Introduction

Untangle NG Firewall, formerly known as Untangle Gateway, is a comprehensive network security solution designed to protect small to medium-sized networks from a wide range of threats. It combines multiple security features into a single, integrated platform, making it easier for network administrators to deploy, manage, and maintain. This article provides an in-depth look at what Untangle NG Firewall is, how it works, who it is intended for, and some intriguing curiosities surrounding the product.

Overview of Untangle NG Firewall

History and Evolution

Untangle, Inc. was founded in 2003 with the mission of making advanced network security solutions accessible and affordable. The original product, Untangle Gateway, combined essential services like firewall, VPN, and web filtering in a single appliance. Over the years, its feature set expanded significantly, prompting a rebranding to Untangle NG Firewall in 2017. The “NG” stands for “Next Generation,” reflecting the addition of modern security modules such as intrusion prevention and application control.

Core Components

• Modular Architecture: Provides a library of security and network applications (apps) that can be enabled or disabled based on need.
• Centralized Management: A web-based interface simplifies configuration, monitoring, and updates.
• Reporting and Analytics: Built-in reporting tools give real-time visibility into network traffic, security events, and user activity.
• Scalable Deployment: Suitable for on-premises hardware appliances, virtual machines, and cloud environments.

How It Works

Deployment Options

• Hardware Appliances: Preconfigured devices available in various performance tiers.
• Virtual Appliances: VMware, Hyper-V, KVM, and other hypervisor support.
• Cloud Deployments: AWS Marketplace and other cloud provider images.

Architecture and Data Flow

The Untangle NG Firewall functions as a bridge or routed gateway between your internal network and the internet. All network traffic flows through the appliance, where it is processed by the enabled apps in a sequential order. The typical data flow is:

1. Packet Reception: Traffic enters through a network interface.
2. Packet Decoding: The system decodes and classifies traffic based on protocol and layer.
3. Policy Enforcement: Enabled apps apply security policies (e.g., firewall rules, web filtering, intrusion prevention).
4. Logging and Reporting: Events are logged and made available in real-time dashboards.
5. Packet Forwarding: Cleaned and vetted traffic exits through the designated interface.

Key Modules and Features

Untangle NG Firewall offers a rich set of modules. Some of the most popular include:

• Firewall: Stateful packet inspection, NAT, and access control lists.
• Intrusion Prevention (IPS/IDS): Detects and blocks known attack signatures.
• Web Filter: Blocks or allows websites based on category, URL, or content.
• Application Control: Identifies and regulates applications like social media, P2P, and streaming.
• VPN: IPsec and OpenVPN support for secure remote access.
• Anti-Virus: Scans incoming and outgoing traffic for malware, viruses, and trojans.
• Ad Blocking: Reduces bandwidth usage and improves page load times.
• Phish Blocker: Prevents users from accessing known phishing sites.

Target Audience and Use Cases

Small and Medium Businesses

SMBs often lack the budget and personnel to manage complex, multi-vendor security setups. Untangle NG Firewall’s all-in-one approach provides enterprise-grade protection without requiring a large IT team. Administrators can quickly deploy preconfigured modules and monitor activity through intuitive dashboards.

Educational Institutions

Schools and universities face unique challenges such as controlling student access, blocking inappropriate content, and securing the network from malware. Untangle’s web filtering, user-based policies, and reporting tools make it a popular choice for K–12 and higher education environments.

Managed Service Providers

MSPs can use Untangle NG Firewall to offer security as a service. The platform’s multitenant management via Untangle Command Center allows providers to administer multiple customer deployments from a single pane of glass.

Key Features in Depth

Network Security

Firewall and Intrusion Prevention

• Stateful Firewall: Monitors active connections and enforces rules based on IP addresses, ports, and protocols.
• IPS/IDS: Uses signature-based detection to identify and block threats in real time.

VPN Capabilities

• Site-to-Site VPN: Securely links multiple offices over the internet.
• Remote Access VPN: Allows employees to connect securely from home or public networks.

Web Filtering and Content Control

The Web Filter module uses a category-based approach to block websites at various levels (e.g., gambling, social media, malware). Administrators can also create custom URL lists or apply time-based policies to control access during certain hours.

Application Control

Knowing what applications are running on a network is critical for performance and security. The Application Control app identifies over 1,500 applications by deep packet inspection, allowing admins to:

• Throttle or block bandwidth-heavy apps.
• Enforce usage policies for social media or streaming services.
• Monitor application usage through detailed reports.

Reporting and Analytics

Effective security requires visibility. Untangle NG Firewall’s reporting module generates:

• Real-time dashboards for traffic, threats, and user activity.
• Scheduled and on-demand PDF or CSV reports.
• Detailed drill-down views, enabling admins to trace specific events.

Management and Deployment

Administration Interface

The web-based GUI is designed for ease of use. Key interface features include:

• Dashboards: Overview of system health, active connections, and threat alerts.
• App Library: Browse, install, and configure modules in a few clicks.
• Policy Manager: Centralized rule creation for firewall, web filter, and application control.

Scalability and Redundancy

For environments requiring high availability, Untangle offers:

• Active/Passive Failover: Automatically switches to a backup appliance if the primary fails.
• Load Balancing: Distributes network traffic across multiple appliances.

Licensing and Pricing

Untangle NG Firewall uses a modular licensing model:

• Free Edition: Includes core apps like basic firewall, VPN, and reporting.
• Premium Edition: Annual subscription for advanced modules (IPS, web filter, application control, etc.).
• Enterprise Edition: Volume licensing for large deployments and MSPs.

Licenses are available per-device or via bundled bundles, with pricing varying by feature set and support level.

Curiosities and Advantages

• Community Edition Origins: The free edition began as a community-driven effort, with contributions from volunteer developers.
• Rapid Updates: Security modules receive daily signature updates to protect against the latest threats.
• Extensible API: RESTful API allows integration with third-party monitoring and ticketing systems.
• Mobile App: Untangle Mobile enables on-the-go monitoring and basic configuration via smartphone.
• Educational Discounts: Special pricing programs for schools and non-profits.

Comparison with Other Solutions

Conclusion

Untangle NG Firewall (formerly Untangle Gateway) offers a versatile, all-in-one security platform tailored to the needs of small and medium-sized organizations, educational institutions, and managed service providers. Its modular architecture, user-friendly interface, and comprehensive feature set make it an appealing alternative to stand-alone appliances or open-source solutions that require more manual integration. With continuous updates, centralized management, and scalable deployment options, Untangle NG Firewall remains a leading choice for network administrators seeking robust protection without excessive complexity.

For more information, visit the official Untangle website at https://www.untangle.com and explore community discussions at https://forums.untangle.com.