How to Deploy NG Firewall

Step 1: Decide on a Platform

Buy an Appliance

Sound easy? It is. Our appliances are the easiest way to get Untangle’s NG Firewall in your network. They come pre-loaded with the NG Firewall platform, so you can simply plug them in and set them to work. Add individual apps or a Complete package at any time for a full solution.

Run NG Firewall on Your Own Hardware.

You may be able to run NG Firewall on hardware you already have, or you can source hardware specifically for this purpose.

  • NG Firewall requires a dedicated Intel-based server installed at the gateway to your network.

  • Your hardware does not need an operating system; the NG Firewall platform installs its own operating system.

  • Untangle’s NG Firewall software completely erases all content and data that may exist on the server’s hard drive.

  • Untangle is now offering limited support for wireless routers.

Sizing Guidance

Resource Processor Memory Hard Drive NICs Notes
Minimum Intel/AMD-compatible Processor (800+ Mhz) 512 MB 20 GB 2
1-50 Users Pentium 4 equivalent or greater 1 GB 80 GB 2 or more
51-150 Users Dual Core 2 GB 80 GB 2 or more
151-500 Users 2 or more Cores 2 or more GB 80 GB 2 or more
501-1500 Users 4 Cores 4 GB 80 GB 2 or more 64-bit
1501-5000 Users 4 or more Cores 4 or more GB 80 GB 2 or more 64-bit
Resource Processor Memory Hard Drive
Minimum Intel/AMD-compatible Processor (800+ Mhz) 512 MB 20 GB
1-50 Users Pentium 4 equivalent or greater 1 GB 80 GB
51-150 Users Dual Core 2 GB 80 GB
151-500 Users 2 or more Cores 2 or more GB 80 GB
501-1500 Users 4 Cores 4 GB 80 GB
1501-5000 Users 4 or more Cores 4 or more GB 80 GB
Resource NICs Notes
Minimum 2
1-50 Users 2 or more
51-150 Users 2 or more
151-500 Users 2 or more
501-1500 Users 2 or more 64-bit
1501-5000 Users 2 or more 64-bit

Please Note:

  • Minimum is minimum requirements for installation. Depending on network traffic and apps installed your requirements may differ.

  • Recommendations are based on number of users but your requirements may vary with network traffic.

  • VIA and Intel Atom CPUs have high clock rates, but sometimes do not have sufficient horsepower.

If you’re ready to get started now…

Download Untangle’s NG Firewall, then add a package or individual paid or free apps.

Step 2: Choose Your Apps

Get the Complete Package or Individual Apps

The best way to experience the full power of our NG Firewall is to select the Complete Package, which contains all of our apps in a single bundle. You can turn apps on or off as you need them – providing you unprecedented flexibility. We also offer our applications as individual subscriptions; you can always upgrade to Complete later.

Easily manage multiple NG Firewall deployments with Untangle Command Center, our cloud-based centralized management solution. Command Center allows you to quickly and simply control your Untangle NG Firewall deployments from any browser, without the costly purchase and maintenance headache of an on-premise solution. Command Center is now included with NG Firewall Complete, at no additional cost.

Step 3: Deploy In Your Network

Run In Router Mode or Bridge Mode

Finally, you’ll need to decide how you want to run Untangle’s NG Firewall in your network. You can run NG Firewall as a router, leveraging our powerful network tools, or as a transparent bridge by dropping it seamlessly behind existing routers. NG Firewall is an in-line device, meaning only traffic that flows through it will be filtered. There are two modes available with Untangle: Router mode and Bridge mode.

Router Mode

In Router mode, NG Firewall will be the edge device on your network and serve as a router and firewall. In this case, you’ll need to set up your External and Internal interfaces correctly for traffic to flow, which should have been done while installing. Untangle in Router mode

Bridge Mode

In Bridge mode, NG Firewall is set between your existing firewall and main switch. When in Bridge mode NG Firewall is transparent, meaning you won’t need to change the default gateway of the computers on your network or the routes on your firewall – just put NG Firewall between your firewall and main switch and… that’s it! You’ll need to give NG Firewall’s External interface an IP in the subnet of the firewall, set the Internal interface to bridge and bridge it to External.

Untangle in Bridge mode

Please Note:

  • If you’re having connectivity issues, you may want to try a crossover cable between NG Firewall and the upstream device – this is usually not necessary with modern equipment, but it’s something to try if the settings look good but it’s just not working. If you don’t have a crossover cable handy, try putting a switch between Untangle and the upstream device.

  • If you want to install NG Firewall in a VM, we recommend reading this guide.

  • If you’re in Router mode and have a PPPoE WAN connection, contact your ISP and see if the modem can do the authentication and pass the IPs to NG Firewall so you can set the External interface to Static – this is a much better situation than having NG Firewall do the PPPoE login, since some features (such as Multi-WAN) will not work with interfaces set to PPPoE.

  • If you’re in Bridge mode you most likely do not want to be double NATing, so make sure your Internal interface is set to Bridge and not Static or DHCP.

  • When setting up in Bridge mode, it’s easy to have the NG Firewall plugged in backwards. The quickest way to check is to go to a website that should be blocked and take a look at the block page – if you see a simple page with a white background and black text, your interfaces are backwards. If you see a grey background with an Untangle logo, you’re good to go. If it is backwards, you should be able to simply swap the External and Internal cables connected to the NG Firewall and verify you get the correct block page.

Need more info? See our Quick Start Guide, forums and documentation.