You probably don’t know this but I have a fairly extensive background in IT security. That, along with my attraction towards open-source means that I have tried nearly every free edge security offering out there for my home. And because I know what lurks out there in the wild, I have a fairly stringent set of requirements that includes:
- Layer 7 Application Firewall
- URL Filtering
- Intrusion Prevention
- DDOS Protection
- Malware Detection
- Remote Access and Site-to-Site VPN
- Unified Interface
The problem here is that these features for the most part are commercial features and cost money. In some cases…lots of money. There is also the question of quality. Just because somebody says their product provides URL filtering for example doesn’t mean it’s very effective.
So with all of this in mind, I have been on the lookout for a quality edge security product that won’t break the bank and I finally found it: Untangle.
Now just to be clear, Untangle has been around for a loooong time. I thought it was decent years ago but to get the really solid features it cost more than I was willing to spend. I also had the free Sophos appliance running for some time but the new version (XG1) was just too buggy and unreliable for me. Plus they’ve had numerous issues with their application firewall engine that they either don’t care about fixing or just can’t fix. There have been others too, such as the well-known pfsense but in that case the features still resemble a Linux computer with all the separate components running independently (did I mention I want a unified interface experience?). I’ve also had a Cisco ASA (no UTM features), Meraki MX (expensive), etc. running my Internet connection at one point or another but I have not been happy with any of these.
So after much searching and testing, I just happened to check out Untangle and what did I find? A Home license that gives me all of the advanced feature subscriptions for $50/year! For $50, it was worth giving it a try and I have to say, Untangle did not disappoint!
Starting with the installation, it’s an .iso that you can install on either bare metal or do as I did and create a Linux VM and install on top of that. Here is my VM configuration:
- Other 2.6x Linux 64-bit
- 4 vCPUs
- 6GB memory
- 100GB HDD
Note that these specs exceed the recommend minimums so you can go smaller if you want. I have a lot of features running so I gave it some power under the hood to do that.
Once you get it installed and run through the basic installation, you pick your apps and get them going. If you know what you are doing then you can “optimize” the settings if you like. If you are uncomfortable doing that then the defaults are probably good for most people (yeah…I optimized lol).
Once you get to that point you are basically done. Log into the device and the first thing you will see if a very nice and useful dashboard, which can be customized by adding/removing pre-built widgets:
Next comes the apps. You will be presented with a large list of apps to install in your Untangle. Nearly every one of these is included with the Home license (check here to see all the apps that are included) but there are a couple that are only available as the “Lite” version. Here is what I have installed:
The one (and only) app that I have been disappointed with so far is the SPAM filter. My disappointment isn’t so much with the functionality of the app but rather the complexity of how to configure it. For the typical home user or even somebody who is technically proficient, this might be too complicated. Looking through the forums, it clearly seems to be the one app that draws the most questions. Another thing about the app is that it doesn’t not filter encrypted email, which is more and more common these days. I use Office365, which is encrypted to the server so all of my email bypasses the SPAM filter. If you aren’t using encrypted email then it might work just fine for you if you can get it setup.
Here is the list of remaining apps that I can install as needed:
And the reports page, which has over 230 pre-built reports you can run at any time.
As far as business use goes, I would give Untangle a thumbs-up too. Now I probably would not recommend it for an enterprise deployment or anything even close to that size without some real performance testing but for a small-medium sized workload I think it will perform fine. Obviously you would need a commercial license rather than the home version but I think at that point the price is still more competitive than most. You can also purchase their hardware appliance with Untangle pre-installed.
One other very cool thing I found (and IS included with the Home license) is their cloud portal, which individual deployments will report up to so you can have visibility to all deployments globally through a single interface. Similar to Meraki, this is very appealing to organizations that are distributed and have many locations to support, such as retail for example. I don’t know if there is an additional cost for this feature with a commercial license but it was free for me to register my Home licensed device to use the portal.
From what I can tell there isn’t any management capability yet. There is a policy section that requires the Untangle appliance to have the Policy Manager app to use, which I have installed but the portal reports that I do not so I am unable to get a feel for what the policy section of the cloud portal really does. It’s not worth the time to me to create a support ticket since this Untangle is for my own personal use so hopefully an update will resolve this issue in the near future because I would like to see what the policy section can do.
Visit Untangle here: https://www.untangle.com