced part that's sold by a US company in California.

    Doing it again, I'd step up to an i5-based unit like the this one, which wasn't out when I ordered mine earlier this year, and I'd probably just get it of AliExpress. I'd put 8GB of RAM in it and put in same-sized Samsung 860 MSATA and 2.5" drives, one each*, and roll a pfSense build on a drive mirror. Or hell, roll ESXi, and virtualize pfSense and whatever else is needed; in my case, that'd be pi-hole, the Unifi controller, and Ubiquiti's UNMS software for the Edgerouter, all probably in a Ubuntu 18.04 LTSB Server instance alongside the router VM.

    Not the cheapest solution but certainly performant, compact, low-power and silent.

    *[do note that when I installed Untangle, there was no support for installing on a ZFS mirror, which is what I'd want to use the dual drives for on a different distro]
     
    Pocatello likes this.
  3. FNtastic

    FNtastic Gawd

    Messages:
    873
    Joined:
    Jul 6, 2013
    http://pcengines.ch has capable hardware. I think they're about to release their apu4? The apu2 has no trouble with gigabit.
     
  4. Pocatello

    Pocatello DC Moderator and [H]ard DCOTM x3 Staff Member

    Messages:
    6,054
    Joined:
    Jun 15, 2005
    Can something like this box handle Untangle's UTM at gig speeds: https://www.amazon.com/Windows-Firewall-Qotom-Q370G4Y-I7-4610Y-Aluminium/dp/B078TFYZFB


    I had assumed (wrongly) that I had to build my own server machine to run a fast Untangle. But these tiny little devices seem to run things fine... and they are cheaper than building my own box. How can that be?
     
  5. IdiotInCharge

    IdiotInCharge Not the Idiot YOU are Looking for

    Messages:
    7,511
    Joined:
    Jun 13, 2003
    It should- and at least with Amazon, you can return it if it doesn't.

    [the how's and why's- these things are mass-produced in China]
     
  6. goodcooper

    goodcooper [H]ardForum Junkie

    Messages:
    10,286
    Joined:
    Nov 4, 2005
    That seems crazy cheap if it includes the ram and ssd
     
  7. Pocatello

    Pocatello DC Moderator and [H]ard DCOTM x3 Staff Member

    Messages:
    6,054
    Joined:
    Jun 15, 2005
    Does Qotom include the rice grain sized networking CPU stuff that phones home to China?
     
  8. Pocatello

    Pocatello DC Moderator and [H]ard DCOTM x3 Staff Member

    Messages:
    6,054
    Joined:
    Jun 15, 2005
    I bought one. Shipping from China takes about 3 weeks or so. Thanks for the help!
     
    IdiotInCharge likes this.