- NG Firewall
- Solutions by Industry
- Solutions by Issue
NG Firewall version 13.1 includes a new app, Tunnel VPN, plus improvements to Captive Portal. This release focuses on expanding Untangle NG Firewall’s industry-leading connectivity and authentication capabilities to address the needs of distributed enterprises, branch offices, retailers, franchises and other organizations who rely on SD-WAN and secure Wi-Fi solutions.
We have version 13.1 video resources to help you understand the key updates in this release. You can find all the version 13.1 video resources below.
Tunnel VPN is the easiest way to create a persistent, secure connection between your Untangle NG Firewall and a remote network. Tunnel VPN works seamlessly to accomplish a variety of networking scenarios, including:
Tunnel VPN is powered by a fully featured ruleset, enabling WAN optimizations to determine which traffic is sent through the tunnel and directed at any given interface, host, subnet, port or other criteria. Like other NG Firewall apps, Tunnel VPN uses Untangle’s innovative tagging feature to enable administrators to create advanced, dynamic scenarios based on any taggable event or activity.
Tunnel VPN has applicability from SOHO to the distributed enterprise.
Tunnel VPN features a configuration wizard to enable connections to many privacy VPN providers like ExpressVPN, NordVPN or even another Untangle NG Firewall. There are also generic options which support most commonly available OpenVPN-based providers.
Organizations that provide secure Wi-Fi to employees, customers or the public now have the ability to authenticate users via Google, Facebook, or Office 365 accounts directly with those services, enabling administrators to easily identify users without having to maintain separate directories, reducing administrative overhead, speeding login and providing opportunities for user-customized communications and access privileges.
The Application Control app has been updated to improve detection and include over 350 new applications, ranging from social applications like Facetime and Slack, to adult-content applications like Pornhub, Youporn and 4chan.
While Untangle is designed to be easily configured via a keyboard and mouse, some instances—for example, no VGA/HDMI access—it is necessary to use the more traditional approach of configuring the address of the device, and then continuing administration and configuration remotely via another device through the web interface. “Text-based” administration interface is now available with version 13.1, allowing an alternative to the admin web interface.
Beta support for running NG Firewall in AWS and Azure is now available.
Please see the Changelog for a full list of enhancements in v13.1.
NG Firewall provides extensive alerting capability via its administrative interface. However, these alerts are specific to each NG Firewall deployment. With Command Center, administrators can now create global alerts across deployments, improving visibility, ensuring business continuity, and easing management for multi-site deployments and MSPs.
Command Center global alerts also provide better visibility to uptime issues by ensuring alert deliverability in the event of an outage or WAN failure. Command Center global alerts support integrations with popular management tools including Pager Duty and Slack.
Command Center now offers customers an easier way to manage licensing, provisioning and billing across their Untangle account. In addition to managing subscriptions and appliances, administrators can now manage billing information, simplifying the licensing and provisioning process.
Account management in Command Center also supports user roles for creating administrative accounts and associated privileges across multiple deployments. This feature enables organizations to divide responsibilities for administering specific deployments across different user accounts.
Untangle NG Firewall version 13.1 is available as a free download. Current Untangle customers will be able to upgrade seamlessly at no charge. Command Center’s new features will be available in September.
Join us for the Community Webinar: v13.1 on September 13, 2017 at 10 AM PT. Register here.
NG Firewall version 13.0 is the latest major release. This release includes a new, responsive, and URL-routing administrative interface, as well as user tracking, tagging and trigger rules. In addition, v13 tackles bufferbloat, ensuring optimal bandwidth utilization.
Over the last several releases of NG Firewall, we’ve made drastic improvements to the usability and performance of our administrative user interface––all with the goal of making your job as network administrator easier.
With v13, we’ve further updated the UI to load, render and respond more quickly. Additionally, we’ve made a few key enhancements to make the UI behave more like a web application and less like an installed app. We’ve removed “modal” windows, and also now provide URL routing, allowing you to use the browser’s back button like you would expect. You can also share direct links to specific application pages with others, whether you wish to share a report or show another admin a specific configuration tab.
A few other changes include:
We hope you’ll be as excited as we are about these changes as we continue to streamline the user experience with the goal of providing you with the easiest, most powerful unified threat management solution on the planet.
Interactive internet applications like VOIP and gaming rely on performant networks. However, performance is dependent on each piece of networking equipment along the path that the traffic travels. Unfortunately, some equipment manufacturers trying to help solve the problem have actually made it worse by including overly large buffers (places to temporarily hold incoming or outgoing data).
In a nutshell, bufferbloat is simply poor latency caused by excess buffering in networking equipment. In situations where you have a fast local area network connected to a slower internet connection, the buffer will likely fill up quickly and users will begin to experience latency. For example, one user on the network might be uploading a file, filling up the buffer quickly, while another user attempts to make a VoIP call. While the VoIP call does not require as much bandwidth as the upload, the VoIP call will be impacted significantly by the latency due to the upload filling up the buffer.
Untangle now solves this problem by supporting a queueing algorithm that optimizes bandwidth and QoS to enforce a controlled delay. NG Firewall, if configured to do so, can act as the buffer. It will use the new queuing algorithm, QoS and bandwidth control to manage traffic so the VoIP call’s latency is reduced and, at the same time, ensure that the upload continues with minimal impact.
Untangle has added a “User” table to complement the other 3 major tables: Sessions, Hosts (IP addresses), and Devices (MAC addresses). Each of these tables house information on all the entities on the network. The User table stores the usernames that are connected to the network. This new addition enables quotas to be enforced via usernames and not just by device.
Tagging is a new feature that allows administrators to simply tag a host, device or user. Think of a tag as a label or metadata string associated with a host, device or user that can be used to quickly create policies based on entities that have a specific tag associated with them. In some ways, they work like hashtags on social media posts––they allow you to quickly find (and act on) users and their devices.
It’s easy and quick to create a tag and associate it to a policy. For example, by creating a “student” tag, an administrator can associate that tag to policies specifically designed for students (as opposed to teachers, staff or visitors). Tags can be applied manually by the administrator, or can be applied automatically based on conditions. In this example, a student logging in to the Wi-Fi captive portal could have that tagged BYOD device automatically associated to the student policy every time the student brings that device to campus.
Triggers are an administrator’s best friend. Triggers allow the admin to tag hosts, devices, and users when specific events occur. The admin can then create policies and rules to manage behavior. Similar to alert rules, trigger rules evaluate all events and can be configured to tag or untag entities based on the rules applied. For example, if a user visits a suspicious website, the administrator can set up a trigger to automatically tag that user as “suspicious activity”. The administrator can automatically have an alert triggered by any event with the “suspicious activity” tag. Once tags and triggers are configured, they proactively manage devices, hosts and users without intervention by the network administrator. Think of tags and triggers as IT superpowers!
The OpenVPN application now has an “Advanced” tab to allow administrators to override Untangle’s OpenVPN configuration. This provides advanced users the option to edit and customize their OpenVPN configuration to their liking, while still ensuring all traffic––remote or local––is filtered through Untangle. Note: The “Advanced” tab in OpenVPN is not supported by the Untangle support team. Please be sure to read the OpenVPN documentation.
Captive Portal can now use MAC addresses to track devices. Previously, Captive Portal could only track IP addresses, forcing users to reauthenticate when they disconnect and reconnect to the network throughout the day (like closing a laptop and reopening it). This new feature now tracks the device by its MAC address, ideal for small offices or branch offices that have a high turnover of users connecting to the network. For example, a company with a BYOD program has the same employees connecting each day. Instead of the employee having to reauthenticate every time they access the network, Captive Portal recognizes the device by its MAC address and applies the necessary policies.
The NG Firewall firmware distribution now supports the Turris Omnia router available in Europe.