Quantcast
Channel: Untangle Forums
Viewing all 5188 articles
Browse latest View live

2 WAN connections and only 1 should update it's IP with DynDNS

July 16, 2015, 11:20 pm
$
0
0
Hi,

So I'm stuck with a bit of a predicament, and have reverted to posting on the Forum.
I'm really new to forms so I'm giving it my best shot.

I have setup a Untangle firewall build 11.1.0 for a client of mine.
The machine has multiple NICs of which three are utilized.
One is designated to be for the internal LAN, and two are connected to WAN links.

Everything is working 100% on the firewall, besides the predicament which has presented itself.
One of the WAN connections is a 2Mb link, and has a static IP Address (WAN Alpha)
The second WAN connection is a 10Mb link, and has a dynamically changing IP Address (WAN Beta)

As WAN Alpha as a static IP, a A Record has been setup on the hosted DNS to point to this address, and this is working fine.
However as WAN Beta has a dynamically changing address, the DynDNS service is used to ensure the public DNS record is updated.
The problem lies with that Untangle periodically checks WAN IP Addresses, and determines at times that WAN Alpha's address is different to WAN Beta's, and then updates the DynDNS with the IP Address of WAN Alpha.
This inevitably causes problems.
The firewall channels all traffic (SMTP, POP3, RCP, HTTP, HTTPS, FTP) outbound, and inbound through WAN Beta, as this is the faster connection.
WAN Alpha is primarly used only for for RPC traffic (this is as per client instructions)

I have searched through the Forum, as well as consulted with support regarding this issue, and have been advised to setup WAN Balancer Rules, as well as Routing rules, however these do work to some extent, though the before mentioned problem still remains.
I have gone as far as to setup a rule to ensure that DynDNS only updates to through WAN Beta, and still at times DynDNS is updated with WAN Alpha's IP Address.

I require help in ensuring that only WAN Beta's IP Address is used to Update the DynDNS record.
Any help of suggestions are welcome, and should more information be needed I can provide this.

Thanks and regards,
Lex
Search

Reports – Website that is being visited is not appearing on the daily reports?

July 17, 2015, 4:58 am
$
0
0
Certain websites that are being visited by all staff are only appearing on the daily Untangle report against some people (even though they are all definitely visiting this site)?

Any help/suggestions would be appreciated!

OpenVPN and other devices

July 17, 2015, 7:25 am
$
0
0
I just recently upgraded from 9.4 to the 11.0.1 and am enjoying it very much. We just recently decided to purchased a Buffalo NAS drive for file storage and for some reason I can't connect to any share folder on the drive.

Once logged in the OpenVPN account externally I can ping the NAS, Printers and most other devices no problem. I can also control the web panels for each device as well printers, NAS, and etc. I just can't actually find the drive when trying to map the network drive or add a network printer. I'm sure they both relate to the same problem. Any help or feedback will be greatly appreciated!

Notes:

I have the network exported in the OpenVPN settings as well.

Separate AP's

July 17, 2015, 10:14 am
$
0
0
I have the latest version of untangle installed.

3 NICS for WAN, LAN 1 and LAN2.

AP1 is connected to LAN

I want AP2 to connect to the LAN 2 port and only give access to WAN.

Can someone explain in detail on how to get the AP2 that is on the LAN2 the ability to get internet access through the WAN without allow LAN2 to talk to LAN1.

I have all the NICS setup fine. I have the AP2 configured. AP2 is just a home based router, but I'm just using the AP part of it.

I understand I could get VLANs to work, however, there are no plans to get a managed switch.

Thank you,

Mike

Dial-In doesn't work with passwords containing a #

July 17, 2015, 10:06 pm
$
0
0
Has anyone else noticed that dial-in VPN authentication fails if using local directory and a user's password contains the hash/pound (#) sign?

Need to filter IP voice applications

July 19, 2015, 3:30 pm
$
0
0
All,

I installed untangle with the belief that it's NGFW features did not require licensing. I can't find any evidence that it has any NGFW capabilities. My understanding of an NG Firewall is that it can dig into packets up to L7 to determine what application it is so you can let users see facebook for example, but not stream video.. that sort of thing. My specific needs are to block the following (at least the RTP stream):

Skype, Google Voice, facetime, Whatsapp, facebook voip calling, etc...

I can tell you that once a particular client is installed, checking the "internet phone & voip" box as a blocked category in the content filter has no effect.

Please don't give me any advice on how I can prevent installation via AD policy, prevent phone app installation from the att store, or similarly useless suggestion. This is a BYOD environment with no MDM. It was my understanding that what separates the NGFW from an ASA/Checkpoint/other rule|filter-based firewall was the ability to recognize application behavior and cut that traffic down. A check of the "firewall" section of untangle seems to simply be a place to enter rules/filters/ACL... What am I missing? Am I completely wrong about this? because I've seen PA firewalls do this very thing, but I don't have 2000 bucks for one of those.

Of course if you try to google up "block skype using a firewall" 95% of the search results are how to use AD permissions or block other skype users from contacting you - so any real insight would be appreciated.

Problems Routing between 2 networks

July 19, 2015, 9:06 pm
$
0
0
I have an issue with an untangle box doing some routing, i've attached a diagram, but will explain it on here, I have an untangle box in bridged mode, with 3 nics, one connected to the internet, one to the voice lan, one to data lan, i need to route traffic between the data lan and voice lan, which are on separate subnets, to allow the soft phone to commmunicate with the PBX.Network Diagram.png
Attached Images

How to calculate the optimum Traffic Allocation settings?

July 20, 2015, 2:59 am
$
0
0
We installed the WAN Balancer app a couple of days ago.

It's currently running with the default Traffic Allocation settings of 50/50.

What would the best traffic allocation settings be for 9MB ADSL and 156MB fibre?
Search

Untangle 11 can't see my net cards

July 20, 2015, 1:00 pm
$
0
0
I'm trying to install Untangle 11 on an Atom-based netbox. It has three net cards, a Realtek wireless RTL8191SE, a Realtek wired card, and a USB-connected Belkin adapter. This machine worked with the Belkin and the wired Realtek under 9.x, and I was hoping to be able to see the wireless card under 11, but installing (from SD image) on a freshly downloaded 11 fails because it can't see any of the net cards. Do I have any recourse? Or do I simply have to give up on Untangle for this application?

The system is a Foxconn nT-435H. It apparently has enough CPU, hard drive (500GB), and memory (1GB) for Untangle; at least the installer doesn't complain about any of that.

Untangle SysAdmin Day Photo Contest

July 20, 2015, 2:05 pm
$
0
0
Enter the Untangle SysAdmin Day Photo Contest on our Facebook page.

Prizes for the top 5 winners are:
Grand Prize - Nvidia Shield Pro
2nd Place - GoPro Camera
3rd Place - $100 GameStop or ThinkGeek gift card
4th Place - $50 GameStop or ThinkGeek gift card
5th Place - $25 GameStop or ThinkGeek gift card

How to Enter and Win (limited to U.S. residents only):
1. It's easy! Submit a photo of you and your network set up with the hashtag "#iamuntangle" visible in the photo!
2. Enter as many times as you want!
3. A jury will look at all submissions and select the Grand Prize winner! Top 4 runner-ups will also win special prizes!

Good luck and have fun!

Contest starts July 20, 2015, and will run until July 31, 2015 at 11:00am PST. Winners will be contacted by email to claim their prize!

VoIP VLAN Trunk on HP 2910al

July 20, 2015, 2:38 pm
$
0
0
Hello,

I am trying to configure two subnets, one for data and one for voice. The data subnet will be connected to a Windows DHCP server. The voice subnet will need DHCP from Untangle.

The HP 2910al switch will have VLAN2 added as the VoIP phone LAN port will be be configured as VLAN enabled and assigned VID=2. The PC connects to the other port on the phone with VLAN disabled.

I have set up two VLANs on the UT box but I can't get the phone and the PC to get an IP address from their respective subnet.

I would like to have both subnets connected to the switch with one cable.

Is this possible? If so, can someone point me in the right direction?

Will this work

July 21, 2015, 9:47 am
$
0
0
I am using Untangle at home. I am looking for best prectices for Lan/user management. Basically I want to establish different subnets and route between the 2. I want to do this in order to create managment rules for different subnets. I am running Untangle on ESXI 5.5. I have 2 physical nics available and being used for Untangle. 1 NIC is WAN the Other is LAN. My current LAN is 192.168.2.0. I would like to have some computers be on say a 192.168.3.0. I want to manage each subnet differently. I am going to purchase the Policy manager app. I would like to have a dhcp server for each subnet. I am thinking I would need to add another physical nic.

Thoughts?

Intel i211AT Network Interface support

July 21, 2015, 12:22 pm
$
0
0
Has anyone successfully installed Untangle NG Firewall (11.1) on a system using Intel i211AT network interfaces?

I was using systems with Intel 82574L network interfaces and it worked well. The newest generation of the Jetway motherboard (NF9N2930) has onboard Intel i211AT network interfaces and I would like to use this motherboard because it has a quad core Celeron instead of the dual core Atom that I was using.

Nuc?

July 21, 2015, 4:18 pm
$
0
0
My 13 yr old Pentium that houses my untangle server died. I'd like to buy an intel celeron NUC and use it but not sure if it will work. I would use the built in NIC for internal connections and buy a USB 3.0 to ethernet adapter to connect it to the cable modem. I'd buy a 30 or 60 gb mSATA ssd for it to load Untangle on. Would this work? Has anyone done it?

Also, could I use the built in WiFi as an access point for wireless clients? Or would I need to use a separate WAP?

This is for a home application. 6-8 users. 25-30 wired and wireless clients connected at any given time.

thx.

Question about VRRP

July 22, 2015, 11:10 pm
$
0
0
I have a demo configuration of two Untangle systems with VRRP redundancy.

Call them Box1 and Box2.

Box1 WAN=1.2.3.250 LAN=10.0.0.4
Box2 WAN=1.2.3.254 LAN=10.0.0.5
Alias WAN=1.2.3.251 LAN=10.0.0.1

I configured Box1 (the master) with WAN of 1.2.3.251 and LAN of 10.0.0.1, verified that the network functions normally (it does) and proceeded to configure all of the wanted services, configured the server certificate for HTTPS inspection, OpenVPN users, IPSecVPN, L2TP VPN, email scanning, port forwards, AD connector, and such. Created a backup of this configuration.

Restored the configuration to Box2.

Modified Box1 WAN to use: 1.2.3.250
VRRP ID1 Priority 100
VRRP Aliases:
1.2.3.251

Modified Box1 LAN to use: 10.0.0.4
VRRP ID2 Priority 100
VRRP Aliases:
10.0.0.1

Modified Box2 WAN to use: 1.2.3.154
VRRP ID1 Priority 50
VRRP Aliases:
1.2.3.251

Modified Box2 LAN to use: 10.0.0.5
VRRP ID2 Priority 50
VRRP Aliases:
10.0.0.1

Reading the docs both boxes should have the same certificates and configurations with the backup of Box1 restored to Box2.

I get replies from the aliased addresses when pinging.

The question is, in a VRRP configuration, shouldn't the aliased address be what is used versus the active box address?

It is my understnding that if a box is marked as "master" then any traffic going to the aliased address will be redirected to the active box. If this is correct, then shouldn't the apps on the active box also respond to the aliased address?

So far certificates, quarantine and the administrator console do not behave in this manner.
Search

WAN Balancer Breaks Inbound/Outbound Connections

July 23, 2015, 11:02 am
$
0
0
I submitted a support ticket on this problem a few minutes ago but would be interested if anyone else has encountered problems like this with the WAN Balancer.

We enabled the Untangle WAN Balancer in our network – it was set to balance 50/50 between our ADSL connection and our new fibre connection. Once it was up and running we noticed that intermittently all inbound external connections to the network would stop working. Specifically these connections were incoming emails (via our MX-Record/Public IP address), Outlook Web Access and email connections from our mobile devices. Additionally outgoing internet (website) connectivity also went down intermittently and quite frequently.

We also noticed that if we enabled the WAN Failover app, a short while after enabling it all internet (outgoing and incoming) connectivity was lost. We disabled this immediately.

The particular issues we encountered whilst the WAN Balancer was running were as follows:-

- Connecting externally from outside the network to Outlook Web Access would work for a period of time but then a few minutes later it would not be possible to connect for a couple of hours. Some external staff could connect whereas at the same time other external staff could not connect.
- Email connections from mobile phones would work for a short period of time but then a few minutes later would not work for a few hours – if at all.
- Incoming external emails would take over 30 minutes to arrive – under usual working conditions emails arrive within 2-3 minutes at most.
- It was not possible to access websites from workstations on the network.
- We set up a route rule within the WAN Balancer to ensure that all email traffic from our Domain Controller (Exchange server) went out via the WAN interface responsible for external incoming connections but this did not make any difference.

To verify it was the WAN Balancer causing the problems, we turned off the WAN Balancer. After doing this everything returned to normal working conditions.

User Bypass Filter content

July 24, 2015, 12:23 am
$
0
0
Does the web filter have the ability to allow the page to be loaded after entering a password on the block page ?

I thought I saw it in some documentation somewhere... (yeah I know...) but now I cannot locate it.

please advise

thanks!

documentation of wifi features/settings?

July 24, 2015, 10:34 am
$
0
0
Is there any documentation yet for the new wifi features? I don't see anything in the wiki.

I've not yet had my hands on an 11.1 box with a wifi adapter, so I have no clue what settings and features are available. Can it create multiple wifi networks? Can a wifi network be bridged to the LAN network? Can one wifi network be bridged, and others routed?

I just need to know what all I can do with the Untangle WiFi support, so I can know whether I'll need an additional wifi access point to do certain things.

(to be clear, this is for an upcoming client install)

Install NG Firewall 11.20 Beta on a CYMPHONIX DC10 Appliance

July 25, 2015, 12:11 am
$
0
0
I was able to install the software on this old CYMPHONIX DC10 appliance, however, the Network interfaces do not establish a link. The system recognizes all three NICS, AUX, INTERNAL, and EXTERNAL, but the lights on all NICs keep cycling and will not stop. When I connect an ethernet cable to any of the nics, NO LINK is established.
Internally, there are two PCI NIC adaptors and the on-board NIC, all go into a third board on which the 3 NICs are combined. If I bypass the board and connect the on-board ethernet directly to a LAN cable, the link is established. Please see pics and Video Link below the pictures.

I am not sure why the OS does wants to work with this hardware, since it sees all three NICS.

Any ideas or solutions would be appreciated.IMG_5766-small.jpgIMG_5767 (small).jpghttps://drive.google.com/file/d/0B4l...ew?usp=sharing
Attached Images

Isolate computers on the same IP segment

July 25, 2015, 4:19 am
$
0
0
Hello All,

I’m wondering if it is possible if I could isolate computers on the same IP segment. So they are unable to communicate with each other. Or each computer is considered standalone. If possible please let me know how.

Thanks,

ZMK7
Viewing all 5188 articles
Browse latest View live
Search