Review: Putting UTM To The Test

Untangle Professional
Open-source security software today is untapped by many small and midsize companies. These companies often end up using commercial products that require a lot of configuration. Untangle combines many stable open-source security products into a UTM solution.

Essentially, Untangle developers transferred different open-source software into its platform and created user interfaces that combine all the products into one workspace. Untangle developers created a virtual pipeline that houses virtual networks in its platform to solve latency problems between its products. Whenever Untangle tests its platform, it turns on all Layer 7 software along with its firewall to demonstrate the response time of the solution. Developers continue to add new products to the Untangle UTM solution.

Untangle's source code is available at Sourceforge.

However, the code in the Sourceforge repository has some problems with SATA and SCSI controllers. CRN Test Center reviewers encountered a problem when building the software on a system with a single SCSI drive as its main drive. In addition, the Untangle software needs two NICs on a machine to work as a gateway appliance. After some initial problems, reviewers tested the software on a PC with an IDE drive.

The Untangle server works well on VMware. Partners can map its virtual networks to physical NICs using the VMware interface and have it running on a network immediately. Typically, customers install it on machines that are running an Active Directory server box, so they only need to have one machine to protect their entire business. The virtual Untangle server is a good solution for regulating incoming traffic at the perimeter of a network.

Untangle uses a unique method to turn on its Layer 7 products. The main workspace interface looks like an empty network rack. On the left pane, partners can select the products they want to activate. By dragging its antispam, phishing and antivirus software into a virtual rack, they turn on. Untangle developers created a quarantine box feature to the antispam solution so that partners and users can further check risky e-mails. Other Untangle software works with external public sites to trap bad messages and content. For instance, Untangle's phishing software uses signatures to scan e-mail and Web traffic. The phishing software relies on public lists published on the Web. Untangle also blocks cookies, ActiveX drive-by installs and looks for subnets that are known to be spyware vendors.

Unfortunately, the Untangle software binds firewall settings to each of its racks. Firewall settings have to be replicated to different racks, so there's no hierarchical policy mechanism put in place. For racks to work, IPs are mapped through policies. The company is working to change the flat mechanism into a hierarchical one.

Out of the box, the Untangle server is configured with optimal settings, so partners do not need to configure most of the Layer 7 products. The company assumes full control of its solution so that customers do not have to make any changes to Untangle gateway boxes. If Untangle swaps out software because it finds something better, the transfer and build process is done automatically for all customers.

VARs can still have plenty of custom work configuring policies. Untangle uses virtual racks to develop policies that affect different groups of users. For instance, a teacher's rack has more access to the Web than a student rack. Solution providers can map different traffic to virtual racks based on time of day, Active Directory names and IP addresses.

Untangle can deploy its software in businesses with up to 2,000 connected users, but the core of its business is at the low end of the midmarket with companies that have 150 to 200 employees.

Like other open-source commercial-grade products, Untangle charges for technical support for its Professional version. The Professional package includes integration with Active Directory and supports SSL VPN and other management features.

Next: The Bottom Line