pfSense Support Subscription

Author Topic: Untangle NGFW 12 vs pfSense 2.3  (Read 11076 times)

0 Members and 1 Guest are viewing this topic.

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #15 on: November 29, 2016, 04:05:34 pm »
@chain
I know I am a little late to this tread, but I got the chance to test untangle complete with the link you provided, for some reason untangle fails right away from the first 1 tested pfsense with squid and squid AV (clam) and it only failed in 1 like yours, I am a little confused how untangle failed the test
« Last Edit: December 01, 2016, 12:37:06 am by Chrismallia »

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 1906
  • Karma: +150/-11
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #16 on: November 29, 2016, 04:52:35 pm »

8) Performance - it's generally okay but if you start up a few torrents this thing just goes to it's knees. When running Untangle and torrenting my throughput max out at about 5MB/s. With pfsense I get up to 20MB/s. Untangle is not very good in dealing with many open states.
What internet download speed do you have? and what hardware? I am trying out untangle at the moment and I have 100mbps down and 6 up downloading several torrent simultaneously  I max out my connection, so mine does not go to its knees

How many states? I had an old Netgear 3700 that ran just fine on my cable ISP's 30Mb/3Mb connection, but as soon as I got a fiber ISP with a 50/50 connection, I couldn't break 10Mb/s without the Netgear falling over. When I investigated the difference, my fiber ISP has a much lower ping and less packetloss. This in turn caused my torrent client to establish more connections and very quickly. The firewall quickly ran up against its connection cap.

To give an idea, with my cable ISP torrent had about 500 connections opened, with my fiber ISP, it was about 6,000.

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #17 on: December 01, 2016, 12:35:14 am »
@Harvy66

If I remember correctly with untangle torrents did not go over 500 sessions and I got my full download speed frequently , I am on fiber

Offline MasterX-BKC-

  • Jr. Member
  • **
  • Posts: 89
  • Karma: +10/-2
  • Infragard Member
    • View Profile
    • PFMonitor
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #18 on: December 01, 2016, 09:16:49 pm »
The reporting in Untangle is a separate app (module) that nicely collects all the log data from the system and all other apps and presents graphical reports but as well you can sort and filter through the rest. It's a log manager that's customised for Untangle events.

And yes, you can forward syslog events to Splunk or other but again the challenge is you need the right input filters not only for syslog but also for Snort and other packages and then you need to start building dashboard, etc so quiet a bit of work involved and not available out of the box.

If I could just figure out how to get a good, easy to use, reporting package with pfSense (even if it were external / separate computer/VM), I would be even happier.

Although there are some that would disagree, I also am a firm believer that we need some application layer filtering/monitoring in pfSense too. Both at work and at home I see a growing need for this.

I can spend weeks creating blacklists based on spam and block IPs using pfSence.
Perhaps, I can generate the blacklist automatically using spam assassin or fail2ban

Im actually working on building a better logging facility for pfsense built on php, mysql, and python, that does not require any custom modules, or modifications to the pfsense units themselves.  Im also building in its ability to export IP lists for blocking in pfsense.   Im also building a method of layer 7 monitoring for web server as well.  it has quite a number of cross-referencing features as well for analyzing attack patterns and the targetting patterns of repeat offenders.   Im also building in little by little reporting with graphs, taking suggestions as well for features as its in closed alpha testing atm.  Looking for a few more testers too.

PFMonitor
https://forum.pfsense.org/index.php?topic=120972.0


as for untangle.....
I personally tried out an untangle system in our office on a dell server we werent using when i was forced/coerced to try it by one of my old managers to see if its something we should have our sales team pitch to customers as an option for firewalling.  it worked ok for a while, and it was ""ok""ish to setup, but we kept having it freeze up after a random number of days in operation, i tried to track down what was making it unhappy, but i wasnt able to.   So i threw pfsense on it, and told the manager about that.   And now we offer high powered pfsense units built on dell and hp small form factor rack mounts.
13 x SG-2220
11 x SG 2440
1 x SG 4860
6 x VMware Virtual pfSense's
Member of FBIs Infragard Program
Partner of Arizona Cyber Warfare Range

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #19 on: December 02, 2016, 03:04:58 am »
MasterX-BKC-

Nice project will check out the post. Regarding untangle funny you had the freez problem I installed  2 at 2 different locations and have been running for months with no issues

Offline anschmid

  • Newbie
  • *
  • Posts: 15
  • Karma: +6/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #20 on: March 18, 2017, 06:42:41 am »
@chain
I know I am a little late to this tread, but I got the chance to test untangle complete with the link you provided, for some reason untangle fails right away from the first 1 tested pfsense with squid and squid AV (clam) and it only failed in 1 like yours, I am a little confused how untangle failed the test

I mentioned in my initial post that Untangle only scans files IF you have selected the specific file extension to be scanned. ".txt" is not a file type they scan per default. You need to manually add ".txt" to the list of files scanned by the AV engine.

I find this approach very counterintuitive for good security. I'd go from the approach to scan EVERYTHING per default and then add EXCEPTIONS on files I don't want to have scanned by the AV engine!

Offline anschmid

  • Newbie
  • *
  • Posts: 15
  • Karma: +6/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #21 on: March 18, 2017, 06:49:45 am »
A quick update that Untangle now have uPNP functionality since the latest update but it's a bit a hit and miss.

It does work for some devices, users but it doesn't for others. It's not very clear what the problem is. There is a long threat on their forum about problems a users had with XBOX One and he seem to have tried everything to get it to work.

I had tried again to run Untangle in "bridge mode" on my network behind pfSense due to the reporting functionality but it's just not behaving like a real bridge device. It still keeps blocking network traffic based on its' "filter rules" which is the Untangle equivalent of pfsense's firewall rules but a lot less powerful.

Need to find another way to get good reporting out of the pfsense! I'll have to check the PFMonitor mentioned earlier!

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #22 on: March 18, 2017, 07:04:50 am »
@chain
I know I am a little late to this tread, but I got the chance to test untangle complete with the link you provided, for some reason untangle fails right away from the first 1 tested pfsense with squid and squid AV (clam) and it only failed in 1 like yours, I am a little confused how untangle failed the test

I mentioned in my initial post that Untangle only scans files IF you have selected the specific file extension to be scanned. ".txt" is not a file type they scan per default. You need to manually add ".txt" to the list of files scanned by the AV engine.

I find this approach very counterintuitive for good security. I'd go from the approach to scan EVERYTHING per default and then add EXCEPTIONS on files I don't want to have scanned by the AV engine!

Hi nice to hear from you again. I did add .txt but still fails, also in there forums other people are complaining that that test is failing, there response is that that test is geared towards that product. I agree with you all  extensions must be scanned for security then let the user uncheck, they also say that test is like teaching a student to pass only that test wich is useless.

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #23 on: March 18, 2017, 07:11:42 am »
But aside from that. I do not have any problems using UT as edge firewall, reporting is great  you can view reporting by user names, and firewall rules can be by mac,user name,host .... not only IP I find that useful

Offline anschmid

  • Newbie
  • *
  • Posts: 15
  • Karma: +6/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #24 on: March 18, 2017, 08:19:10 pm »
@chain
I know I am a little late to this tread, but I got the chance to test untangle complete with the link you provided, for some reason untangle fails right away from the first 1 tested pfsense with squid and squid AV (clam) and it only failed in 1 like yours, I am a little confused how untangle failed the test

I mentioned in my initial post that Untangle only scans files IF you have selected the specific file extension to be scanned. ".txt" is not a file type they scan per default. You need to manually add ".txt" to the list of files scanned by the AV engine.

I find this approach very counterintuitive for good security. I'd go from the approach to scan EVERYTHING per default and then add EXCEPTIONS on files I don't want to have scanned by the AV engine!

Hi nice to hear from you again. I did add .txt but still fails, also in there forums other people are complaining that that test is failing, there response is that that test is geared towards that product. I agree with you all  extensions must be scanned for security then let the user uncheck, they also say that test is like teaching a student to pass only that test wich is useless.

As you mentioned if the Untangle misses the EICAR test file and you post about it the response is "that test is like teaching a student to pass only that test wich is useless" which might be true but it's not the point. If it can't detected this simple case how can it do the more difficult ones?

I have not found a way to scan ALL files as files are scanned based on EXTENSION  you enter in the GUI. I tried "*" but that doesn't work. There are many computations in 3 digits or even 4 or more if you consider newer file names!

For that to work the logic of the product would need to be changed to scan ALL by default and then let you decide files you want to skip!
« Last Edit: March 19, 2017, 05:10:45 am by anschmid »

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #25 on: March 19, 2017, 09:09:53 am »
There is no way to tell UT to scan all extensions by default as this was asked in there forums on the same topic I mentioned.
« Last Edit: March 19, 2017, 03:52:47 pm by Chrismallia »

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #26 on: March 19, 2017, 03:52:11 pm »
Well every product has its downsides, in pfsense many  wish there was good reporting but pfsense never got it yet, UT webfilter is great and it protects your devices against malware that are also using https  and you get elerts  wich device was blocked from malware, with squid and clam you have to use man in the middle to scan ssl, the bandwidth control is farrr better then traffic shaping  also thanks to layer 7 you can  prioritize  based on apps not just ports and ip example torrent is always identified and put at low, in traffic shaping I always got torrent aat medium as it never got the p2p q, in 13.0 UT is getting fq_codel (also in free version)  so if you like UT reporting I do not see any reason not to use it as edge firewall
« Last Edit: March 19, 2017, 03:56:03 pm by Chrismallia »

Offline anschmid

  • Newbie
  • *
  • Posts: 15
  • Karma: +6/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #27 on: March 20, 2017, 10:41:46 pm »
Well every product has its downsides, in pfsense many  wish there was good reporting but pfsense never got it yet, UT webfilter is great and it protects your devices against malware that are also using https  and you get elerts  wich device was blocked from malware, with squid and clam you have to use man in the middle to scan ssl, the bandwidth control is farrr better then traffic shaping  also thanks to layer 7 you can  prioritize  based on apps not just ports and ip example torrent is always identified and put at low, in traffic shaping I always got torrent aat medium as it never got the p2p q, in 13.0 UT is getting fq_codel (also in free version)  so if you like UT reporting I do not see any reason not to use it as edge firewall

I certainly agree that Untangle is great in reporting and that's why I use it behind my pfSense firewall in bridge mode!

Re the SSL filtering I am not sure how this works without doing MITM? It's common for a transparent proxy that wants to do SSL filtering you need MITM. Only if the proxy is a non-transparent proxy it can be done without but then it can be bypassed if you don't lock down your FW.

Anyway the main three reasons why I still use pfSense as my edge firewall and not Untangle are:
1) pfSense has a real firewall rules configuration section. Untangle's has filter rules but it's a bit confusing.
2) pfSense supports IPv6 through out the product compared to Untangle just passes IPv6 traffic through.
3) pfSense has unbound DNS to setup a real DNS severs instead of just the a forwarding DNS server.

Again that's only my individual view and hence I am running pfSense and Untangle to get best of both products.

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 163
  • Karma: +9/-0
    • View Profile
Re: Untangle NGFW 12 vs pfSense 2.3
« Reply #28 on: March 21, 2017, 01:50:00 am »
UT web filter can  block https by looking at the sni in the cert and if sni is not present it uses the site IP  so it does not need mitm not to say this has some downsides  example if you are already on youtube.com and block it from webfilter it does not get blocked unless you restart web filter or clear browser cache, why? cos  web filter looks at the sni or IP on site request so if the site is already open no request from the browser is done and cos the site is encrypted web filter is not seeing the data, thats when you need ssl inspector to fully inspect ssl, now not to say there is still a other way block example youtube with no ssl inspector use application control it blocks or better tarpits   also existing open sessions  as it uses layer 7 patterns.
But as far as protection against malware sites you will not need ssl inspector as the site will never be open cos web filter will block it from the beginning and if it was never open no sessions exist for the url.
 
 As for the firewall what is so confusing as I hear this  from others ?
« Last Edit: March 21, 2017, 01:56:47 am by Chrismallia »