Understand Untangle/pfSense?

E

ericmachine

n00b
Joined
Aug 14, 2012
Messages
33
Hi everyone,

FYI, I have 1 HQ and 1 branch. In HQ we have 10 people, plan to expand to 30 people by next year. In branch, it will be based in Australia (different country) and will have 15 people max.

My objectives are:-
- understand my workforce what they are surfing during work house in case they can't perform at work
- disable certain websites, like porn sites, etc or block facebook during working hours
- QoS priority for outbound calls to VOIP partners (we use VOIP and FOIP at office)
- SSL VPN (so we can work remotely anywhere)
- Site-to-Site VPN (plan to setup for HQ and branch)

I need a solution that can also as below:-

a) works well with linux and apple, probably can link up with Linux OpenLDAP or something instead of tracking by IP address?
b) appmonitor - blocks facebook, facebook chat, block urls
c) anti-virus and anti-spyware
d) QOS - used for outbound SIP calls, priority port 5060
e) SSL VPN, - with apps on iPhone and iPad, Apple Macs to connect
f) IPSec VPN (site-2-site vpn between HQ and branch)
g) basic wan acceleration

At first I am evaluating Palo Alto PA-500 for my company. But it's rather overkilled for my company and really costly. Then I was recommended to look at Dell Sonicwall NSA2400. It looks okay but the optional reporting module only works with Windows Server 2008. However Sonicwall's vendor claimed they can do the above.

We don't use windows here. Most of our servers are either using Centos5.7/5.8 or Ubuntu 10.04 (total 5 servers) at our in-house server room. All our clients are using Macs (mostly lion and 1 mountain lion). We have 2 ubuntu 12.04 desktops mostly on testing purpose.

I need to find an alternative solution that is less costly. I was recommended by ubuntu forum about untangle, zentyal, pfsense and vyatt over sonicwall.

But untangle, zentyal, pfsense and vyatt seem similar to me. So which one should I use? Or which one should I combine with?

I think I need pfsense as firewall, untangle as UTM, maybe Zentyal for DNS and other features? hmm?

Any help from this forum? Thanks in advance.
 
Untangle, will do it all i am pretty sure.. OpenVPN is encrypted... you can use directory connector and policy manager to group people into racks based on users / groups or IP.

you can filter all the sites you wish.

pfsense can do it as well, with dans guardian and such, but i dont have alot of experience with it

I use Untangle on my workstation network and pfsense on all of my servers networks.

Untangle can do firewall and UTM all at once, you dont need to use pfsense for firewall and UT as a UTM in bridged mode.. your just adding more work and possible problems to the network
 
OpenVPN is ecrypted, so they are same with SSL VPN? any SSL VPN client for iPhone/iPad/Macs?

for directory connector and policy manager, do they come with Untangle? or i have to download separately and install on separate boxes?

If I want to use the untangle software iso version, is that free or paid subscription? any open source version?

What kind of min. system requirements needed to install Untangle? Does it has to be an advance server? Any help?

last question, i noticed zentyal is more like all in one server. There's DNS and other things in there. I have yet to setup DNS, and I wonder whether zentyal can work closely with untangle. Else I will have to install DNS Bind by myself (a lot of work).

Any help? Thanks.
 
Untangle will not be able to allow ipads/iphones to connect from the outside, it does not have an SSL VPN client...it uses OpenVPN (with the free package) and optionally has an IPSec VPN module with some paid bundles.

To track website usage in reports and see usage by usernames...you use the directory connector which needs active directory in your network to track users. It's also in paid for modules.

Untangle does have a "Lite" version which is free. You can do a trial of all the paid for modules to see how they work for you.
 
hmm if there's no SSL VPN client, so how can my ipad/iphones access OpenVPN? via web browser or something?

I don't use windows, all linux and macs. Can I install any openldap or something to able to do the directory connector thing?
 
It's possible the IPSec will be compatible with the iOS built-in client with some fooling around (it does with pfSense or real Cisco stuff), but basically if you only use OpenVPN that won't be an option.

If that is a requirement and Untangle's IPSec doesn't work for iOS then you're stuck with pfSense or a more enterprise product that has a supported VPN implementation with an app in the App Store (Cisco, Juniper, et al.)
 
You must log in or register to reply here.
Back
Top