Running Untangle on APU boards
Posted by Natalia Wieczorek on
Today's article on running Untangle on PC Engine has been authored by Johan who kindly shared his experience and knowledge with us.
Untangle is a subscription base UTM system. Most are very costly but untangle have a HomePro edition for home users, with most the stuff you need, for $50 per year.
Installing untangle, after TekLager done the installation of the software for you, is very easy. Simply set your computers IP in the same subnet as the firewall and connect using http://192.168.2.1 (standard IP after install) from your favorite webbrowser.
Here will be a guide helping you with the initial configuration, define as Home when asked about type, you can also see this webpage for help https://wiki.untangle.com/index.php/Installation
After setting up the standard things you need to connect to untangle, setup an account and order the HomePro license, once that is done and your firewall is connected to the internet you can from assign the license to your appliance. After that you are ready to start building some rules and define devices etc.
Do note that you have to click save, bottom right, before leaving any page so that what you do is saved! Also I do recommend testing first, the wiping the box and then setting it up as you wish, you can get factory settings by going to Config - Systems - Support - Reset fo factory defaults.
A standard install will require setting up some firewall rules, maybe some forwarding if you like me run some servers of your own.
First install the apps you want, note that you can always add them afterward if you need them as well from the Apps menu by clicking on Manage Policies.
Typical apps I chose were:
- Web Filter
- Virus Blocker Lite (Virus Blocker is not included in the HomePro license, 25 devices is an additional £138 per year)
- SSL Inspector
- Application Control
- Captive Portal (for guest access, or in my case the kids)
- AD Blocker
If you have a mailserver or something then also add:
- Spam Blocker
- Phish Blocker
Make a clean up firewall rule, go to Apps - Firewall and clock the Rules tab. Define rule name, source Any WAN, destination Any None WAN and block.
If you have forwards then also add forwarding rules, that is done under Config - Network and the Port Forward Rules tab.
To add a forward rule click add, chose advanced (bottom left) and add rule name, destination port, new IP and new port.
Do note that if you also have any port 443 (https) and/or 80 (http) internally that you want to reach then you have to change the untangle admin listen port to something else, for instalnce 444 and 81 and also connect using http://192.168.2.1:81 https://192.168.2.1:444 once implemented. You change this under Config - Network - Services
To secure a network for your kids, or guests, go to Policy Manager, add a new policy and install the standards apps. Add a cleanup firewall rule and then go into Web Filter and select the services you want to deny and make available.
When making the selection for who this should apply for I gave the devices names, click devices top right and then simply name the devices by clicking in the username field for the device in question. I named all kids devices barn-kidsnamehere, then I can add a rule in Policy Manager - Rules that is *barn-* and select the policy that I created for the kids.
I also setup a guest login, you can do that from Captive Portal, in my case I have a guest SSID and all that enter get a different IP series and that is what I trigger it from. You can also do custom python scripts and there are some ready made that will allow you to limit time etc. https://wiki.untangle.com/<wbr/>index.php/Captive_Portal
Also read the untangle support pages and wikis, they have a lot of information, the user guide is a good starting point.