Untangle

Hey guys,

The boss wants us to pull out our Cisco ASA 5505 out and toss in something with Unangle on it. Essentially somes of the sales team heard a pitch and love it. So they want us to start using it.

I played with it a couple years ago and it was nice. But it used PC hardware, so it didn't interest me. But since now management is pushing for it. I have to look for ways to make it work.

Can anyone recommend a cheap piece of hardware for Untangle to run on? Something with high uptime and a couple NICs.

Clearly our goal is complete with low end Sonicwall and 5505s.

Thoughts?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

gateway

To be honest, it could run on most hardware, especially older generation, but then again it depends on what kind of resilience you're after. Does it matter for example if you don't have dual PSU's?

How many connections are likely to be going through it? Is it just for a small business?

Would This do? It's only a tower server with a single PSU, but is more than capable of doing the job. Stick another 1gb of ram in, RAID 1 the HDD's and add another GB NIC and you're good to go. Prob best to check hardware compatibility first though

Probably a moot point, but ClearOS is better IMO, Untangle for example doesn't allow IPSec VPN Support. ClearOS comes with proxy, content filter, IDS, AD support and they work really well.

HTH

terryfera

Don't you love when the non-IT people get it in their head that they know a better product to do a job they had no idea existed until the sales person told them about it?

I've used these before for open source firewalls (Vyatta, pfSense, Astaro) and thought they were great. Only issues is not having redundant power.Good for a smaller office, a larger one may want something with a little more power.

Newegg.com - SUPERMICRO SYS-5015A-EHF 1U Barebone Server Intel Atom D510 processor

And like phoeneous said, depending on what they're looking for you may be able to keep the ASA and add in the untangle box.

Ahriakin

I use Untangle at home, for SOHO it's not a bad solution but I wouldn't replace an ASA with it.
But remember the ASA is 'just' software also. It has no hardware acceleration and no real advantages over something running on a PC beyond a native OS and the quality of the software itself. The 5580s are running on AMD Opteron CPUs, the new 5585s are Intel Hexacores...essentially low end server hardware.

shodown

We have been having problems with Untangle boxes with VPN's. They have a problems with passing video traffic through them with the way they pass routes. Just a heads up.

it_consultant

Ahriakin wrote: »

I use Untangle at home, for SOHO it's not a bad solution but I wouldn't replace an ASA with it.
But remember the ASA is 'just' software also. It has no hardware acceleration and no real advantages over something running on a PC beyond a native OS and the quality of the software itself. The 5580s are running on AMD Opteron CPUs, the new 5585s are Intel Hexacores...essentially low end server hardware.

In essence you are paying for supportability. If you biff your ASA or Juniper you can get very expert help quickly. All those weird little VPN problems, Cisco and Juniper have a way to fix them.

Ahriakin

it_consultant wrote: »

All those weird little VPN problems, Cisco and Juniper have a way to fix them.

They're not perfect either

(hence my near 4 weeks of mixed double-days and overnights trying to install some 5585s...and now vowing never to go there again)

it_consultant

Yeah, my coworker and I were setting up a WG firebox with vpns to a couple of different locations which were talked to by various different medical imaging devices. It took a long time but eventually we got it to work. Without competent staff at the other offices we were connecting too and manufacturer support, it would probably have been an impossible task.

The main problem with that project was that Cisco and WG use different terminology. The "gateway" in WG is roughly akin to the "tunnel IP" in WG.