Untangle Worth it for Home Network?

[Zarathustra[H]]

Hey all, I recently came across untangle and it looks really cool.

I've been toying with the idea of replacing my Netgear WNDR3700 (currently only serving as wired router and gigabit switch) with an Untangle box.

Question is, is it worth it? What do you guys think?

Obviously, only the free "Lite" version would be worth it, as the others are priced ridiculously for non business use.

Does anyone have experience with the "Lite" version? I've had a hard time figuring out from their webpage how the features of the "Lite" compare to the others, particularly how Spam Blocker Lite, Web Filter Lite and Virus Blocker Lite compare to the full versions of each.

Is the untangle router any good? How do its management features compare with consumer solutions?

The new web caching feature seems really cool too, especially when multiple systems grab the same large updates or download the same steam games, but at $54/year it seems a bit excessively priced for home use, so I'd probably just be sticking with the base free version.

My home network is below. Appreciate any input.



(Click for larger)

 

[YeOldeStonecat]

I've installed dozens of the free versions, and probably near a dozen of the paid for versions..usually the Govt'Education premium bundle.

This is a product designed for businesses, not home users. It's a "UTM appliance". You don't see many people run Sonicwalls and Barracuda or Fortinet products at home.

The differences in the modules are explained fairly well on their website as you look at the description of each module.

Virus...lite version is based on Clam, full version is based on Authentium (new this year, prior to this used to be Kaspersky)

Spam blocker...lite version is based on a bunch of open source products, full version adds the enterprise product called CommTouch

I forget the web filter technology used in the paid for product...name escaping me at the moment.

IMO, it's overkill for most home users. But then again..a lot of tech guys love to have overkill networks at home...I've run UT at home now and then...I frequently try different *nix distros.

Interface is a bit more daunting and complex than the typical Nutgear or Stinksys home grade router. But it's all GUI accessible through your browser...you can expose the advanced features if you dig around enough.

 

[dashpuppy]

I've installed dozens of the free versions, and probably near a dozen of the paid for versions..usually the Govt'Education premium bundle.

This is a product designed for businesses, not home users. It's a "UTM appliance". You don't see many people run Sonicwalls and Barracuda or Fortinet products at home.
.

there is a exception for me tho right ? ( points to sonicwall TZ210 ) lol

 

[YeOldeStonecat]

there is a exception for me tho right ? ( points to sonicwall TZ210 ) lol

Eeewww....I shun you!

 

[dashpuppy]

Eeewww....I shun you!

Untangle doesn't do vlans

 

[Zarathustra[H]]

I've also recently found that it does not do upnp. Not a bad idea for its intended corporate audience, but with three gaming rigs and two xboxes on my network, the lack of upnp may be the deal breaker.

 

[YeOldeStonecat]

I've also recently found that it does not do upnp. Not a bad idea for its intended corporate audience, but with three gaming rigs and two xboxes on my network, the lack of upnp may be the deal breaker.

I have not had a problem gaming behind it....nor has the boy with his PC games and his XBox gaming. I did the usual Battlefield 'n such online games through it just fine. If you're doing hosting of game servers from behind it..simply do the port forwarding.

 

[Zarathustra[H]]

I have not had a problem gaming behind it....nor has the boy with his PC games and his XBox gaming. I did the usual Battlefield 'n such online games through it just fine. If you're doing hosting of game servers from behind it..simply do the port forwarding.

I don't play Xbox games myself, but we have two of them in the house and they are often used at the same time by my stepsons.

The only way I find online to get them to work fully is to forward all xbox ports to the xbox. This obviously wouldn't work if you have two of them...

If you don't, you supposedly get the following error:

Your NAT type is set to Strict (or Moderate).

If you are on a network with this NAT type, you might not be able to join certain games or hear other people while playing online.

At least according to this guy

 

[calvinj]

IMO, it's overkill for most home users. But then again..a lot of tech guys love to have overkill networks at home...I've run UT at home now and then...I frequently try different *nix distros.

There is no kill like over kill. Which is why I'm running a Cisco 3725 Router at home.

I don't think it's a bad product for home if you really want to play with it. The setup the OP has would be just as good with a (Insert Home Wireless Router Here).

 

[timreichhart]

have you looked at pfsense or clearos?

 

[YeOldeStonecat]

The only way I find online to get them to work fully is to forward all xbox ports to the xbox. This obviously wouldn't work if you have two of them...

If you don't, you supposedly get the following error:

The strict NAT stuff...yeah....some routers that are not "x box compatible" give issues..older Netgears routers were notorious for that.
Gotta set the MTU to 1384 on them (which kills performance for everyone else)..and port forward tcp 88 and udp/tcp 3074 to the XBox.

Single WAN Port basic NAT devices...can only forward a specific port to 1x internal IP at a time. So yeah I don't know what to say about 2x XBox's.

 

[Zarathustra[H]]

I don't think it's a bad product for home if you really want to play with it. The setup the OP has would be just as good with a (Insert Home Wireless Router Here).

I picked up the WNDR3700 as I was pretty much told by everyone that it was the best consumer router at the time.

It has disappointed me a lot since.

I no longer use it for wireless, and instead have a Ubiquiti Unifi which is orders of magnitude better signal wise. Right now it is serving as a wired only router in my basement.

It has some limitations that I am hoping to get around:

1.) NAT table size. Refreshing steam server lists will bring it down, especially with multiple steam machines in the house. Yes, I can do the workaround of lowering steam network speeds, but then it refreshes slower. I want something with a positively HUGE NAT table so that I can't possibly override it with 3 desktops, 2 linux servers, 4 laptops, 3 consoles and 4 smart phones.

2.)I don't like the data tracking and trending features of it. I find it difficult to tell when new clients have connected to the network, and tracking down who they are and what kind of traffic they have used. I tried using DD-WRT on it for a while, but found DD-WRT was even worse in this regard. Maybe I'll try Open WRT instead...

Another alternative could be pfSense.

 

[YeOldeStonecat]

Another alternative could be pfSense.

Pickup a little Atom D510 or D525 unit...2 gigs of RAM, pair of Intel NICs...slap on PFSense, and you've got all the power that a 10,000 employee fortune 500 company needs for their edge device.

Got a spare biz grade laptop? Slap in a PCMCIA NIC...install PFSense...there ya go! An edge device with a built in keyboard/monitor/video, built in battery backup, and small power consumption, small amount of space taken, relatively quiet. Older IBM Thinkpad T20 and T40 series work great! And you can pickup used ones for about 100 bucks on fleabay.

 

[timreichhart]

Thanks for taking my advice for my idea for pfsense.

 

[Zarathustra[H]]

Thanks for taking my advice for my idea for pfsense.

I appreciate the suggestion. Actually didn't see it until now

 

[Zarathustra[H]]

Pickup a little Atom D510 or D525 unit...2 gigs of RAM, pair of Intel NICs...slap on PFSense, and you've got all the power that a 10,000 employee fortune 500 company needs for their edge device

Would an AMD E-350 be overkill?

 

[Ehren8879]

I picked up the WNDR3700 as I was pretty much told by everyone that it was the best consumer router at the time.

It has disappointed me a lot since.

...
It has some limitations that I am hoping to get around:

...

Maybe I'll try Open WRT instead...

Try installing the Gargoyle firmware on your 3700. It's what I used on mine and it worked wonderfully. then I built a pfsense box.

 

[YeOldeStonecat]

Would an AMD E-350 be overkill?

Not overkill...it's similar to Atoms..
Heck I've run PFSense for my home LAN once on an IBM X-series 1U rack mount server with dual Xeons...lol.

 

[dashpuppy]

Not overkill...it's similar to Atoms..
Heck I've run PFSense for my home LAN once on an IBM X-series 1U rack mount server with dual Xeons...lol.

Now that's [H]

 

[altivec]

Not overkill...it's similar to Atoms..
Heck I've run PFSense for my home LAN once on an IBM X-series 1U rack mount server with dual Xeons...lol.

Near the same, running pfSense on 2600k in a HA Vmware Cluster with shared storage.

 

[RocketTech]

Running pfSense here on PowerEdge 1750 dual Xeon 3.06GHZ, 4GB, 2x36GB 15,000RPM in RAID 1, redundant PS. Overkill or Future-proof?

 

[athlon1.2]

Running pfSense here on PowerEdge 1750 dual Xeon 3.06GHZ, 4GB, 2x36GB 15,000RPM in RAID 1, redundant PS. Overkill or Future-proof?

Perfect for a heavy squid + snort workload.

 

[YeOldeStonecat]

Running pfSense here on PowerEdge 1750 dual Xeon 3.06GHZ, 4GB, 2x36GB 15,000RPM in RAID 1, redundant PS. Overkill or Future-proof?

Overkill....the IBM I had had some 15k drives RAID 1...also 3.06 Xeons..pretty much same specs, just different brand. but it was just noisy, belched heat into my office, and jacked up my electric bill.

The old Atom 410 will have PFSense push over 250 megs throughput with Snort loaded to the gills.
http://www.smallnetbuilder.com/secu...wn-ids-firewall-with-pfsense?showall=&start=1

 

[u3b3rg33k]

I love my UT box - running on a dual 2.8GHz Xeon (netburst) rig. I do run real services though, so it's not entirely foolish. UT isnt really a router, it's more of and edge device - if you want routing, head over to pf sense, and run UT in bridge mode. You can run them both on the same box in VMs (esxi).

The attack blocker function is pretty cool. I tried brute forcing some of my passwords from outside, and it shuts that down right quick.

 

[Zarathustra[H]]

Pickup a little Atom D510 or D525 unit...2 gigs of RAM, pair of Intel NICs...slap on PFSense, and you've got all the power that a 10,000 employee fortune 500 company needs for their edge device.

Got a spare biz grade laptop? Slap in a PCMCIA NIC...install PFSense...there ya go! An edge device with a built in keyboard/monitor/video, built in battery backup, and small power consumption, small amount of space taken, relatively quiet. Older IBM Thinkpad T20 and T40 series work great! And you can pickup used ones for about 100 bucks on fleabay.

So it looks like there are a few Atom D525 boards with dual Intel 82574L gigabit Ethernet ports. Is anyone familiar with the 82574L chips? Are they reliable enough for pfSense use, or are they going to be more like that Realtek garbage most low cost boards have?

Otherwise my plan was to go with my E-350, but its on board realtek ethernet is crap, so I'd have to get something like a dual port Intel EXPI9402PTBLK, but that costs about as much as the Atom motherboard with dual 82574L ports...

I could always use the E-350 for something else, as long as the Intel EXPI9402PTBLK doesn't perform WAY better than the Intel 82574L. Last thing I want to do is slow down my internet access...

 

[/usr/home]

I run a Mikrotik router with Untangle for filter. I love my Mikrotik. I would use a Cisco router but I can justify it when using my Mikrotik. I find the CLI intuitive like IOS. Not as good, but it's pretty close and really good for the money.

 

[jadams]

I have not had a problem gaming behind it....nor has the boy with his PC games and his XBox gaming. I did the usual Battlefield 'n such online games through it just fine. If you're doing hosting of game servers from behind it..simply do the port forwarding.

You play Battlefield? GASP! Theres hope for you after all

Probably 1942 old school style though huh?

 

[athlon1.2]

I think you are talking about the SuperMicro board with the dual Intel NIC? Double check it supports KVM in the IPMI and if it does I would without a doubt go with that.

 

[jadams]

http://battlelog.battlefield.com/bf3/user/YeOldeStonecat/

I stand corrected.... I bow to your awesomeness!

 

[Zarathustra[H]]

KVM in the IPMI

Please explain. I don't know what this is.

KVM?

I usually just do all my configuration up front, and then carry the server to where it's going to reside and run it completely headless. (no mouse, keyboard or monitor). The only access is SSH.

 

[athlon1.2]

Same thing except you can do it over the network.

 

[Zarathustra[H]]

Same thing except you can do it over the network.

Interesting.

What hardware do you need to set it up?

Also, does it work in Bios?

 

[Deleted member 12106]

I love my UT box - running on a dual 2.8GHz Xeon (netburst) rig. I do run real services though, so it's not entirely foolish. UT isnt really a router, it's more of and edge device - if you want routing, head over to pf sense, and run UT in bridge mode. You can run them both on the same box in VMs (esxi).

The attack blocker function is pretty cool. I tried brute forcing some of my passwords from outside, and it shuts that down right quick.

I played with UT and pfsense and couldn't get them to work on esxi. This was on esxi 3.5 I think...IDK. I use UT at home and think it works great.

Interesting.

What hardware do you need to set it up?

Also, does it work in Bios?

Some come integrated into the mobo.

yes, you can get into the bios, its like sitting at the console...

 

[jadams]

the whole reason I never wanted to run Untangle was because of its hardcoded puny state table... last i looked it was only 10,000, which is not accceptable.

If you run it in bridge mode behind pfsense... it would bypass this?

 

[Exavior]

I was looking at untangle then found Ipfire. I like it much more, still free, lot more features and better configuration in my opinion.

 

[YeOldeStonecat]

You play Battlefield? GASP! Theres hope for you after all

Probably 1942 old school style though huh?

I built and ran a few of those servers...but I got BF3 a few days ago....got about an hour or two into that game...probably catch on. Didn't like BF2 much.

 

[mmmmmdonuts]

Interesting.

What hardware do you need to set it up?

Also, does it work in Bios?

Basically IPMI allows you to remotely access, monitor and turn on/off and reset the computer over your network rather than having It requires no hardware to setup, except an ethernet connection to the LAN port, but in the case of the Atom supermicro boards they are vLANs so no need for an additional connection.

I personally pfsense for about a year with the D525 board. It is almost like it is built for pfsense.

 

[u3b3rg33k]

the whole reason I never wanted to run Untangle was because of its hardcoded puny state table... last i looked it was only 10,000, which is not accceptable.

If you run it in bridge mode behind pfsense... it would bypass this?

Only? what on earth are you doing? 10k concurrent connections is enough for an entire school district.

 

[Zarathustra[H]]

Only? what on earth are you doing? 10k concurrent connections is enough for an entire school district.

Or about one steam PC refreshing server lists...

 

[ThreeDee]

lol .. I think I might be the only guy here that runs Smoothwall Express?

.. very easy to customize, add what you want it to do.. and very free