From UntangleWiki

Hello and thanks for your interest in Untangle!

This guide will be a quick primer on getting your Untangle installed, up and running. Hopefully it will also answer some common configuration questions without causing too much confusion. If you already have Untangle in your network you can skip to any relevant section and read from there. If you're new to Untangle, we recommend reading this section in its entirety to help familiarize yourself with the software and how it works - it will probably save you a headache or two later on.

Contents 1 What is Untangle? 2 Installing Untangle 2.1 Placing Untangle into your Network 2.1.1 Router Mode 2.1.2 Bridge Mode 2.2 Helpful Notes 3 Working with Untangle 3.1 The web GUI 3.2 Applications 3.2.1 Event Logs 4 An Example Untangle Network 5 Closing Thoughts

What is Untangle?

Untangle is UTM software, bringing together everything your network needs to stay healthy on one box: web content and spam filtering, virus scanning, VPN connectivity, multi-WAN failover capability and much more. We strive to make deployment and administration easy, with a friendly web-based GUI to help you monitor and filter traffic on your network. Untangle provides a suite of applications free of charge with the option of subscribing to additional applications as best suits your organization - our website has a full list of features. If you have additional questions the wiki and forums are always open, plus support is just a ticket away. Current pricing for paid applications, packages and appliances can be found in the store.

Perhaps we should also mention what Untangle is not:

Untangle is not a proxy. Whether in router mode or bridge mode, Untangle acts as a transparent filter for traffic, so you do not "point" browsers as it to filter traffic as you would with a proxy. Computers on your network will either use Untangle as their gateway or your network will force their traffic to flow through it, being filtered in the process. More information on deployment can be found below.

You can also take peek at Why Untangle Sucks.

Installing Untangle

Untangle installs to the hard drive of a PC, erasing all data on that drive in the process. Please be aware of this before starting the installation. Also note that Untangle requires at least two NICs to be installed before you start the installation. Please read this everything up to Working with Untangle (and maybe peek at An Example Untangle Network) before installing.

You have a few options for installing:

• ISO: Download the ISO from Untangle or Sourceforge, burn it to a disc and boot - the Installation Wizard will guide you through the install and network configuration process.

We also have a QuickStart Guide available.

• USB: Write an image to a bootable USB stick - instructions are available here.

• Virtualized: While this is an option, we usually do not recommend it. More information is available here.

We realize most users will be installing the system before placing it in line; please follow these steps to make it as easy as possible:

1. Plug one interface of your Untangle into your network as you would any other computer, then start the installer.
2. Follow the installer prompts. During the Setup Wizard, make sure the connected interface is set to External and either use DHCP or set the Gateway and DNS entries as you would any other computer on the network.
3. Choose Router or Bridge mode as best fits your intended deployment - more information is available below.

After you reboot you will be presented with the Application Wizard - this will help you decide on what applications to download and use with Untangle. We provide a 14-day trial of all paid applications except Branding Manager, so feel free to try different apps and see if they meet your needs. Once you are satisfied with the installed applications, you can either plug a few machines in behind the Untangle to test or move the Untangle to the correct place in your network. If you're in Router mode, you will need to modify the settings on the External interface with your ISP's information. If you're in Bridge mode we recommend making sure the External interface is set to Static, not Dynamic.

---

Placing Untangle into your Network

Untangle is an in-line device, this means only traffic that flows through it will be filtered. There are two modes available with Untangle: Router mode and Bridge mode.

Router Mode

In Router mode, Untangle will be the edge device on your network and serve as a router and firewall. In this case you'll need to set up your External and Internal interfaces correctly for traffic to flow, which should have been done while installing.

---

Bridge Mode

In Bridge mode, Untangle is set between your existing firewall and main switch. When in Bridge mode Untangle is transparent, meaning you won't need to change the default gateway of the computers on your network or the routes on your firewall - just put the Untangle between your firewall and main switch and... that's it! You'll need to give Untangle's External interface an IP in the subnet of the firewall, set the Internal interface to bridge and bridge it to External. If you have a complex network, you may need to add static routes to the Untangle so it knows where to send traffic for certain subnets.

---

Helpful Notes

An easy way to test Untangle is to set it up in bridge mode with only a few computers behind it - plug the External interface into your network, configure Untangle as a bridge, then plug a switch with a few computers into the Internal interface so they must go through Untangle. Only those computers will be filtered, allowing you to test without disturbing there rest of your network. Here's a few more tips:

• If you want to install Untangle in a VM, we recommend reading this guide.

• If you're intending to installing in Bridge mode you do not want to be double NATing, so make sure your Internal interface is set to Bridge and not Static or DHCP.

• When setting up in Bridge mode, it's easy to have the box plugged in backwards. Untangle provides Administrative Alerts which will bring this to your attention so you can fix it.

• Untangle is designed to drop in to your network with minimum disruption. When testing we recommend putting the system in place, keeping most defaults unless you're having problems. This way you can get a feel for how Untangle works before making possibly major changes that may affect system operation.

• If you're in Router mode and have a PPPoE WAN connection, contact your ISP and see if your modem can do the authentication and pass the IPs to Untangle so you can set the External interface to Static - this is a much better situation than having Untangle do the PPPoE login, since some features such as WAN Failover will not work with interfaces set to PPPoE.

• If you're having connectivity issues during installation, you may want to try a crossover cable between Untangle and the upstream device - this is usually not necessary with modern equipment, but it's something to try if the settings look good but it's just not working. If you don't have a crossover cable handy, try putting a switch between Untangle and the upstream device.

Working with Untangle

Once Untangle boots up, you will have a bar running across the bottom with options - the most important of which is Launch Client, which will launch a local web browser and connect to Untangle's web GUI. It also provides options to change the screen resolution, turn the screensaver on or off, reboot or shutdown the box, launch the Recovery Utilities, or open the Terminal. You can administer Untangle in three ways:

• Locally: Simply click Launch Client on the Untangle GUI and a web browser will load the webGUI.
• On the LAN: In your browser, enter the LAN IP of the Untangle (e.g. http://10.0.0.1)
• Remote: In your browser, enter the WAN IP of the Untangle (e.g. https://203.0.113.1)

When connecting to the web GUI you may get a warning about certificates, these can be dismissed as you are safe connecting to your Untangle server. When prompted, provide your login credentials and you will be presented with Untangle's web GUI. By default, Remote Administration is disabled - it can be enabled from Config > Administration.

---

The web GUI

Once the Untangle has downloaded the applications, you'll see the web GUI on the console:

Untangle's web GUI can be divided into two main parts, the Navigation Pane on the left and virtual Racks on the right. The Navigation Pane contains two tabs - Apps and Config, detailed below. Applications are installed into one or more virtual Racks and filter the traffic that flows through them. Each application has a faceplate with a Settings button to configure it, current status information and a power button to toggle it on or off. Across the top of the web GUI there is a dropdown menu to switch to different Racks or use the Session Viewer, as well as readouts for network speed statistics, a count of open sessions, CPU, memory, and disk information. Please note that the free Lite Package only includes the ability to use one rack; if you need the ability to create multiple racks you'll need Policy Manager.

A complete list of all settings under the Config tab of Untangle is available here - this is highly recommended reading as these menus control the basic operational aspects of Untangle. If you see an alert icon near the top of the web GUI, hover over it for more information - these are Administrative Alerts designed to help you keep your Untangle healthy.

You can use the Apps tab on the left-hand side of the web GUI to get information about or install individual applications into your racks. Use the table below to read about how each individual application works, their specific configuration options, and how to best configure them.

Applications

Since specifics are available on each application's page, we'll touch on general operation here. As mentioned previously, each application has a Settings button for configuration, a Help button that opens its wiki page, and a Power button on the right to turn it on and off. If you click the area on the faceplate with statistics, some have the option of adjusting what is displayed.

After clicking Settings, you will be presented with tabs for different sections, as well as typical buttons marked OK, Cancel and Apply. They work just like you think they do. On the left hand side there is a Remove button which will remove the application from the rack. Untangle offers two types of Applications:

• Rack Applications: Applications above the Services pane in the Rack can have unique configurations which you can apply to specific virtual racks. Multiple Racks enable you to create different policies for different sets of users.

• Services: Applications below the Services pane are global - they apply to all racks. If you remove any service application from any rack, you will remove that service from all racks.

Rack Applications	Services
Web Filter	Reports
Web Filter Lite	Policy Manager
Virus Blocker	Directory Connector
Virus Blocker Lite	WAN Failover
Spyware Blocker	WAN Balancer
Spam Blocker	Captive Portal
Spam Blocker Lite	IPsec VPN
Phish Blocker	OpenVPN
Web Cache	Attack Blocker
Bandwidth Control	Configuration Backup
Application Control	Branding Manager
Application Control Lite	Live Support
Firewall
Intrusion Prevention
Ad Blocker

---

Event Logs

Of special note are Event Logs - while Reports are generated on the previous day's traffic, you can view what's happening on the network right now by looking at the Event Log. Each application has its own columns, however the interface is similar: a dropdown for specific traffic type (e.g. blocked, passed, all), a dropdown for the rack you want to view traffic in (useful for parent racks) as well as buttons:

• Refresh: Pulls latest data from the database. This happens automatically when opening most Event Logs.
• Full Refresh: Forces events from memory into the database, then queries the database for them.
• Auto Refresh: Automatically does a Refresh (not a Full Refresh) every 5 seconds.
• Export: Export the current Event Log data to a spreadsheet.
• Nav Buttons: There are also buttons to view more pages of Event Log data.

A quick note to explain Refresh vs Full Refresh - when events happen, anything from blocking a web page for a user to allowing a vpn user to connect, they are recorded in memory. The events in memory are periodically flushed to the database so Reports can use the raw data to generate graphs and make it look nice. Because of this, the Event Logs are usually delayed by a few minutes (as noted in the web GUI), which is why we have the Full Refresh option for when you need all information up to the second.

An Example Untangle Network

We hope to soon complete a section with a "Virtual Untangle" - a fictional network with typical settings for most applications, laying out many of the things you can do with a fully configured Untangle. This space will be updated once this project is complete.

Closing Thoughts

That's the end of the User Guide - I know it seems short, but it's got quite a bit of information packed into it. If you have more questions, first take a peek at our How Do I... section for common questions, answers and guides. After that, you can exploring the wiki by using the links on this page, the main page, and searching for what you need. For additional information, please see our store, forums, and Untangle Support.