Gadgetman: Untangle Review – One Year On

Over the past 10 months or so I have been running a Linux based Internet Gateway to help protect my network, and more importantly the users on it, from the threats that lurk on the big bad interaweb.

I originally found out about Untangle whilst looking into ISA Server, and what I found was a Linux based system that can run on nearly any hardware and still provides more features than ISA Server, and best of all is free! (well, free as in Open Source).

You can read about my original impressions on Untangle here.

Having migrated through a few different servers, the outcome after nearly a year is a network free of any spyware, viruses or attempted break-ins. Compared to the years before that when I had to regularly rebuild PC’s from scratch to ensure I got rid of virus infections, it was a much better year.

I am now running Untangle on a Shuttle XPC, a SD36G5M, which has a Pentium D 3.0Ghz (the Pentium D is a dual core model, not a hyper-threaded model), 2GB RAM and a 80GB hard drive.  I have run Untangle on a P3 1.26Ghz machine and it flys on both configurations.

I have tested my network connection through SpeedTest and Untangle makes no difference to my throughput.  (For reference I have a residential ADSL2+ service which is connection to a roadside cabinet rather than an exchange, and I get about 13Mb/s downstream).

Of course it needs two NIC’s so I use the built in Gigabit Ethernet to connect to the LAN and a second NIC for connection to my ADSL modem. The Untangle site has a nice diagram to show it all:

The services offered by Untangle depend on if you go for the free version, or stump or for some paid for services. For my situation, a home environment with less than 10 workstations, I was more than covered by the free modules, which include (amongst others):

• Web Filter – does what you would think, that is runs all web requests through a filter and either allows or denies the request. By default is blocks sites like porn, gambling, etc, but the lists are completely configurable, like a lot of Untangle things! I use this quite a lot to tweak my settings. Strange sites like miniclip.com and pricespy.co.nz don’t work without being added, and both are fine.
• Protocol Control – This allows fine control over the protocols passed and/or blocked by Untangle. There are about 100 protocols listed by application, such as peer-to-peer (Bittorrent, LimeWire etc), chat (MSN etc), etc etc. This allows blocking all traffic of one type at a central point, and reports to be generated on these blocked protocols by user.
• Spam Blocker – Scans all mail and checks it against a spam database, and either marks the email and allows it through or deletes it.
• Reporting – One of the best parts of Untangle is that it can generate daily and weekly reports by module by user, giving full insight into who used by the most data, the most popular sites etc. Reports can be emailed or viewed through the web interface. The reporting module also allows users to be defined by static IP addresses to make per-user reporting possible.

Untangle can be accessed from either the machine it is installed on, or via a web interface, which provides full control over all aspects, including configuration, reporting, upgrading and even rebooting.

Overall Untangle provides everything I need, bar one feature – a caching proxy. It is possible to manually add one such as Squid and it can help reduce data usage and therefore costs. There is even a blog post which shows how to use it to cache Windows Updates, a bit like a WSUS server!

Whilst I only have a very small LAN there are users in the Untangle forums who have networks of over 1000 machines protected.

So if your serious about the security of your machines, or just want visibility of whats happening and by who, I would definitely recommend Untangle. It’s free, it works, and it doesn’t require a massive PC to work on.