Options

Untangle

Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
in Off-Topic
Hey guys,

The boss wants us to pull out our Cisco ASA 5505 out and toss in something with Unangle on it. Essentially somes of the sales team heard a pitch and love it. So they want us to start using it.

I played with it a couple years ago and it was nice. But it used PC hardware, so it didn't interest me. But since now management is pushing for it. I have to look for ways to make it work.

Can anyone recommend a cheap piece of hardware for Untangle to run on? Something with high uptime and a couple NICs.

Clearly our goal is complete with low end Sonicwall and 5505s.

Thoughts?
-Daniel
· Share on FacebookShare on Twitter

Comments

  • Options
    gatewaygateway Member Posts: 232
    To be honest, it could run on most hardware, especially older generation, but then again it depends on what kind of resilience you're after. Does it matter for example if you don't have dual PSU's?

    How many connections are likely to be going through it? Is it just for a small business?

    Would This do? It's only a tower server with a single PSU, but is more than capable of doing the job. Stick another 1gb of ram in, RAID 1 the HDD's and add another GB NIC and you're good to go. Prob best to check hardware compatibility first though ;)

    Probably a moot point, but ClearOS is better IMO, Untangle for example doesn't allow IPSec VPN Support. ClearOS comes with proxy, content filter, IDS, AD support and they work really well.

    HTH
    Blogging my AWS studies here! http://www.itstudynotes.uk/aws-csa
    · Share on FacebookShare on Twitter
  • Options
    phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    Daniel333 wrote: »
    Hey guys,

    The boss wants us to pull out our Cisco ASA 5505 out and toss in something with Unangle on it.

    Why not keep the ASA and use Untangle also? It's what I did at one point but I used Endian instead.
    · Share on FacebookShare on Twitter
  • Options
    terryferaterryfera Member Posts: 71 ■■■□□□□□□□
    Don't you love when the non-IT people get it in their head that they know a better product to do a job they had no idea existed until the sales person told them about it?

    I've used these before for open source firewalls (Vyatta, pfSense, Astaro) and thought they were great. Only issues is not having redundant power.Good for a smaller office, a larger one may want something with a little more power.

    Newegg.com - SUPERMICRO SYS-5015A-EHF 1U Barebone Server Intel Atom D510 processor

    And like phoeneous said, depending on what they're looking for you may be able to keep the ASA and add in the untangle box.
    · Share on FacebookShare on Twitter
  • Options
    AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    I use Untangle at home, for SOHO it's not a bad solution but I wouldn't replace an ASA with it.
    But remember the ASA is 'just' software also. It has no hardware acceleration and no real advantages over something running on a PC beyond a native OS and the quality of the software itself. The 5580s are running on AMD Opteron CPUs, the new 5585s are Intel Hexacores...essentially low end server hardware.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • Options
    shodownshodown Member Posts: 2,271
    We have been having problems with Untangle boxes with VPN's. They have a problems with passing video traffic through them with the way they pass routes. Just a heads up.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    · Share on FacebookShare on Twitter
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Ahriakin wrote: »
    I use Untangle at home, for SOHO it's not a bad solution but I wouldn't replace an ASA with it.
    But remember the ASA is 'just' software also. It has no hardware acceleration and no real advantages over something running on a PC beyond a native OS and the quality of the software itself. The 5580s are running on AMD Opteron CPUs, the new 5585s are Intel Hexacores...essentially low end server hardware.

    In essence you are paying for supportability. If you biff your ASA or Juniper you can get very expert help quickly. All those weird little VPN problems, Cisco and Juniper have a way to fix them.
    · Share on FacebookShare on Twitter
  • Options
    AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    it_consultant wrote: »
    All those weird little VPN problems, Cisco and Juniper have a way to fix them.

    They're not perfect either :) (hence my near 4 weeks of mixed double-days and overnights trying to install some 5585s...and now vowing never to go there again)
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Yeah, my coworker and I were setting up a WG firebox with vpns to a couple of different locations which were talked to by various different medical imaging devices. It took a long time but eventually we got it to work. Without competent staff at the other offices we were connecting too and manufacturer support, it would probably have been an impossible task.

    The main problem with that project was that Cisco and WG use different terminology. The "gateway" in WG is roughly akin to the "tunnel IP" in WG.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.