untangle firewall

[annilation]

I have used smoothwall, astaro, ipcop, and clarconnect before and really like smoothwall. It was dead stable. I had it on a 450mhz on a cardboard box in the top of my closet and that thing just kept going. I ended up not setting up that box when I moved like 6 months ago. I was looking at untangle for a firewall cause it looks like a very nice setup. Anyone have any experience with it? Or should I look at going back to smoothwall.

 

[YeOldeStonecat]

It's awesome. It's a full UTM appliance (unified threat management). Antivirus, strong IDS, anti-spam, anti-ad/spyware, VPN. Stuff you'd want to run a business network behind.

It's like IPCop with the Copfilter add-on, or Endian..just...in a much more modernized package.

You'll want more horsepower than that current rig you specifiy when you run these UTM appliances....they do a lot more than the standard old distros like m0n0wall, smoothwall, pfesense...and those other ones that are barely much more than just a NAT router.

Current version is lacking QoS though..but it's a feature they're adding soon.

 

[TechLarry]

I had never heard of this until just catching it in passing in this post.

I went to the page and looked it over.

My god. This thing looks bloody amazing!

It will be a lot of work for me to test it, and I'd have to determine if it will be better than my beloved DLink DGL-4300.

Has anyone done any wan-to-lan and lan-to-wan thru-put testing? I need hefty amounts of thru-put that few routers can provide (the DGL-4300 does in spades).

I'll come up with a list of "Can it do this" type of questions to help eval better before diving in.

 

[TechLarry]

Can this be run "Headless" ?

In other words, once the basic install is done, can you take the monitor, keyboard and mouse away and manage it 100% remotely ?

 

[YeOldeStonecat]

Throughput depends on the hardware that you run it on. Figuring most of us install these linux distros on at least a mid-range Pentium 3, with 512 megs or more...it will run circles around any home grade broadband router without even breaking a sweat. It'll even smoke pretty much any business grade router that you'd spend 5 grand on. But if you want to use any of the UTM features like antivirus scanning, deep SPI, IDS, anti-spam, browser ad/spyware blocking...you should go with a P4..and a gig.

If memory serves me correct..the 4300 had around 80 or 90 megs of throughput, I believe DLinks newer model, the 655, is around 180-200 megs of throughput. All are well above what most people have for broadband.

If it will run headless or not...that's up to your hardware, the motherboard you use. Some do, some dont. It's not up to the linux distro though...it'll happily run with KVM, as you manage it via a web browser.

 

[TechLarry]

Cool.

Sounds like a perfect reason to try one of those small SFF boxes.

Toss in a low-end Core-2 Duo, a gig of RAM, and the on-board video would be fine.

Only problem is can you put two NIC's in one of those. I don't like on-board NIC's. I prefer NIC's, like the Intel Pro/1000 that offload the NIC duties from the processor.

 

[YeOldeStonecat]

Only problem is can you put two NIC's in one of those. I don't like on-board NIC's. I prefer NIC's, like the Intel Pro/1000 that offload the NIC duties from the processor.

The better ones have solid onboards, the couple that I use for playing around with *nix distros have built in Intel Pro NICs. Hardware controller based. Newer ones integrated with the chipset will run circles around prior generations. Not all onboard NICs should be thought of as the equivelant of a winmodem.

 

[annilation]

Yeah im debating one of those sff boxes. I have a p4 3GHz (sckt 478) and a p4 820d sitting on my desk with no home. I also have a 2.8GHz celeron (478) with micro atx board. Might be something to look at. I do want something small and quiet.