From UntangleWiki

Contents 1 General 1.1 What is Untangle? 1.2 Is Untangle for home or business use? 1.3 Is Untangle hardware or software? 1.4 Where does Untangle sit on the network? 1.5 Does Untangle use open source software? 1.6 Who owns my network data? Is it private? 2 Technical 2.1 What are some of Untangle's idiosyncrasies I should be aware of? 2.2 How secure is Untangle by default? 2.3 Does Untangle support VLANs? 2.4 Can I put a WiFi card in my Untangle and have my users connect to it? 2.5 Does Untangle have high availability options or support automatic hardware failover? 3 Licensing and Subscriptions 3.1 How does Untangle licensing work? 3.2 How do I determine the correct band? 3.3 How do I purchase Untangle software? 3.4 What happens if I stop paying Untangle for my subscription(s)? 3.5 What's a UID? 3.6 What's a voucher? What's a voucher key? 3.7 Can a voucher expire? 3.8 Why would I want to purchase a voucher? 3.9 How do I redeem a voucher? 3.10 Can I try Untangle before purchase? 3.11 Do my other applications still work after my trials expire? 3.12 I just purchased a product, however it is still reporting as a trial version? 3.13 How do I renew my subscription(s)? 3.14 How do I unsubscribe or cancel my subscription(s)? 3.15 Why is my renewal date not changing after I renewed my subscription? 3.16 I reinstalled my Untangle Server, why can't I reinstall my paid subscriptions? 3.17 How can I transfer my subscription? 4 Networking 4.1 If I am using NAT, how can I provide access to a web server to the internal network? 4.2 Why can only some of my subnets access the Internet? 4.3 Is it possible to use DHCP without enabling NAT? 4.4 Does Untangle support dual WAN or WAN failover? 4.5 My network is extremely slow and some pages won't load. Why? 4.6 Can I use OpenDNS with Untangle? 4.7 In Bypass Rules, what's the difference between "bypass" and "on"? Don't they do the same thing? 5 Updates 5.1 How do I check for updates? Is this automatic? 5.2 How do I know if updates are available for download? 5.3 I can't upgrade. Help! 5.4 I see an error in the logs. Is this bad? 6 VoIP 6.1 How does Untangle handle VoIP traffic? 6.2 After installing Untangle, my VoIP doesn't work. Why?

General

This section answers general questions about Untangle and how it works.

What is Untangle?

Untangle is a platform for deploying network based applications. The platform unites these applications around a common GUI, database and reporting. Applications on the Untangle platform inspect network traffic simultaneously, which greatly reduces the resource requirements of each individual application. The Untangle platform currently supports many open source applications and commercial add-ons.

Is Untangle for home or business use?

Untangle is great for businesses and small home office networks. Untangle requires its own dedicated computer so it may not be a good fit for home where an extra computer is not available - it cannot be run on the same computer it is protecting.

Is Untangle hardware or software?

Untangle is a software platform that can be installed on standard Intel-compatible hardware, or you can purchase a hardware appliance directly from Untangle with the software pre-installed. The minimum hardware requirements can be found here, and many Untangle partners offer a pre-built systems.

Where does Untangle sit on the network?

Untangle should sit at or directly behind the network gateway in between your network and the Internet. Please see our User Guide for examples of where Untangle should be placed in your network.

Does Untangle use open source software?

Yes, Untangle uses several open source projects. We seeks to offer the best technology in each of our modules whether or not that requires writing proprietary code, working with existing open source projects to combine the best features from multiple projects, adding missing features or simply optimizing them for the Untangle platform. The Untangle platform itself is a proprietary technology that was developed internally.

Who owns my network data? Is it private?

You own 100% of your network data. Untangle does not have access to your Untangle or your network unless you explicitly authorize us by turning on remote support access in Config > System. Your data is 100% private.

Technical

What are some of Untangle's idiosyncrasies I should be aware of?

• The Untangle web GUI has two modes: Basic and Advanced. You can switch between these modes at Config > Networking > Advanced, but be aware that while switching to Advanced mode will give you more options, switching from Advanced to Basic will both remove these extra options and require you to re-run the configuration wizard.

• If you have three or more interfaces when you install, Untangle will name these External, Internal and DMZ by default. These names cannot be changed. DMZ is just an interface name, it is not handled differently than any other interface. Any additional interfaces will be named ethX, where X is the number of the interface.

• Most ordered lists such as Port Forwards and Firewall rules are evaluated from the top down, so any traffic that matches a rule will cause it to perform its action. If you have entries lower in a list that don't seem to work, take a look at the entries above it - they may be triggering on that traffic before it ever gets down to the rule you're working on.

• By default, all Untangle interfaces can talk to each other - if you want to wall them off, you can use the Firewall or Packet Filter (Firewall does not handle ICMP), or uncheck Only NAT WAN Traffic at Config > Networking > Advanced >General, which will cause the Untangle to NAT between non-WAN interfaces.

• The Destined Local condition will match traffic on any IP Untangle holds, so if you have multiple external IPs your port forwards should use the Destination Address flag rather than Destined Local.

How secure is Untangle by default?

Using a Router mode install, by default Untangle will block any inbound traffic that isn't explicitly port forwarded using NAT. Port 443 will show up as open and give you a login page, but by default even if you have the correct credentials External Administration will be disabled - you can change this at Config > Administration. If any other ports are showing up as open from the outside, you've either set up a port forward for them or the Untangle is somehow misconfigured. The Firewall rack application is set to default pass, so if you want a default block you'll need to change that. In Bridge mode you have an upstream firewall doing NAT, so Untangle is transparently filtering traffic according to the configuration.

Does Untangle support VLANs?

Yes. Untangle must be configured such that it knows about all the VLANs on your network and how to route the traffic accordingly.

However, Untangle does not support 802.1Q VLAN tags in bridge mode, nor can Untangle be configured to add 802.1Q tagging.

The easiest way to make Untangle work with VLANs is to keep them all downstream, however if you're in bridge mode and not using 802.1q tagging it should still work. In either Router mode or Bridge mode, connect a switch to a LAN interface of Untangle, then manage and terminate your VLANs on that switch. You'll most likely need to do two things to get this working.

• For this example, we'll say your Untangle is 192.186.1.1 and your switch is 192.168.1.2, with VLANs of 192.168.10.0/24 and 192.168.11.0/24:

1. Set up static routes pointing your VLAN networks at the IP of the switch:
   • Network: 192.168.10.0, Netmask: 255.255.255.0, Gateway: 192.168.1.2
   • Network: 192.168.11.0, Netmask: 255.255.255.0, Gateway: 192.168.1.2
2. Set up aliases for Untangle on those networks:
   • Go to Config > Networking > Interfaces and edit the interface the switch is on. Click Add in the IP Address Alias area, then enter 192.168.10.1/24, then add 192.168.11.1/24 and save. When adding aliases, make sure to give Untangle an IP that is not in use and do not make the IP x.x.x.0.

We believe that should be enough to get most VLAN setups going, but if not feel free to post on the forums or contact Untangle Support.

Can I put a WiFi card in my Untangle and have my users connect to it?

As of v9.2.0 we do not have the driver support necessary to accomplish this. We're planning a a move from our current revision of Debian Lenny to the latest, Squeeze. Once this process has been completed we will be looking further into supporting WiFi cards.

Does Untangle have high availability options or support automatic hardware failover?

We are actively looking into this area and will make an announcement when we have more information.

Licensing and Subscriptions

This section has answers to questions relating to purchasing, licensing and subscriptions to Untangle.

How does Untangle licensing work?

Untangle licensing is done individually for each deployed Untangle server. One license cannot be shared across multiple Untangle servers. The pricing band is determined by the number of devices that are behind the Untangle server. Our current pricing model allows the purchase of a monthly, 1-year, 2-year or 3-year subscription.

How do I determine the correct band?

Untangle products and services are priced by bands for different sized companies and networks. The appropriate band can be calculated by counting the number of unique devices behind Untangle on any given day. More explicitly, it is the number of unique IP addresses on any non-WAN (local) interface including VPN users seen from midnight to midnight the next day. If the number of unique IP addresses is below the upper bound of the subscription band for that server it is fully compliant.

Note:

• Bypassed devices are not counted. Bypass Rules can be added for devices that do not need Untangle scanning and services (printers etc) but still require internet access.
• If the number of unique email addresses for scanned emails is greater than the number of unique IPs, unique email addresses is used instead.

How do I purchase Untangle software?

Currently there are two ways to make a purchase of our Untangle software:

An off-GUI purchase is when you purchase a subscription directly from Untangle's store without being logged into an Untangle server. An off-GUI purchase results in a voucher you can redeem at any time, but keep in mind that until you redeem the voucher you don't have access to the purchased features. Additionally, it's important to note that your subscription expiration count-down starts from the day you purchase your subscription not the date you redeem the voucher.

An on-GUI purchase is when you purchase from your Untangle Server directly. If you purchase via the on-GUI method, the store and the server should talk to each other and the server will automatically download the software you've purchased. We recommend that you use Firefox or Chrome when doing this process because some browsers (e.g. Internet Explorer) won't allow the store and the server to communicate, which causes the process to fail.

If you have any problems with either of these two ways to purchase, please contact support at 866.233.2296 option 2 or open a case at Untangle Support.

What happens if I stop paying Untangle for my subscription(s)?

If you stop paying for your subscriptions any paid applications will stop working when your subscription ends. You will no longer be able to use anything but the applications in the Lite Package and will see No License Found on the faceplate of any paid applications. It's very easy to get your account back working again by contacting our sales department to renew your subscription and all of your previous settings will return.

What's a UID?

A UID (or Unique IDentifier) is a unique 16-digital alpha numeric code that identifies your Untangle Server. To determine your server's UID, from the Untangle Server, go to Config > System Info tab > Version.

• If you reinstall your Untangle Server, you will get a new UID, and you may need to transfer any previous subscriptions to be authorized for the new UID.
• If you reset to factory defaults, your Untangle Server maintains its UID.

The UID also helps Untangle Technical Support identify your server when you call for Technical Support.

What's a voucher? What's a voucher key?

A voucher is a "gift certificate" for a specific Untangle package or application. A voucher key is a unique alphanumeric code that enables you to redeem your voucher.

Can a voucher expire?

Yes, when you purchase a voucher you can select a monthly or yearly subscription that automatically renews. The subscription period begins as of the time the voucher was purchased, so it's important that you redeem that voucher as soon as possible to get the biggest "bang for your buck."

Why would I want to purchase a voucher?

• If you are an end-user but you currently don't have access to your Untangle a voucher provides you a way to purchase now and install at your convenience.

• If you are an Untangle Partner:

• It's very efficient to purchase a set of vouchers using one transaction, and redeem the vouchers as you install Untangle.

• If you do not intend to install the Untangle yourself you can simplify the installation process by sending the voucher to your customer.

• If you're looking to court a customer a voucher is a wonderful gift; not as tasty as chocolate though not nearly as expensive as a diamond.

How do I redeem a voucher?

There are two ways to redeem a voucher.

First: (Primarily used if you were the purchaser of the voucher or have store account access to the account where the voucher was purchased)

1. Log-in to your Untangle Server.
2. From the Navigation pane, click on the My Account button on the bottom left.
3. Log into your Store Account you used to purchase your Voucher.
4. Click on the link called My Vouchers on the left side navigation.
5. Check the box next to the voucher(s) you'd like to redeem.
6. Click on the Redeem button. The software should automatically start to download and install.

Second: (Primarily used if you did not purchase the voucher through your store account)

1. Follow steps 1-4 above.
2. Click the link Enter and Redeem a New Voucher Key.
3. Enter the voucher key(s) in the space(s) provided.
4. Verify the UID, server description and the IP address of your server are correct.
5. Click the Continue button. The software should automatically start to download and install.

Can I try Untangle before purchase?

Yes! We provide a suite of applications free of charge; all of our paid applications (except Branding Manager) have a fully functional 14-day free trial available. During the trial period the faceplate of any trial mode applications will show xx Days Remaining, this will switch over to Free Trial Expired once the trial period has ended. If you want to purchase an expired application it will retain your settings as long as you don't remove it from the rack.

Do my other applications still work after my trials expire?

Yes. All applications in the Lite Package remain in your rack and never expire.

I just purchased a product, however it is still reporting as a trial version?

From your Untangle, click My Account on the lower left hand side of the web GUI and log into the store. Click My Subscriptions, then select your product(s) and click Reinstall. You'll need to do this either from the actual Untangle box or through the network using Firefox or Chrome, Internet Explorer can have issues with this process.

How do I renew my subscription(s)?

You can turn on auto renewal by logging into your store account, clicking My Subscriptions, then modifying the Auto Renew field. If you have Auto Renew off, please follow these steps to renew a subscription:

1. Log in to your store account and click Renewals. Any subscriptions that are not enabled for renewal will display here.
2. If your payment information needs to be updated, click on the "Provide your payment information" button, where you can update it.
3. If your payment information is current, you can simply select the subscription(s) to be renewed and click the "Renew Selected Subscriptions" button. You'll see a confirmation message and receive an email with the details.

How do I unsubscribe or cancel my subscription(s)?

You can turn off auto renewal by logging into your store account, clicking My Subscriptions, then modifying the Auto Renew field.

Why is my renewal date not changing after I renewed my subscription?

If your subscription is enabled for renewal but the renewal date still shows the same date as before, don't worry - because we don't charge your account for the subscription renewal until the renewal date, the renewal date will not change until that charge takes place. For example, say you enabled a subscription for renewal with a renewal date of November 11, 2010. On November 11 we will charge your account for the cost of the renewal and update your renewal date to November 11, 2011. If your subscription does not appear when you click Renewals in your store account it is already enabled for renewal.

I reinstalled my Untangle Server, why can't I reinstall my paid subscriptions?

Each Untangle has a UID, or Unique Identifier that is set during the install and never changed. If you reinstall your Untangle it will have a new UID and you'll need to transfer the subscription to the new UID to be able to download your subscription. Instructions on subscription transfer are below.

How can I transfer my subscription?

Before transferring the subscription, be sure to download any backups from your store account at My Subscriptions > View Backups - once the transfer has been made you will no longer be able to access the backups of the old UID. Please follow the steps below to transfer the subscription:

1. Log into the new Untangle, then click My Account in the lower-left hand corner of the web GUI.
2. Log into your store account and click My Subscriptions and make sure any servers you have listed have a proper description - if not, please set them.
3. Click Transfer Subscriptions and follow the prompts.

Networking

This section has answers to common networking questions. You'll want to take a look at our User Guide and Config Menu Settings for more information on general network settings.

If I am using NAT, how can I provide access to a web server to the internal network?

1. If the web server is using DHCP, it should be assigned a static address or a static DHCP lease.
2. Create a port forward rule for all incoming traffic on port 80 to your web server as discussed in Port Forwards.

Why can only some of my subnets access the Internet?

Untangle needs to know about the other subnets in order to correctly route traffic to them; this can be done in several ways:

• Give Untangle an alias on each subnet at Config > Networking for that interface. Make sure to use a reall, unused IP, not x.x.x.0.
• Alternatively, if your subnets are close (e.g. 192.168.1.x, 192.168.2.x) you can expand Untangle's netmask on that interface.

If your other subnets are behind a different internal router, you'll probably need to add static routes pointing the subnets to that router.

Is it possible to use DHCP without enabling NAT?

Yes, DHCP can be enabled if NAT is disabled as long as the settings at Config > Networking > DHCP Server are correct.

Does Untangle support dual WAN or WAN failover?

Yes! For information on Multi-WAN, see WAN Balancer for Load Balancing and WAN Failover for failover.

My network is extremely slow and some pages won't load. Why?

This is more common with PPPoE, however some internet connections have a sub-1500 MTU but don't support automatic MTU path discovery. It is worth a try to manually change MTU on the Config > Networking > Interfaces page to something lower such as 1492 (or even 1450) to see if it has any effect. You must be in Advanced Mode to change this setting. If this does not solve the issue you should return MTU to the default setting.

Can I use OpenDNS with Untangle?

We advise against using public DNS resolvers as they can hamper the effectiveness of our Spam Blocker and Spam Blocker Lite applications; we recommend using your ISP's DNS servers.

In Bypass Rules, what's the difference between "bypass" and "on"? Don't they do the same thing?

• "On" indicates the rule is enabled - if it is not enabled, the rule doesn't do anything.
• "Bypass" indicates the action if the rule matches - if checked, the traffic is bypassed; if not, the traffic will go through the rack as normal.

One use case is to use bypass rules to send only selected traffic to Untangle. To do this, create a single rule that bypasses all traffic, then place rules above that rule with "on" checked and "bypass" unchecked. Traffic that matches these rules will be sent to Untangle, effectively bypassing all traffic except what matched the specific rules.

Updates

These FAQs explain how updates are performed.

How do I check for updates? Is this automatic?

Untangle automatically performs and installs definition updates for all applications; you can modify the platform updates settings at Config > Updates > Update Settings. If you turn Automatic Updates off, you will still receive definition updates, however platform updates will not automatically be applied.

How do I know if updates are available for download?

The Config > Networking button will light up when upgrades are available, just click it and follow the prompts to upgrade.

I can't upgrade. Help!

If upgrades appear available and after pressing upgrade things appear to upgrade but the version stays the same, please contact Untangle Support.

I see an error in the logs. Is this bad?

If you see a "W: Conflicting distribution:" error after running apt-get update or reading the upgrade logs, there is no reason to be concerned. This is normal and can be safely ignored.

VoIP

These FAQs explain how Untangle handles VoIP traffic.

How does Untangle handle VoIP traffic?

Most VoIP traffic is automatically bypassed from scanning by default because of its inherent time sensitivity. It is recommended to add manual bypass rules for non-standard VoIP installations.

After installing Untangle, my VoIP doesn't work. Why?

Verify your VoIP devices are set to do NAT Traversal themselves - if they are not, you can try enabling the SIP Helper at Config > Networking > Advanced > General.