Policy Management FAQs

From UntangleWiki

Contents 1 Can I use my existing Active Directory group to create policies for different groups of users? 2 When should I create a virtual rack? 3 Why can't I add/remove entries from the Default Policies tab? 4 I'm using the Untangle Server's OpenVPN. Do I need to create extra virtual racks/policies for the VPN users? 5 I only want to scan inbound email traffic, not outbound. Do I need to create a new virtual rack and policies? 6 I created a new custom policy. Now it's not there. Why?

Can I use my existing Active Directory group to create policies for different groups of users?

No. However, Untangle is evaluating this approach to policy management. The Untangle Server enables you to create policies based on criteria such as AD users, IP addresses, subnets, and more. Many of our customers feel that the easiest way to create policies by groups is to create an IP address range for each AD group, then assign policies based on IP address ranges. If you need help, call us and we'll walk you through the steps. Of course, you can also create multiple racks.

When should I create a virtual rack?

Create a virtual rack when you want to apply different rules to different users. For more information, go to Deciding When To Use Multiple Virtual Racks.

Why can't I add/remove entries from the Default Policies tab?

Default Policies ensure that all possible types of traffic are handled by the Virtual Racks.

If you were allowed to delete a Default Policy and you did not add a Custom Policy that is the equivalent of the Default Policy that you deleted, the Untangle Server would be unable to handle some types of traffic.

I'm using the Untangle Server's OpenVPN. Do I need to create extra virtual racks/policies for the VPN users?

You do not have to create extra virtual racks/policies to use VPN. The VPN interface is, by default, inside the external and DMZ interfaces, but outside of the internal interface. The single Default Rack is sufficient for most deployments.

One case where you would need to create extra virtual racks/policies is when not all VPN users are equal and you want to apply different rules to different VPN users. If all VPN users are equal, have the policies dealing with the VPN interface route traffic to the Default Rack.

I only want to scan inbound email traffic, not outbound. Do I need to create a new virtual rack and policies?

No. Many Software Appliances (including all of those which scan email) let you directly configure behaviors for inbound vs. outbound traffic.

I created a new custom policy. Now it's not there. Why?

Custom policies are a feature of the Professional Package, and are not available in the Open Source Package.