From UntangleWiki

This is an exhaustive list of all settings available under the Config tab of Untangle's webGUI with an explanation of what they do.

Contents 1 Networking 1.1 Interfaces 1.2 Port Forwards 1.3 Hostname 1.4 DHCP Server 1.5 DNS Server 1.6 Troubleshooting 1.7 Advanced 1.7.1 General 1.7.2 Bypass Rules 1.7.3 Packet Filter 1.7.4 QoS 1.7.5 ARP 1.7.6 Routes 1.7.7 Local DNS 1.7.8 DHCP & DNS 1.7.9 Overrides 2 Administration 2.1 Administration 2.2 Public Address 2.3 Certificates 2.4 Monitoring 2.5 Skins 3 Email 3.1 Outgoing Server 3.2 From-Safe List 3.3 Quarantine 4 Local Directory 5 Upgrade 6 System 6.1 Support 6.2 Backup 6.3 Restore 6.4 Protocol Settings 6.5 Regional Settings 7 System Info 7.1 Version 7.2 Registration 7.3 Licenses 7.4 License Agreement

Networking

The Networking tab gives you access to the global settings of your Untangle.

Interfaces

On the Interfaces tab, you can set up and modify new WAN or LAN interfaces. The table below contains a list of all options; only the applicable options will be displayed depending on your selections for Config Type and is WAN Interface.

Config Type	This entry controls the type of interface: Use Static if you have a static IP. Use Dynamic if you have a dynamic IP. Use Bridge if you'd like to bridge the interface to another interface. You can use PPPoE if your line requires it, but we highly recommend finding out from your ISP if your modem can handle the PPPoE login so you can use Static here. PPPoE connections do not work with Multi-WAN features and it's generally better to use Static if possible.
is WAN Interface	Use this checkbox if the interface should be a WAN connection (e.g. pointed towards the Internet)
Primary IP and Netmask	The IP Untangle should use on the interface - for example, 203.0.113.1/28 or 10.0.0.1/24.
IP Address Aliases	These are additional IPs Untangle should hold on that interface. The netmask should (in most cases) match the mask of your primary IP.
NAT Policies	When using a non-WAN interface, these control how machines are NATed to the WAN interface. 0.0.0.0/0 auto will NAT everything to your primary IP.
Default Gateway	The gateway given to you by your ISP.
Primary/Secondary DNS Server	The DNS server info given to you by your ISP. Please note that while you can use public DNS servers such as Google or OpenDNS, using them will stop Spam Blocker's tarpitting feature from working. We recommend against using internal DNS servers.
Override IP Address/Netmask/Gateway/DNS	When using a Dynamic interface, you can use these to override the information pulled from the upstream DHCP server.
Username/Password	When using a PPPoE interface, this is your Username/Password. As noted above, we recommend having your modem handle the login so you can use a Static interface type.
PPPoE Optional Parameters	When using a PPPoE interface, these are any optional parameters that the Untangle needs to use. As noted above, we recommend having your modem handle the login so you can use a Static interface type.
Bridge to	When using a Bridge interface, this is the interface you want to bridge the current interface to.
MTU	The Maximum Transmission Unit of your network. Leave this blank (auto) unless you have a good reason not to.
Ethernet Media	Controls the speed of the interface's NIC. Leave this set to Auto unless you're having duplexing issues. Check to make sure both sides are set to Auto before changing it.

Port Forwards

The Port Forwards tab is where you set up your port forwards. More information on Port Forwards can be found here.

Hostname

Using the Hostname tab, you can set your hostname, domain name, and configure Untangle to update your Dynamic DNS. There is a dropdown list of supported Dynamic DNS providers. Please note that the Hostname entry at the top is for your Untangle while the Hostname(s) entry at the bottom is for your Dynamic DNS hostname.

DHCP Server

The DHCP Server tab governs the settings for your DHCP Server, allows you to set Static DHCP Entries and see the Current DHCP Entries.

Enabled	Enables or disables the DHCP server. Please note, if the DHCP server is disabled it will not hand out DHCP to any interfaces.
Start	Sets the start of the DHCP address pool range, for example 10.0.0.100.
End	Sets the end of the DHCP address pool range, for example 10.0.0.200.
Lease Duration	Sets the duration of DHCP leases in seconds.
Gateway	Sets the Gateway given out to DHCP clients. You can leave this blank and Untangle will hand out the proper gateway on each non-WAN interface you have enabled DHCP on.
Netmask	Sets the Netmask given out to DHCP clients. You can leave this blank and Untangle will hand out the proper netmask on each non-WAN interface you have enabled DHCP on.
Lease Limit	The maximum number of simultaneous DHCP leases.
Authoritative	Makes Untangle's DHCP server the authoritative server on the network. It changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored.

DNS Server

On the DNS Server tab you can set your domain name suffix, set Static DNS Entries and see the current Automatic DNS Entries.

Enabled	Enables or disables the DNS server.
Domain Name Suffix	The domain name of your network. This controls, among other things, the suffix pushed out to OpenVPN clients.

Troubleshooting

The Troubleshooting tab provides you with tools to assist in problem solving.

Connectivity Test	The Connectivity Test checks that your Untangle can resolve and connect to http://updates.untangle.com This is an important test to establish that your WAN connections is functioning properly.
Ping Test	A simple Ping utility. Enter a hostname or IP and ping away.
DNS Test	A simple DNS utility. Enter a hostname and get an IP.
Connection Test	The Connection Test is a very useful tool that lets you check the status of a port on a remote machine. Enter an IP or Hostname and a Port, click Run Test, and see what happens.
Traceroute Test	A Simple Traceroute utility. Enter a hostname or IP and see what's between your Untangle and the remote machine.
Packet Test	The Packet Test is a very powerful troubleshooting tool. Select an Interface to listen on and a timeout value, then hit Run Test - you'll see all the traffic on that interface. You can filter by IP and/or port to, for example, check if traffic is hitting an interface or if a remote machine is answering a request.

Advanced

Pressing the Advanced button allows you to switch in and out of Advanced mode. When in Advanced mode, a dropdown gives you access to additional menus listed below.

General

There are four options in the General menu:

Send ICMP Redirects: Untangle will send updated routing information to hosts if it knows a better path to the destination.

Enable SIP Helper: The SIP helper will allow VoIP phones and devices to work through NAT if they can not do NAT traversal themselves - if they are set to do NAT traversal themselves, you may need to disable this setting for them to work. Please note that this requires a reboot to take effect.

Administration overrides Port Forwards: This setting will cause the current administration port (443 by default) to override any port forwards you have set up for the port in question.

Legacy NAT Mode: If enabled, the NAT implementation will be the older version. This is not recommended.

Bypass Rules

You can set up Bypass Rules when you don't want traffic scanned by Untangle - scanning will break some types of traffic, such as some times of encryption. Any bypassed traffic will simply be routed to its destination, it will not be scanned and thus will not show up in the Reports. More information on Bypass Rules is available here.

Packet Filter

You can use the Packet Filter like a Firewall for traffic that does not go through the rack - for example, you can block access to Untangle services, such as the administration pages. Your options are Pass, Drop, and Reject. More information on the Packet Filter is available here. The built-in Packet Filter rules are the following:

Allow DHCP Requests from the internal interface	This rule allows hosts on the Internal interface to grab an IP from Untangle's DHCP server.
Allow DHCP Requests from the DMZ interface	This rule allows hosts on the DMZ interface to grab an IP from Untangle's DHCP server.
Block all DHCP Requests to the local DHCP Server	This rule blocks DHCP requests from all interfaces to Untangle's DHCP server.
Block DHCP Traffic forwarding to internal interface
Accept DHCP traffic to the local DHCP client
Accept DNS traffic from the Internal and VPN interfaces to the local DNS Server	This rule allows hosts on the Internal and VPN interfaces to use Untangle's DNS server.
Accept DNS traffic to the local DNS Server from all interfaces
Accept SNMP traffic from the Internal interface
Accept SNMP traffic from all interfaces
Block OpenVPN traffic from the internal interface
Accept OpenVPN traffic from all interfaces
Accept SSH traffic from all interfaces	This rule will block or allow incoming SSH connections from all interfaces.
Allow Ping on all interfaces	This rule will block or allow ping replies on all interfaces.
Block traffic to local server processes
Accept incoming VPN traffic when running as a VPN client
Route VPN traffic that would go through the Bridge	This rule is for bridge mode installations only - it will route VPN traffic over the tunnel that would be passed to the External interface.
Route all bridge traffic	This rule will route all traffic that would pass through the bridge according to Untangle's routing table.

QoS

The QoS tab contains the Quality of Service settings for Untangle. More information on QoS is available here.

ARP

You can use the ARP tab to statically assign or view the current ARP entries.

Routes

Routes will display Untangle's routing table and allow you to set Static Routes.

Target/Netmask	These fields specify the network that will have its traffic routed. Valid values are in IP address/netmask format.
Gateway	This field specifies the host that receives traffic that is routed from the specified network. Valid values are in IP address format.

Local DNS

The Local DNS tab allows you to have DNS queries for certain domains forwarded to alternate DNS servers - for example, you may want to forward DNS requests for the far side of a VPN tunnel to the DNS server on the other side of the tunnel.

DHCP & DNS

The DHCP & DNS tab allows you to pass custom options to DNSMASQ, the daemon Untangle uses to handle DHCP and DNS.

Overrides

The Overrides tab allows you to stop Untangle from modifying certain configuration files if you need to make manual changes.

Administration

The Administration menu controls features of your Untangle including administrative accounts, External Administration, and Certificates.

Administration

From this tab you can add additional administrator accounts to your Untangle and control how Administration behaves.

Admin Accounts	Use this to add, remove or modify administrator accounts.
Enable External Administration	This enables or disables administering Untangle from the WAN.
Enable External Report Viewing	This enables and disables viewing of Untangle Reports from the WAN.
Enable External Quarantine Viewing	This enables and disables viewing of Email quarantines from the WAN.
External HTTP Port	This setting allows you to change Untangle's administration port. This is useful, for example, if you need to forward port 443 from the WAN to a local machine.
Allow/Restrict External Access	This setting lets you switch Untangle administration from any IP to a specific IP or IP range.
Enable/Disable HTTP Administraion from LAN	This settings allows you to disable or enable administration over HTTP from the LAN.

Public Address

You can use this menu to let Untangle know what address it should use when sending out quarantines, OpenVPN clients, and more.

Use External IP address	This will have Untangle use the Primary IP on its External Interface.
Use Hostname	This entry will have Untangle use the Hostname from Config > Networking > Hostname.
Use Manually Specified IP	This will have Untangle use the IP and port you specify, for example if you are in bridge mode and port forwarding to the Untagle from your firewall.

Certificates

The Certificates tab lets you view Untangle's cert info and create/import certificates. Please note that if you are going to import a certificate, you must step through the process: Generate a Certificate, then a CSR, send the CSR to your registrar, and import the certificate they give back to you.

Monitoring

The Monitoring tab allows you to enable or disable SNMP and/or Syslog data.

Skins

The Skins tab allows you to modify the look and feel of your Untangle with the inbuilt or custom skins. Please note that this only affects the administrative webGUI, if you'd like to change the way user-facing pages are displayed you'll need Branding Manager.

Email

The Email menu contains settings that pertain to Untangle sending emails as well as whitelists and quarantines.

Outgoing Server

Untangle can be set to either send Email directly or through another server. We recommend using the Email Test to see if test emails go through, if you do not receive them you can switch the settings and try again. Please note that most mail servers will need to be set to allow Untangle to relay through them for Emails to successfully be sent.

From-Safe List

The From-Safe List is a whitelist for email addresses. Please note that all whitelist entries are global in that they will apply to all mailboxes. We provide both a Global whitelist so administrators can easily add addresses for all users as well as a Per-User list that end users can add to through their quarantines.

Quarantine

The Quarantine tab contains settings dealing with quarantines. You can set the Maximum Holding Time for emails in the quarantine, the time and sending of daily Quarantine Digests, as well as viewing/purging user quarantines. You can also set the quarantinable address list and set email addresses to forward quarantines to.

Local Directory

On the Local Directory menu you can add, delete and edit accounts in Untangle's Local Directory. You can use this for Captive Portal and Policy Manager.

Upgrade

The Upgrade menu allows you to manually start an Upgrade as well as enable/disable automatic upgrades and set the date/time for automatic upgrade checking.

System

The System tab houses settings for Untangle's secure access to your box, along with Backup/Restore options and reboot/shutdown options.

Support

Allow secure access to your server for support purposes: This joins your Untangle to our secure support channel in the event we need back-end access to the box to fix problems.

Send data about your server for support purposes: This option sends anonymous statistics and error messages to Untangle so we can improve the product. If you're getting email from/to exceptions (at) untangle, you can disable this to stop those.

You can also reboot or restart your Untangle from this tab.

Backup

The Backup tab allows you to take a manual configuration backup of your Untangle's settings.

Restore

The Restore tab allows you to restore a backup of your Untangle's settings. Please note that racks and individual application settings will not be restored unless the applications have been downloaded to the box, so we recommend installing a trial of the Premium Package before restoring backups when changing hardware.

Protocol Settings

The Protocol Settings tab contains options to enable or disable the processing of HTTP/FTP/Email traffic. It is not recommended to modify these options unless instructed to do so by Untangle Support, or if you understand what they do.

Regional Settings

The Regional Settings tab allows you to change your timezone and language. You can also upload additional language packs from this menu.

System Info

The System Info tab displays information about your Untangle and its licenses.

Version

The Version tab displays the current revision of Untangle, your UID, and your Java version.

Registration

The Registration tab allows you to enter or update registration information on file with Untangle for the UID of your box.

Licenses

This tab allows you to check the current license status of your Untangle and manually sync it with our licensing server if they are outdated.

License Agreement

You can use this tab to view the Untangle License Agreement.