Untangle – A powerful free security appliance for your network – Updated

The nice part about Untangle is that you can start with something nearly free, like an old PC, and scale up to an enterprise level solution as your...

66 1
66 1


In a recent post I discussed how I found the Cradlepoint MBR1400 an ideal solution for improving the speed and reliability of my Internet connection.  This mission critical router offers load balancing and fail over / fail back on multiple wired Gigabit connections, multiple 3G, 4G and WiMax modems, and as well as dual band 802.11 a/b/g/n WiFi as WAN connections. Indeed it is hard to fathom a more versatile Internet connection device for most small businesses and home users. The only downside to the MBR1400 is that, except for basic content filtering, it doesn’t offer many of the fancy packet filtering functions such as Virus blocking, Spam blocking, etc. that are offered in more expensive Unified Security Gateway (USG) and Unified Threat Management (UTM) type devices. Most affordable USG and UTM boxes seem lacking in terms of wireless connectivity as compared to the Cradlepoint however.

The Solution

My solution to get the best of both without breaking the bank was to go with the MBR1400 as an Internet gateway device and then use a software appliance known as a Untangle to handle the rest of the perimeter network security issues. Untangle is based on Debian Linux and bundles together a suite of free open source applications as well as a variety of paid subscription software services into an amazingly easy to use package. The basic “Lite” package is completely free. The standard package adds pay services for things like enhanced content filtering, user management and technical support. The Premium package gets you just about everything you’d ever need in a security appliance. It is easy to upgrade from Lite to Standard to Premium. You can even select individual packages according to your needs or budget.

Untangle has relatively modest hardware requirements. Even an old Pentium 4 computer with 1 GB of RAM, an 80 GB hard disk with a pair of Ethernet ports should be sufficient to get you started. I have a lot of hardware just sitting around so my test bed build was a bit of overkill. I used a system with an Asus M2N68AM Plus motherboard, an AMD Phenom 9450e quad-core CPU, 4 GB DDR2 RAM, and a 320 GB SATA drive along with a couple of old 10/100 PCI Ethernet adapters. Fortunately, the 9450e is a very low power quad-core CPU so I don’t have to feel too guilty about the power draw! For those of you that aren’t interested in a build it yourself approach, Untangle also offers hardware appliances with Untangle software preloaded. These range in price from $849 for the small office Untangle XS to over $5399 for the enterprise grade R610+ capable of serving thousands of users. The nice part about Untangle is that you can start with something nearly free, like an old PC, and scale up to an enterprise level solution as your needs grow.

Untangle XS Hardware Appliance
Untangle XS Hardware Appliance

Untangle is easy to install. Just download the ISO, burn it to CD and then boot your machine with the CD. The installation process is smooth. On my first try I opted to use full disk encryption (as I do on all my machines).  I used the automatic partitioning setup with a small boot partition along with LVM riding on an encrypted container. The automatic settings were fine, but Ubuntu/Debian user would have had an easy time customizing the layout. Once the basic software installed you reboot the machine, configure a few settings for the administrator account, and how you intend to use the device (either gateway or router) and then select which packages to install in your “rack”. I opted to configure it as a gateway bridge mode device between the Cradlepoint and the rest of my network.  I selected the Lite Package and all the free open source tools were automatically downloaded and installed in just a few minutes. After that it was just a matter of point & click to configure settings on any of the virtual devices in the rack.

Untangle Rack
Untangle Rack


Overall, I’ve been very impressed with Untangle. It’s easy to set up and easy to use. It’s cost, capabilities, and scalability seem to make it an ideal complement to the CradlePoint MBR1400 router. I could go on here about the many features of Untangle, but since it’s free you’d be better off just trying it out for yourself.

Update November 15, 2011

I noticed that Spam Blocker wasn’t registering any messages passed. Initially I thought something was wrong. After some thought I realized that I was using SSL/TLS to access my POP3 accounts. Duh? The encryption makes it impossible to scan the packets for Spam. I believe the Spam filter in Untangle is more useful if you’re hosting your own e-mail server behind the Untangle box. A similar situation exists with the other Untangle filters such as Virus Blocker whereby you can’t do in-line scans on encrypted connections. Of course if you’re using https with someone who will give you a virus you have much bigger problems! So, don’t think of these things as shortcomings of Untangle, it’s just a fact of life when using encryption. I look at Untangle as an additional layer of protection and control for the network. I still use anti-virus and software firewalls on all my machines.

Update March 2, 2012

This machine has been running flawlessly for months. Truly a set and forget type appliance. The only time it’s rebooted was when I had to move the machine to rearrange some furniture.  This is they way computers should be!


In this article

Join the Conversation