Config Menu Breakdown
This is an exhaustive list of all settings available under the Config tab of Untangle's webGUI with an explanation of what they do.
The Networking tab gives you access to the global settings of your Untangle.
On the Interfaces tab, you can set up and modify new WAN or LAN interfaces. The table below contains a list of all options; only the applicable options will be displayed depending on your selections for Config Type and is WAN Interface.
Config Type This entry controls the type of interface:
- Use Static if you have a static IP.
- Use Dynamic if you have a dynamic IP.
- Use Bridge if you'd like to bridge the interface to another interface.
- You can use PPPoE if your line requires it, but we highly recommend finding out from your ISP if your modem can handle the PPPoE login so you can use Static here. PPPoE connections do not work with Multi-WAN features and it's generally better to use Static if possible.
is WAN Interface Use this checkbox if the interface should be a WAN connection (e.g. pointed towards the Internet) Primary IP and Netmask The IP Untangle should use on the interface - for example, 203.0.113.1/28 or 10.0.0.1/24. IP Address Aliases These are additional IPs Untangle should hold on that interface. The netmask should (in most cases) match the mask of your primary IP. NAT Policies When using a non-WAN interface, these control how machines are NATed to the WAN interface. 0.0.0.0/0 auto will NAT everything to your primary IP. Default Gateway The gateway given to you by your ISP. Primary/Secondary DNS Server The DNS server info given to you by your ISP. Please note that while you can use public DNS servers such as Google or OpenDNS, using them will stop Spam Blocker's tarpitting feature from working. We recommend against using internal DNS servers. Override IP Address/Netmask/Gateway/DNS When using a Dynamic interface, you can use these to override the information pulled from the upstream DHCP server. Username/Password When using a PPPoE interface, this is your Username/Password. As noted above, we recommend having your modem handle the login so you can use a Static interface type. PPPoE Optional Parameters When using a PPPoE interface, these are any optional parameters that the Untangle needs to use. As noted above, we recommend having your modem handle the login so you can use a Static interface type. Bridge to When using a Bridge interface, this is the interface you want to bridge the current interface to. MTU The Maximum Transmission Unit of your network. Leave this blank (auto) unless you have a good reason not to. Ethernet Media Controls the speed of the interface's NIC. Leave this set to Auto unless you're having duplexing issues. Check to make sure both sides are set to Auto before changing it.
Using the Hostname tab, you can set your hostname, domain name, and configure Untangle to update your Dynamic DNS. There is a dropdown list of supported Dynamic DNS providers. Please note that the Hostname entry at the top is for your Untangle while the Hostname(s) entry at the bottom is for your Dynamic DNS hostname.
The DHCP Server tab governs the settings for your DHCP Server, allows you to set Static DHCP Entries and see the Current DHCP Entries.
Enabled Enables or disables the DHCP server. Please note, if the DHCP server is disabled it will not hand out DHCP to any interfaces. Start Sets the start of the DHCP address pool range, for example 10.0.0.100. End Sets the end of the DHCP address pool range, for example 10.0.0.200. Lease Duration Sets the duration of DHCP leases in seconds. Gateway Sets the Gateway given out to DHCP clients. You can leave this blank and Untangle will hand out the proper gateway on each non-WAN interface you have enabled DHCP on. Netmask Sets the Netmask given out to DHCP clients. You can leave this blank and Untangle will hand out the proper netmask on each non-WAN interface you have enabled DHCP on. Lease Limit The maximum number of simultaneous DHCP leases. Authoritative Makes Untangle's DHCP server the authoritative server on the network. It changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored.
On the DNS Server tab you can set your domain name suffix, set Static DNS Entries and see the current Automatic DNS Entries.
Enabled Enables or disables the DNS server. Domain Name Suffix The domain name of your network. This controls, among other things, the suffix pushed out to OpenVPN clients.
The Troubleshooting tab provides you with tools to assist in problem solving.
Connectivity Test The Connectivity Test checks that your Untangle can resolve and connect to http://updates.untangle.com This is an important test to establish that your WAN connections is functioning properly. Ping Test A simple Ping utility. Enter a hostname or IP and ping away. DNS Test A simple DNS utility. Enter a hostname and get an IP. Connection Test The Connection Test is a very useful tool that lets you check the status of a port on a remote machine. Enter an IP or Hostname and a Port, click Run Test, and see what happens. Traceroute Test A Simple Traceroute utility. Enter a hostname or IP and see what's between your Untangle and the remote machine. Packet Test The Packet Test is a very powerful troubleshooting tool. Select an Interface to listen on and a timeout value, then hit Run Test - you'll see all the traffic on that interface. You can filter by IP and/or port to, for example, check if traffic is hitting an interface or if a remote machine is answering a request.
Pressing the Advanced button allows you to switch in and out of Advanced mode. When in Advanced mode, a dropdown gives you access to additional menus listed below.
There are four options in the General menu:
Send ICMP Redirects: Untangle will send updated routing information to hosts if it knows a better path to the destination.
Enable SIP Helper: The SIP helper will allow VoIP phones and devices to work through NAT if they can not do NAT traversal themselves - if they are set to do NAT traversal themselves, you may need to disable this setting for them to work. Please note that this requires a reboot to take effect.
Administration overrides Port Forwards: This setting will cause the current administration port (443 by default) to override any port forwards you have set up for the port in question.
Legacy NAT Mode: If enabled, the NAT implementation will be the older version. This is not recommended.
You can set up Bypass Rules when you don't want traffic scanned by Untangle - scanning will break some types of traffic, such as some times of encryption. Any bypassed traffic will simply be routed to its destination, it will not be scanned and thus will not show up in the Reports. More information on Bypass Rules is available here.
You can use the Packet Filter like a Firewall for traffic that does not go through the rack - for example, you can block access to Untangle services, such as the administration pages. Your options are Pass, Drop, and Reject. More information on the Packet Filter is available here. The built-in Packet Filter rules are the following:
Allow DHCP Requests from the internal interface This rule allows hosts on the Internal interface to grab an IP from Untangle's DHCP server. Allow DHCP Requests from the DMZ interface This rule allows hosts on the DMZ interface to grab an IP from Untangle's DHCP server. Block all DHCP Requests to the local DHCP Server This rule blocks DHCP requests from all interfaces to Untangle's DHCP server. Block DHCP Traffic forwarding to internal interface Accept DHCP traffic to the local DHCP client Accept DNS traffic from the Internal and VPN interfaces to the local DNS Server This rule allows hosts on the Internal and VPN interfaces to use Untangle's DNS server. Accept DNS traffic to the local DNS Server from all interfaces Accept SNMP traffic from the Internal interface Accept SNMP traffic from all interfaces Block OpenVPN traffic from the internal interface Accept OpenVPN traffic from all interfaces Accept SSH traffic from all interfaces This rule will block or allow incoming SSH connections from all interfaces. Allow Ping on all interfaces This rule will block or allow ping replies on all interfaces. Block traffic to local server processes Accept incoming VPN traffic when running as a VPN client Route VPN traffic that would go through the Bridge This rule is for bridge mode installations only - it will route VPN traffic over the tunnel that would be passed to the External interface. Route all bridge traffic This rule will route all traffic that would pass through the bridge according to Untangle's routing table.
You can use the ARP tab to statically assign or view the current ARP entries.
Routes will display Untangle's routing table and allow you to set Static Routes.
Target/Netmask These fields specify the network that will have its traffic routed. Valid values are in IP address/netmask format. Gateway This field specifies the host that receives traffic that is routed from the specified network. Valid values are in IP address format.
The Local DNS tab allows you to have DNS queries for certain domains forwarded to alternate DNS servers - for example, you may want to forward DNS requests for the far side of a VPN tunnel to the DNS server on the other side of the tunnel.
DHCP & DNS
The DHCP & DNS tab allows you to pass custom options to DNSMASQ, the daemon Untangle uses to handle DHCP and DNS.
The Overrides tab allows you to stop Untangle from modifying certain configuration files if you need to make manual changes.
The Administration menu controls features of your Untangle including administrative accounts, External Administration, and Certificates.
From this tab you can add additional administrator accounts to your Untangle and control how Administration behaves.
Admin Accounts Use this to add, remove or modify administrator accounts. Enable External Administration This enables or disables administering Untangle from the WAN. Enable External Report Viewing This enables and disables viewing of Untangle Reports from the WAN. Enable External Quarantine Viewing This enables and disables viewing of Email quarantines from the WAN. External HTTP Port This setting allows you to change Untangle's administration port. This is useful, for example, if you need to forward port 443 from the WAN to a local machine. Allow/Restrict External Access This setting lets you switch Untangle administration from any IP to a specific IP or IP range. Enable/Disable HTTP Administraion from LAN This settings allows you to disable or enable administration over HTTP from the LAN.
You can use this menu to let Untangle know what address it should use when sending out quarantines, OpenVPN clients, and more.
Use External IP address This will have Untangle use the Primary IP on its External Interface. Use Hostname This entry will have Untangle use the Hostname from Config > Networking > Hostname. Use Manually Specified IP This will have Untangle use the IP and port you specify, for example if you are in bridge mode and port forwarding to the Untagle from your firewall.
The Certificates tab lets you view Untangle's cert info and create/import certificates. Please note that if you are going to import a certificate, you must step through the process: Generate a Certificate, then a CSR, send the CSR to your registrar, and import the certificate they give back to you.
The Monitoring tab allows you to enable or disable SNMP and/or Syslog data.
The Skins tab allows you to modify the look and feel of your Untangle with the inbuilt or custom skins. Please note that this only affects the administrative webGUI, if you'd like to change the way user-facing pages are displayed you'll need Branding Manager.
The Email menu contains settings that pertain to Untangle sending emails as well as whitelists and quarantines.
Untangle can be set to either send Email directly or through another server. We recommend using the Email Test to see if test emails go through, if you do not receive them you can switch the settings and try again. Please note that most mail servers will need to be set to allow Untangle to relay through them for Emails to successfully be sent.
The From-Safe List is a whitelist for email addresses. Please note that all whitelist entries are global in that they will apply to all mailboxes. We provide both a Global whitelist so administrators can easily add addresses for all users as well as a Per-User list that end users can add to through their quarantines.
The Quarantine tab contains settings dealing with quarantines. You can set the Maximum Holding Time for emails in the quarantine, the time and sending of daily Quarantine Digests, as well as viewing/purging user quarantines. You can also set the quarantinable address list and set email addresses to forward quarantines to.
The Upgrade menu allows you to manually start an Upgrade as well as enable/disable automatic upgrades and set the date/time for automatic upgrade checking.
The System tab houses settings for Untangle's secure access to your box, along with Backup/Restore options and reboot/shutdown options.
Allow secure access to your server for support purposes: This joins your Untangle to our secure support channel in the event we need back-end access to the box to fix problems.
Send data about your server for support purposes: This option sends anonymous statistics and error messages to Untangle so we can improve the product. If you're getting email from/to exceptions (at) untangle, you can disable this to stop those.
You can also reboot or restart your Untangle from this tab.
The Backup tab allows you to take a manual configuration backup of your Untangle's settings.
The Restore tab allows you to restore a backup of your Untangle's settings. Please note that racks and individual application settings will not be restored unless the applications have been downloaded to the box, so we recommend installing a trial of the Premium Package before restoring backups when changing hardware.
The Protocol Settings tab contains options to enable or disable the processing of HTTP/FTP/Email traffic. It is not recommended to modify these options unless instructed to do so by Untangle Support, or if you understand what they do.
The Regional Settings tab allows you to change your timezone and language. You can also upload additional language packs from this menu.
The System Info tab displays information about your Untangle and its licenses.
The Version tab displays the current revision of Untangle, your UID, and your Java version.
The Registration tab allows you to enter or update registration information on file with Untangle for the UID of your box.
This tab allows you to check the current license status of your Untangle and manually sync it with our licensing server if they are outdated.
You can use this tab to view the Untangle License Agreement.