Untangle on Azure

Untangle NG on Azure

This project is on  GitHub

Now it’s possible to put Untangle NG on Azure. Untangle has long been one of my favorite firewall solutions for a number of reasons. I’ve used it for a number of security purposes on different environments, both physical and virtual. The rise in cloud computing though has opened up a new frontier for computing and computer security. With that in mind, I wanted to try and extend Untangle to the cloud, particularly Azure. As it turns out, this is very doable. Now Untangle can secure virtual networks on Azure as well as what it already secures. Score one for Untangle!

 

12 comments on “Untangle NG on AzureAdd yours →

  1. Hi…I’m not a strong Linux/Ubuntu person. I tried mounting the OVA from Untangle on Amazon as a EC2. It’s having errors booting. No connectivity. Have you had luck with Amazon? My end goal is to create an IP-SEC VPN Server on Amazon…but Azure could work as well. Do you offer consulting services? I’m located in the U.S.

  2. Hi! Thanks for the helpful post.
    I have an Azure account, I want to have a VPN and Untangle behind it over the cloud so I can protect my home network.
    HomeRouter with VPN –> Azure OpenVPN Server –> Untangle

    I am able to setup OpenVPN server on Azure. If I setup Untangle on another subnet, Can I forward my all traffic coming from home router to VPN through Untangle Firewall and web filter?

    Thanks
    Hemant

    1. I’m not really sure what you’re trying to accomplish… Are you using OpenVPN on Azure in addition to Untangle on Azure? If so, why not just use Untangle with the built in OpenVPN server, and Untangle will handle all the routing and content filtering for you.

      1. Hi! Thanks

        I was thinking the same. But I am not sure my use case is valid OR not. I did not see any result for “Untangle on the cloud for home network”. So my question is can I really use Untangle (or any such kind) on the cloud as my home network protection? If this is possible, I can use Untangle from anywhere as my internet protection with the help of VPN. Could you describe me in short how to configure? Do I need 2 NIC? my configuration would be like

        HomeNetwork (Or any) UntangleServer Internet

        Thanks in advance.
        Hemant

        1. Using Untangle to protect your home network at your home would make more sense. You simply need an old PC to install it on with 2 nics, and install it between your LAN and your router. With this configuration, you can setup OpenVPN on Untangle and tunnel back to your house when you’re not at home. This will protect you while you’re on the go. I use this configuration myself.

          Untangle in the cloud is useful for securing virtual networks in the cloud (like ones that Azure uses) and for creating “hybrid” clouds that connect on premise networks to cloud networks via a VPN. Untangle has management tools that make this easier for businesses, but if you wanted to do it with Untangle on your home network and connect it to one in the cloud, then you could certainly do that.

          If you’re’ just looking for VPN protection by routing data through the cloud, Untangle is overkill. I’d point you to my simple OpenVPN solution for Azure here.

          And if you want to add content filtering and protection to it, use OpenDNS Umbrella for free. It’s a great service.

          1. Thanks and appreciate your help and time.

            OpenDNS is great for filtering but I don’t think it has a virus/malware protection and flexibility like UTM. With Untangle I will take advantage of both VPN and protected gateway.

            For the sake of satisfaction if I go on the cloud, do I need to swap NIC or the same configuration would work? I am not expert OR network person but a software developer having an Azure account. I see the slight advantage that I can configure OR restart the server if it is in the cloud, at home many times untangle gets crashed and will be difficult to access the server remotely.

            Once again thanks
            Hemant

          2. Untangle on Azure is incredibly stable. You definitely need two NICS. The configuration I have in my ARM template will automatically setup the NIC’s on the VM for you and provision the network as well.

            At home, I use Untangle on a virtual machine, truth be told. It’s actually much more stable in my experience this way than on a bare metal install like I used to run it. My machine also has a battery attached to it as well, and restarts on power outages. It’s been up for about 12 months since my last reboot of the hypervisor and periodic reboots of Untangle with configuration upgrades.

            Truth be told, Untangle is having diminishing returns. Are you paying for the HTTP filtering module on Untangle? Because as of late, the free modules don’t filter viruses on SSL connections, only on unencrypted connections. I still use it, but it’s somewhat limited because nowadays most internet traffic is on HTTPS rather than HTTP and why I use OpenDNS more for content filtering. OpenDNS does provide malware protection and blocks phishing attempts too. Using OpenDNS in addition to Untangle provides defense in depth, which is an order of magnitude more secure than either one product alone. I don’t think the free virus protection filters HTTPS either on Untangle.

            If you’re looking for a lighter firewall, I also ported IPFire to Azure as well. It has feature parity with Untangle and it’s all free and filters HTTPS as well. The disadvantage is that it’s quirky.

          3. Hi!

            My experiment is successful. Few points noted:
            1) I have to remove NAT from my home router, so I can apply proper policy and rules for different users.
            2) I cannot use site-to-site VPN using OpenVPN. I can use IPSec. (from reading)
            I need to buy VPN router for home.

            1 advantage using FW in the cloud is all your request and encrypted up to VPN server and cannot be spoofed.
            I also want to try pfSense. Whats your suggestion?

            Thanks
            Hemant

          4. If you’re going to use IPSec, you could check out Azure built-in VPN rather than untangle to build a hybrid network. A stand-alone OpenVPN VM on an A0 is cheaper though. Untangle requires a bit more, so I am not sure what the cost would be there.

            https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq

            You shouldn’t need a site-to-site vpn per se to get get what is functionally equivalent to a site-to-site with OpenVPN. You can set up Untangle on both ends if you want to do this though. I don’t think I’d go with pfsense, rather stick to Untangle on both ends to make your life easier. pfsense is good, but it’d be my third pick after Untangle and IPFire.

Leave a Reply

Your email address will not be published. Required fields are marked *

seven + 16 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.